[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid

Arthur Ramsey arthur_ramsey at mediture.com
Thu Oct 20 20:47:23 UTC 2016

>> I would suggest you remove the 'password server' line, this will allow
>> Samba to find the best DC to use.
I use that because I've not see adequate load balancing otherwise (I 
provide a differently ordered list to half of the members).
>> I also don't understand why you have a 10 million range for the
>> BUILTIN users and only a 39,999 range for the domain users.
No good reason.  No where near any of the limits.
>> Other than that, joining with 'net ads join -U Administrator' should
>> work.
Look through my recent posts, I'm having a ton of issues with Samba.  
Not sure what the root cause is, but I keep hoping one of these errors 
will lead someone to answer.  I've tried a lot on my own, but I can't 
figure it out.  The error seems the most revealing.  I'm wondering about 
the RID process / possible SID collision.  Now I can't join a Windows 
machine with my login either.
> I also forgot to say, remove the uidNumber from Administrator, add this
> line to smb.conf:
>      username map = /etc/samba/user.map
> Then create '/etc/samba/user.map' with this content:
> !root = MEDITURE\Administrator MEDITURE\administrator
> Administrator administrator
> This will then ensure that Administrator gets mapped to root.
I added it as a test, I didn't have it before.  I don't want the 
Administrator account to even allow access on member Linux servers. I 
just use it for joining in scripts.

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

More information about the samba mailing list