[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
arthur_ramsey at mediture.com
Mon Oct 24 18:06:57 UTC 2016
I had 4 samba 4.5.0 ADS DCs. I could connect via SMB to two of them and
not to another two. I'd get an error "The request is not supported".
I'd also get an "RPC server is unavailable" when trying to connect ADUC
to the two DCs that I couldn't via SMB.
I also intermittently got an "Access Denied" message when trying to RDP
to a member Windows 2008 R2 server, but nothing in the Windows event log
on the member server nor in the samba logs. I don't have many member
Windows servers, but only had issues with the one.
I also got errors when trying to join Linux (winbind) or Windows 2008 R2
members both indicating a SID structure issue.
/usr/bin/net join -w MEDITURE -S dc01.mediture.dom -U Administrator
Enter Administrator's password:
Failed to join domain: failed to lookup DC info for domain 'MEDITURE.DOM' over rpc: Indicates the SID structure is not valid.
ADS join did not work, falling back to RPC...
After downgrading to 4.4.6 I had the same problems. I downgraded again
to 4.4.5 and the issues were resolved. Prior to upgrading to 4.5.0, I
was stable on 4.4.4. I upgraded to 4.5.0 to resolve the security
vulnerability and get the old password fix.
I applied the patch for bug 11520 to 4.4.5 and could reproduce the
problem, so I believe the issue is related to the fix for that bug. I
sent an e-mail to get an account for creating a bug. I've also tried
reversing the changes for the bug from 4.5.0 sources to see if I can get
4.5.0 working without that fix, but I couldn't work my way around git
well enough to do it. The patch attached to the bug didn't reverse
cleanly. I also tried creating a patch of the 4.5.0 stable branch, but
it didn't reverse cleanly either.
git clone https://github.com/samba-team/samba.git
git checkout v4-5-stable
for commit in $(git log --grep='https://bugzilla.samba.org/show_bug.cgi?id=11520' | grep ^commit | perl -pe 's/commit //g'); do git format-patch -1 $commit --stdout >> 11520.diff; done
If a patch could be provided that reverses this cleanly then I'd be
happy to test.
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
More information about the samba