[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid

Arthur Ramsey arthur_ramsey at mediture.com
Mon Oct 24 18:06:57 UTC 2016

I had 4 samba 4.5.0 ADS DCs.  I could connect via SMB to two of them and 
not to another two.  I'd get an error "The request is not supported".  
I'd also get an "RPC server is unavailable" when trying to connect ADUC 
to the two DCs that I couldn't via SMB.

I also intermittently got an "Access Denied" message when trying to RDP 
to a member Windows 2008 R2 server, but nothing in the Windows event log 
on the member server nor in the samba logs.  I don't have many member 
Windows servers, but only had issues with the one.

I also got errors when trying to join Linux (winbind) or Windows 2008 R2 
members both indicating a SID structure issue.

/usr/bin/net join -w MEDITURE -S dc01.mediture.dom -U Administrator
Enter Administrator's password:
Failed to join domain: failed to lookup DC info for domain 'MEDITURE.DOM' over rpc: Indicates the SID structure is not valid.
ADS join did not work, falling back to RPC...

After downgrading to 4.4.6 I had the same problems.  I downgraded again 
to 4.4.5 and the issues were resolved.  Prior to upgrading to 4.5.0, I 
was stable on 4.4.4.  I upgraded to 4.5.0 to resolve the security 
vulnerability and get the old password fix.

I applied the patch for bug 11520 to 4.4.5 and could reproduce the 
problem, so I believe the issue is related to the fix for that bug.  I 
sent an e-mail to get an account for creating a bug.  I've also tried 
reversing the changes for the bug from 4.5.0 sources to see if I can get 
4.5.0 working without that fix, but I couldn't work my way around git 
well enough to do it.  The patch attached to the bug didn't reverse 
cleanly.  I also tried creating a patch of the 4.5.0 stable branch, but 
it didn't reverse cleanly either.

git clone https://github.com/samba-team/samba.git
git checkout v4-5-stable
for commit in $(git log --grep='https://bugzilla.samba.org/show_bug.cgi?id=11520' | grep ^commit | perl -pe 's/commit //g'); do git format-patch -1 $commit --stdout >> 11520.diff; done

If a patch could be provided that reverses this cleanly then I'd be 
happy to test.


This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

More information about the samba mailing list