[Samba] The security id structure is invalid

Ron García-Vidal ron at riomargroup.com
Fri Oct 7 13:36:13 UTC 2016 

On 10/7/16 9:27 AM, lingpanda101--- via samba wrote:
> On 10/7/2016 8:51 AM, Ron García-Vidal via samba wrote:
>> On 10/6/16 1:54 PM, Ron García-Vidal via samba wrote:
>>> On 10/6/16 12:50 PM, lingpanda101--- via samba wrote:
>>>> On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote:
>>>>> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
>>>>>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
>>>>>>> On Wed, 5 Oct 2016 10:37:51 -0400
>>>>>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>>>>>>> In trying to sort through this myself, I seems to be missing 
>>>>>>> something. Can anyone shed light on why samba-tool dbcheck gives 
>>>>>>> me this message?
>>>>>
>>>>> ERROR: incorrect GUID component for member in object CN=Domain 
>>>>> Admins,CN=Users,DC=dc1,DC=mydomain,DC=net - 
>>>>> <GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP 
>>>>> User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>>>
>>>>> The GUID that it's giving doesn't show up anywhere when I ldbedit 
>>>>> my sam.db. I'm trying to figure out how I can manually correct the 
>>>>> GUID component that it's screaming about, but I can't find 
>>>>> anything in the sam.db that mentions GUID other than objectGUID. 
>>>>> Any hints?
>>
>> Resorting to a simple grep, I have found the entry that's causing the 
>> issue in the file 
>> /usr/local/samba/private/sam.ldb.d/DC=DC1,DC=MYDOMAIN,DC=NET.ldb
>>
>> How does this file relate to the sam.db file? Is it safe to edit this 
>> file directly to remove the offending GUID?
>>
>> -Ron
>>
>
> See if this thread is helpful. 
> https://lists.samba.org/archive/samba/2015-February/189634.html
>
It does explain what that file is, thanks. But it doesn't explain why I 
could see the entry that testdb was complaining about there, but not 
through sam.db. I guess this is just the dangling entry cleanup you 
mentioned previously?

In any event, even after manually cleaning this up, the invalid ID 
structure message continues. I've posted separately about that.

-Ron

More information about the samba mailing list