[Samba] The security id structure is invalid [SOLVED]
Ron García-Vidal
ron at riomargroup.com
Sat Oct 8 17:47:32 UTC 2016
On 10/8/16 1:14 PM, Rowland Penny via samba wrote:
> See inline comments:
>
> On Sat, 8 Oct 2016 13:00:22 -0400
> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>
>> On 10/8/16 10:32 AM, Rowland Penny via samba wrote:
>>> Please post your smb.conf from the DC, the 'samba' deamon should
>>> start winbind, if you run 'ps ax | grep winbind', you should get
>>> something like this:
>> Sorry, Samba wasn't running when I tried that command. Here's the
>> output:
>>
>> wbinfo --sid-to-gid=S-1-5-21-1319907214-2951884047-2640289736-512
>> failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not convert sid S-1-5-21-1319907214-2951884047-2640289736-512
>> to gid
>>
>> Here is my smb.conf:
>>
>> # Global parameters
>> [global]
>> workgroup = MYDOMAIN
>> realm = DC1.MYDOMAIN.NET
>> netbios name = SAMBASERVER
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbind, ntp_signd, kcc, dnsupdate
>> time server = yes
>> ntp signd socket directory
>> = /usr/local/samba/var/lib/ntp_signd/ idmap_ldb:use rfc2307 = yes
>> # debug level = 9
>>
> You might as well remove the next 7 lines, they do nothing on a DC
>
>> # Winbind settings
>> idmap config * : backend = tdb
>> idmap config * : range = 30000-40000
>>
>> idmap config MYDOMAIN : default = yes
>> idmap config MYDOMAIN : backend = ad
>> idmap config MYDOMAIN : schema_mode = rfc2307
>> idmap config MYDOMAIN : range = 0-200000
>>
>> template shell = /bin/bash
> Replace %ACCOUNTNAME% with %U
>
>> template homedir = /home/%ACCOUNTNAME%
> I would also remove the next block of lines, except possibly for the
> 'enum' ones
>
>> winbind separator = +
>> winbind use default domain = Yes
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind nested groups = Yes
>> winbind offline logon = Yes
>>
>>
>>
>> #======================= Share Definitions =======================
>> [netlogon]
>> path
>> = /usr/local/samba/var/locks/sysvol/dc1.evilgenius.net/scripts read
>> only = No
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>>
>> ;[homes]
>> ; comment = Home Directories
>> ; browseable = no
>>
>>
> Can I also suggest replacing 'winbind' in the 'server services' line
> with 'winbindd'
>
> Do any of your users log into the DC ?
>
Made all of these changes and it resolved the issue. I'm not sure which
one made the difference?
Yes there are a few users who log into the DC via ssh.
Thanks for your help.
-Ron
More information about the samba
mailing list