[Samba] Corrupted idmap...
Ryan Ashley
ryana at reachtechfp.com
Sat Jan 14 16:17:57 UTC 2017
Rowland, I commented out what you asked me to, no change.
# Global parameters
[global]
workgroup = TRUEVINE
realm = TRUEVINE.LAN
netbios name = DC01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbi$
# idmap_ldb:use rfc2307 = yes
# idmap config *:backend = tdb
# idmap config *:range = 2001-10000
# idmap config TRUEVINE:backend = ad
# idmap config TRUEVINE:schema_mode = rfc2307
# idmap config TRUEVINE:range = 10001-20000
# domain master = yes
# local master = yes
# preferred master = yes
# os level = 255
[netlogon]
path = /var/lib/samba/sysvol/truevine.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Results:
root at dc01:~# nano -w /etc/samba/smb.conf
root at dc01:~# service samba4 stop
[ ok ] Stopping Samba AD DC daemon: samba.
root at dc01:~# service samba4 start
[ ok ] Starting Samba AD DC daemon: samba.
root at dc01:~# smbclient -L \\localhost -U administrator
Enter administrator's password:
session setup failed: NT_STATUS_INVALID_SID
root at dc01:~#
Lead IT/IS Specialist
Reach Technology FP, Inc
On 01/13/2017 01:07 PM, Rowland Penny via samba wrote:
> On Fri, 13 Jan 2017 12:46:27 -0500
> Ryan Ashley via samba <samba at lists.samba.org> wrote:
>
>> OK, I noticed that also, but why does everything return
>> NT_STATUS_INVALID_SID? Even if I run "smbclient -L \\localhost -U
>> adminnamehere" on the DC itself, I get the error. At this point we are
>> looking at erasing every workstation, wiping the DC, and starting from
>> scratch. It has been a week and not even rolling back to 4.4 fixed it.
>> What should my next steps be? I attached the server configuration file
>> for reference. Note that it has run this way for a year without a
>> hitch and nothing has been changed since day 1.
>>
>> # Global parameters
>> [global]
>> workgroup = TRUEVINE
>> realm = TRUEVINE.LAN
>> netbios name = DC01
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> idmap_ldb:use rfc2307 = yes
>> idmap config *:backend = tdb
>> idmap config *:range = 2001-10000
>> idmap config TRUEVINE:backend = ad
>> idmap config TRUEVINE:schema_mode = rfc2307
>> idmap config TRUEVINE:range = 10001-20000
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> os level = 255
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/truevine.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>
> Now I have seen your smb.conf, I think I can tell you why you are
> getting 'NT_STATUS_INVALID_SID'
>
> You have 'idmap config' lines, these do nothing on a DC, or rather they
> did nothing until 4.5.0, now they cause errors, so I would remove them.
> I would also remove the 'master' lines and the 'os' line.
>
> When 4.6.0 comes out, it is my understanding that you will not have this
> problem, Samba will flat out refuse to start if you have the idmap
> lines in smb.conf ;-)
>
> Rowland
>
>
More information about the samba
mailing list