[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE
bellon at axivion.com
Thu Apr 1 06:21:54 UTC 2021
On Wed, 31 Mar, Rowland penny via samba wrote:
> At one time, running sysvolreset could wreck the permissions, this
> appears to have been because winbind couldn't map all the required
> SID's. This has been fixed, so you can now depend on
> sysvolreset/sysvolcheck, provided you never give Domain Admins a
> gidNumber attribute.
Ah, wow, just a moment ... my Domain Admins do have an gidNumber
attribute because they also map to a special admin group on the
What's the problem with that? Where can I read further about this "never
give Domain Admins a gidNumber attribute" thing?
> If, as you say, adding a GPO causes that message to appear in the
> logs, then it looks like a bug, but there is a gotcha, your log
> message refers to line 1086, the latest rpc_server.c code only has
> 717 lines, so it might be an idea to upgrade Samba if possible, the
> 'possible bug' may have been fixed.
Well, Debian stable has Samba 4.9.5, so I even went with Debian testing
in order to get at least Samba 4.13.5 when setting up the two new DCs.
It looks like I have to read into how to build Samba from source then...
More information about the samba