[Samba] Samba DC: Unable to convert first SID / NT_STATUS_INVALID_SID

Gyrfalcon gyrfalcon at ebonfire.com
Sun Nov 7 14:45:54 UTC 2021

On Sunday, November 7th, 2021 at 8:22 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> You say this is being caused by a Unix domain member, so can we see the
> smb.conf from this ?

It happens to all of my member servers.  They are all configured the same though:

workgroup = PYROCUFFLINK
security = ads

printing = bsd
printcap name = /dev/null
load printers = no

guest account = nobody
map to guest = Bad User

template homedir = /home/%U
template shell = /bin/bash

idmap config * : backend = tdb
idmap config * : range = 1000000-1000999
idmap config PYROCUFFLINK : backend = ad
idmap config PYROCUFFLINK : range = 3000000-3009999
idmap config PYROCUFFLINK : unix_nss_info = yes

kerberos method = secrets and keytab

winbind nss info = rfc2307
winbind use default domain = yes
winbind offline logon = yes
winbind refresh tickets = no

client ldap sasl wrapping = seal

dns proxy = no
domain master = no
local master = no
preferred master = no
os level = 0

Using the `ad` idmap backend, so all the user and group accounts that need to log in to these machines have uidNumber/gidNumber attributes, including Domain Users group.

More information about the samba mailing list