[Samba] The security id structure is invalid

Ron García-Vidal ron at riomargroup.com
Fri Oct 7 14:39:58 UTC 2016

On 10/7/16 9:25 AM, Ron García-Vidal via samba wrote:
> On 10/7/16 8:51 AM, Ron García-Vidal via samba wrote:
>> On 10/6/16 1:54 PM, Ron García-Vidal via samba wrote:
>>> On 10/6/16 12:50 PM, lingpanda101--- via samba wrote:
>>>> On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote:
>>>>> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
>>>>>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
>>>>>>> On Wed, 5 Oct 2016 10:37:51 -0400
>>>>>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>>>>>>> In trying to sort through this myself, I seems to be missing 
>>>>>>> something. Can anyone shed light on why samba-tool dbcheck gives 
>>>>>>> me this message?
>>>>> ERROR: incorrect GUID component for member in object CN=Domain 
>>>>> Admins,CN=Users,DC=dc1,DC=mydomain,DC=net - 
>>>>> <GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP 
>>>>> User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>>> The GUID that it's giving doesn't show up anywhere when I ldbedit 
>>>>> my sam.db. I'm trying to figure out how I can manually correct the 
>>>>> GUID component that it's screaming about, but I can't find 
>>>>> anything in the sam.db that mentions GUID other than objectGUID. 
>>>>> Any hints?
>> Resorting to a simple grep, I have found the entry that's causing the 
>> issue in the file 
>> /usr/local/samba/private/sam.ldb.d/DC=DC1,DC=MYDOMAIN,DC=NET.ldb
>> How does this file relate to the sam.db file? Is it safe to edit this 
>> file directly to remove the offending GUID?
> Looks like I have been barking up the wrong tree on this. I copied the 
> ldb mentioned above to a backup and manually removed the entries that 
> the testdb was complaining about. Testdb now comes back clean, but the 
> Invalid security ID structure error continues. The logs are showing 
> multiple instances of:
> Unable to convert SID (S-1-5-11) at index 5 in user token to a GID. 
> Conversion was returned as type 0, full token:
> I have a 74k log file that records me starting up the smbd and trying 
> to access a share. Is adding this as an attachment the best way to 
> send it?
I've restored the original DBs as it seems the dbcheck error I was 
focusing on was a red herring. I'm now trying to look at the "Unable to 
convert SID" messages, as these are the only other errors I've seen. A 
reminder that this started after I ran "samba-tool dbcheck --cross-ncs 
--fix --yes" after upgrading to 4.5 as per this article:

I'm hoping to find a way to manually fix the db or hoping for a repair 
tool. I'm not sure what to make of these errors.


More information about the samba mailing list