Arthur Ramsey
2016-Oct-23 16:44 UTC
[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
4.4.5 seems to work fine for me too, so I guess it is a regression from changes added to 4.4.6 and 4.5.0? On 10/21/2016 3:12 PM, Arthur Ramsey wrote:> I can confirm that rolling back to 4.4.4 resolved the issues for me. > I had the same problem with 4.4.6. > > Thanks, > ArthurThis e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Arthur Ramsey
2016-Oct-24 18:06 UTC
[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
I had 4 samba 4.5.0 ADS DCs. I could connect via SMB to two of them and not to another two. I'd get an error "The request is not supported". I'd also get an "RPC server is unavailable" when trying to connect ADUC to the two DCs that I couldn't via SMB. I also intermittently got an "Access Denied" message when trying to RDP to a member Windows 2008 R2 server, but nothing in the Windows event log on the member server nor in the samba logs. I don't have many member Windows servers, but only had issues with the one. I also got errors when trying to join Linux (winbind) or Windows 2008 R2 members both indicating a SID structure issue. /usr/bin/net join -w MEDITURE -S dc01.mediture.dom -U Administrator Enter Administrator's password: Failed to join domain: failed to lookup DC info for domain 'MEDITURE.DOM' over rpc: Indicates the SID structure is not valid. ADS join did not work, falling back to RPC... After downgrading to 4.4.6 I had the same problems. I downgraded again to 4.4.5 and the issues were resolved. Prior to upgrading to 4.5.0, I was stable on 4.4.4. I upgraded to 4.5.0 to resolve the security vulnerability and get the old password fix. I applied the patch for bug 11520 to 4.4.5 and could reproduce the problem, so I believe the issue is related to the fix for that bug. I sent an e-mail to get an account for creating a bug. I've also tried reversing the changes for the bug from 4.5.0 sources to see if I can get 4.5.0 working without that fix, but I couldn't work my way around git well enough to do it. The patch attached to the bug didn't reverse cleanly. I also tried creating a patch of the 4.5.0 stable branch, but it didn't reverse cleanly either. git clone https://github.com/samba-team/samba.git git checkout v4-5-stable for commit in $(git log --grep='https://bugzilla.samba.org/show_bug.cgi?id=11520' | grep ^commit | perl -pe 's/commit //g'); do git format-patch -1 $commit --stdout >> 11520.diff; done If a patch could be provided that reverses this cleanly then I'd be happy to test. Thanks, Arthur This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Arthur Ramsey
2016-Oct-26 16:05 UTC
[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
I had the same issue with 4.5.1 vanilla. I was able to reverse the fixes from 11520 against 4.5.1. You can see the resulting patch here: http://pastebin.com/4wTQdLKL. A 4.5.1 build with that patch applied is working fine for me. Thanks, Arthur This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: samba-4.5.1-no-11520.diff Type: text/x-patch Size: 14304 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20161026/8efdd617/samba-4.5.1-no-11520.bin>
Reasonably Related Threads
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid