[Samba] NT_STATUS_INVALID_SID
Andrew Bartlett
abartlet at samba.org
Sat Oct 29 09:31:22 UTC 2016
On Thu, 2016-10-27 at 17:23 -0200, Vinicius Bones Silva via samba
wrote:
> Hi Rowland,
>
> Just to let you know, we removed all the idmap entries we had on
> the smb.conf of our
> two DCs and the ids reported by getent passwd at the DCs were in the
> 3.000.000 range, as
> you said. We had to add back 'idmap_ldb:use rfc2307 = yes' to get the
> user listing with
> the original numbers on the DCs.
>
> Here's what we commented out on the configurationfiles.
>
> # Default idmap config used for BUILTIN and local
> accounts/groups
> #idmap config *:backend = ad
> #idmap config *:range = 2000-9999
>
> # idmap config for domain E-TRUST
> #idmap config E-TRUST:backend = ad
> #idmap config E-TRUST:schema_mode = rfc2307
> #idmap config E-TRUST:range = 10000-40000
> #idmap cache time = 1
> #idmap negative cache time = 1
> #winbind cache time = 1
> idmap_ldb:use rfc2307 = yes
>
> Regards,
> Vinicius.
Can you confirm that it still fails with that configuration?
You may need to flush the caches. 'net cache flush'.
I certainly can see how having those set would have broken things,
because we now enforce the range if set whereas 4.4 just ignored them.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list