[Samba] The security id structure is invalid [SOLVED]

Ron García-Vidal ron at riomargroup.com
Sat Oct 8 17:47:32 UTC 2016


On 10/8/16 1:14 PM, Rowland Penny via samba wrote:
> See inline comments:
>
> On Sat, 8 Oct 2016 13:00:22 -0400
> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>
>> On 10/8/16 10:32 AM, Rowland Penny via samba wrote:
>>> Please post your smb.conf from the DC, the 'samba' deamon should
>>> start winbind, if you run 'ps ax | grep winbind', you should get
>>> something like this:
>> Sorry, Samba wasn't running when I tried that command. Here's the
>> output:
>>
>> wbinfo --sid-to-gid=S-1-5-21-1319907214-2951884047-2640289736-512
>> failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not convert sid S-1-5-21-1319907214-2951884047-2640289736-512
>> to gid
>>
>> Here is my smb.conf:
>>
>> # Global parameters
>> [global]
>>           workgroup = MYDOMAIN
>>           realm = DC1.MYDOMAIN.NET
>>           netbios name = SAMBASERVER
>>           server role = active directory domain controller
>>           server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>           time server = yes
>>           ntp signd socket directory
>> = /usr/local/samba/var/lib/ntp_signd/ idmap_ldb:use rfc2307 = yes
>> #       debug level = 9
>>
> You might as well remove the next 7 lines, they do nothing on a DC
>
>> # Winbind settings
>> idmap config * : backend = tdb
>> idmap config * : range = 30000-40000
>>
>> idmap config MYDOMAIN : default = yes
>> idmap config MYDOMAIN : backend = ad
>> idmap config MYDOMAIN : schema_mode = rfc2307
>> idmap config MYDOMAIN : range = 0-200000
>>
>> template shell = /bin/bash
> Replace %ACCOUNTNAME% with %U
>
>> template homedir = /home/%ACCOUNTNAME%
> I would also remove the next block of lines, except possibly for the
> 'enum' ones
>
>> winbind separator = +
>> winbind use default domain = Yes
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind nested groups = Yes
>> winbind offline logon = Yes
>>
>>
>>
>> #======================= Share Definitions =======================
>> [netlogon]
>>           path
>> = /usr/local/samba/var/locks/sysvol/dc1.evilgenius.net/scripts read
>> only = No
>>
>> [sysvol]
>>           path = /usr/local/samba/var/locks/sysvol
>>           read only = No
>>
>> ;[homes]
>> ;   comment = Home Directories
>> ;   browseable = no
>>
>>
> Can I also suggest replacing 'winbind' in the 'server services' line
> with 'winbindd'
>
> Do any of your users log into the DC ?
>
Made all of these changes and it resolved the issue. I'm not sure which 
one made the difference?

Yes there are a few users who log into the DC via ssh.

Thanks for your help.

-Ron



More information about the samba mailing list