Rowland Penny
2016-Oct-20 20:02 UTC
[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
On Thu, 20 Oct 2016 20:21:17 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 20 Oct 2016 14:06:18 -0500 > Arthur Ramsey via samba <samba at lists.samba.org> wrote: > > > On 10/20/2016 01:52 PM, Rowland Penny via samba wrote > > > Have you given Administrator a uidNumber attribute ? > > Yes, I have. > > > > > > It might still help to see the smb.conf > > > > Here: http://pastebin.com/M9m8x1DZ > > > > > > This e-mail and any attachments may contain CONFIDENTIAL > > information, including PROTECTED HEALTH INFORMATION. If you are not > > the intended recipient, any use or disclosure of this information > > is STRICTLY PROHIBITED; you are requested to delete this e-mail and > > any attachments, notify the sender immediately, and notify the > > Mediture Privacy Officer at privacyofficer at mediture.com. > > > > > > I would suggest you remove the 'password server' line, this will allow > Samba to find the best DC to use. > > I also don't understand why you have a 10 million range for the > BUILTIN users and only a 39,999 range for the domain users. > > Other than that, joining with 'net ads join -U Administrator' should > work. > > Rowland > >I also forgot to say, remove the uidNumber from Administrator, add this line to smb.conf: username map = /etc/samba/user.map Then create '/etc/samba/user.map' with this content: !root = MEDITURE\Administrator MEDITURE\administrator Administrator administrator This will then ensure that Administrator gets mapped to root. Rowland
Arthur Ramsey
2016-Oct-20 20:47 UTC
[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
>> I would suggest you remove the 'password server' line, this will allow >> Samba to find the best DC to use.I use that because I've not see adequate load balancing otherwise (I provide a differently ordered list to half of the members).>> I also don't understand why you have a 10 million range for the >> BUILTIN users and only a 39,999 range for the domain users.No good reason. No where near any of the limits.>> Other than that, joining with 'net ads join -U Administrator' should >> work.Look through my recent posts, I'm having a ton of issues with Samba. Not sure what the root cause is, but I keep hoping one of these errors will lead someone to answer. I've tried a lot on my own, but I can't figure it out. The error seems the most revealing. I'm wondering about the RID process / possible SID collision. Now I can't join a Windows machine with my login either.> I also forgot to say, remove the uidNumber from Administrator, add this > line to smb.conf: > > username map = /etc/samba/user.map > > Then create '/etc/samba/user.map' with this content: > > !root = MEDITURE\Administrator MEDITURE\administrator > Administrator administrator > > This will then ensure that Administrator gets mapped to root.I added it as a test, I didn't have it before. I don't want the Administrator account to even allow access on member Linux servers. I just use it for joining in scripts. This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Vinicius Bones Silva
2016-Oct-21 16:05 UTC
[Samba] Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
I've had this problem as well. We created a domain with two 4.4.4 DCs and everything worked. Sometime after we upgraded the DCs to 4.5.0, the machine joins and some user logons displayed the invalid SID message. We tried recreating the domain from scratch with 4.5.0, but had the same problem. We recreated everything with 4.4.4 , and did not have problems so far. Em 20/10/2016 18:47, Arthur Ramsey via samba escreveu:>>> I would suggest you remove the 'password server' line, this will allow >>> Samba to find the best DC to use. > I use that because I've not see adequate load balancing otherwise (I provide a > differently ordered list to half of the members). >>> I also don't understand why you have a 10 million range for the >>> BUILTIN users and only a 39,999 range for the domain users. > No good reason. No where near any of the limits. >>> Other than that, joining with 'net ads join -U Administrator' should >>> work. > Look through my recent posts, I'm having a ton of issues with Samba. Not sure what the > root cause is, but I keep hoping one of these errors will lead someone to answer. I've > tried a lot on my own, but I can't figure it out. The error seems the most revealing. > I'm wondering about the RID process / possible SID collision. Now I can't join a > Windows machine with my login either. >> I also forgot to say, remove the uidNumber from Administrator, add this >> line to smb.conf: >> >> username map = /etc/samba/user.map >> >> Then create '/etc/samba/user.map' with this content: >> >> !root = MEDITURE\Administrator MEDITURE\administrator >> Administrator administrator >> >> This will then ensure that Administrator gets mapped to root. > I added it as a test, I didn't have it before. I don't want the Administrator account > to even allow access on member Linux servers. I just use it for joining in scripts. > > This e-mail and any attachments may contain CONFIDENTIAL information, including > PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or > disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this > e-mail and any attachments, notify the sender immediately, and notify the Mediture > Privacy Officer at privacyofficer at mediture.com. > >-- Vinicius Silva SOC BRA: + 55 51 2117.1000 | 55 11 5521.2021 USA: + 1 888 259.5801 vbs at e-trust.com.br skype: vinicius.bones.silva Smiley face www.e-trust.com.br <http://www.e-trust.com.br/> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br. This message may contain privileged and confidential information for the use of the intended recipients only. If you are not an intended recipient then you should not disseminate, copy, or take any action based on its contents. If you have received this message in error then please notify E-TRUST by sending an e-mail message to suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not necessarily reflect the position of E-TRUST. If this message is digitally signed, its authenticity can be confirmed by E-TRUST Private Certificate Authority, available at www.e-trust.com.br.
Apparently Analagous Threads
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid
- Error joining Linux member to 4.5.0 DC: Indicates the SID structure is not valid