[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid

Fri Oct 21 16:05:47 UTC 2016

I've had this problem as well. We created a domain with two 4.4.4 DCs and everything 
worked. Sometime after we upgraded the DCs to 4.5.0, the machine joins and some user 
logons displayed the invalid SID message. We tried recreating the domain from scratch with 
4.5.0, but had the same problem. We recreated everything with 4.4.4 , and did not have 
problems so far.

Em 20/10/2016 18:47, Arthur Ramsey via samba escreveu:
>>> I would suggest you remove the 'password server' line, this will allow
>>> Samba to find the best DC to use.
> I use that because I've not see adequate load balancing otherwise (I provide a 
> differently ordered list to half of the members).
>>> I also don't understand why you have a 10 million range for the
>>> BUILTIN users and only a 39,999 range for the domain users.
> No good reason.  No where near any of the limits.
>>> Other than that, joining with 'net ads join -U Administrator' should
>>> work.
> Look through my recent posts, I'm having a ton of issues with Samba.  Not sure what the 
> root cause is, but I keep hoping one of these errors will lead someone to answer.  I've 
> tried a lot on my own, but I can't figure it out.  The error seems the most revealing.  
> I'm wondering about the RID process / possible SID collision.  Now I can't join a 
> Windows machine with my login either.
>> I also forgot to say, remove the uidNumber from Administrator, add this
>> line to smb.conf:
>>
>>      username map = /etc/samba/user.map
>>
>> Then create '/etc/samba/user.map' with this content:
>>
>> !root = MEDITURE\Administrator MEDITURE\administrator
>> Administrator administrator
>>
>> This will then ensure that Administrator gets mapped to root.
> I added it as a test, I didn't have it before.  I don't want the Administrator account 
> to even allow access on member Linux servers. I just use it for joining in scripts.
>
> This e-mail and any attachments may contain CONFIDENTIAL information, including 
> PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or 
> disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this 
> e-mail and any attachments, notify the sender immediately, and notify the Mediture 
> Privacy Officer at privacyofficer at mediture.com.
>
>

-- 

Vinicius Silva
SOC

BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva

	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>

Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta 
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com 
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a 
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou 
informações contidas nesta mensagem não necessariamente refletem a posição oficial da 
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada 
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the 
intended recipients only. If you are not an intended recipient then you should not 
disseminate, copy, or take any action based on its contents. If you have received this 
message in error then please notify E-TRUST by sending an e-mail message to 
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not 
necessarily reflect the position of E-TRUST. If this message is digitally signed, its 
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at 
www.e-trust.com.br.