[Samba] The security id structure is invalid
Ron García-Vidal
ron at riomargroup.com
Fri Oct 7 14:39:58 UTC 2016
On 10/7/16 9:25 AM, Ron García-Vidal via samba wrote:
> On 10/7/16 8:51 AM, Ron García-Vidal via samba wrote:
>> On 10/6/16 1:54 PM, Ron García-Vidal via samba wrote:
>>> On 10/6/16 12:50 PM, lingpanda101--- via samba wrote:
>>>> On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote:
>>>>> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
>>>>>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
>>>>>>> On Wed, 5 Oct 2016 10:37:51 -0400
>>>>>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>>>>>>> In trying to sort through this myself, I seems to be missing
>>>>>>> something. Can anyone shed light on why samba-tool dbcheck gives
>>>>>>> me this message?
>>>>>
>>>>> ERROR: incorrect GUID component for member in object CN=Domain
>>>>> Admins,CN=Users,DC=dc1,DC=mydomain,DC=net -
>>>>> <GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP
>>>>> User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>>>
>>>>> The GUID that it's giving doesn't show up anywhere when I ldbedit
>>>>> my sam.db. I'm trying to figure out how I can manually correct the
>>>>> GUID component that it's screaming about, but I can't find
>>>>> anything in the sam.db that mentions GUID other than objectGUID.
>>>>> Any hints?
>>
>> Resorting to a simple grep, I have found the entry that's causing the
>> issue in the file
>> /usr/local/samba/private/sam.ldb.d/DC=DC1,DC=MYDOMAIN,DC=NET.ldb
>>
>> How does this file relate to the sam.db file? Is it safe to edit this
>> file directly to remove the offending GUID?
>
> Looks like I have been barking up the wrong tree on this. I copied the
> ldb mentioned above to a backup and manually removed the entries that
> the testdb was complaining about. Testdb now comes back clean, but the
> Invalid security ID structure error continues. The logs are showing
> multiple instances of:
> Unable to convert SID (S-1-5-11) at index 5 in user token to a GID.
> Conversion was returned as type 0, full token:
>
> I have a 74k log file that records me starting up the smbd and trying
> to access a share. Is adding this as an attachment the best way to
> send it?
I've restored the original DBs as it seems the dbcheck error I was
focusing on was a red herring. I'm now trying to look at the "Unable to
convert SID" messages, as these are the only other errors I've seen. A
reminder that this started after I ran "samba-tool dbcheck --cross-ncs
--fix --yes" after upgrading to 4.5 as per this article:
https://wiki.samba.org/index.php/Updating_Samba#Fixing_replPropertyMetaData_Attributes
I'm hoping to find a way to manually fix the db or hoping for a repair
tool. I'm not sure what to make of these errors.
Ron
More information about the samba
mailing list