Displaying 20 results from an estimated 6000 matches similar to: "NT_STATUS_INVALID_SID"
2016 Oct 27
4
NT_STATUS_INVALID_SID
On Wed, 26 Oct 2016 17:27:37 -0400
Ryan Ashley via samba <samba at lists.samba.org> wrote:
> I guess I should note that it seems like the high SIDs will resolve,
> except for 300000. Below is an example.
>
> root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/
> total 16
> drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies
> drwxrws---+ 2 MEDARTS\reachfp
2016 Oct 26
0
NT_STATUS_INVALID_SID
I guess I should note that it seems like the high SIDs will resolve,
except for 300000. Below is an example.
root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/
total 16
drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies
drwxrws---+ 2 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 scripts
root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/Policies
total 16
drwxrws---+ 5 MEDARTS\reachfp
2016 Oct 27
0
NT_STATUS_INVALID_SID
Wait, now I'm confused. Idmap lines do not need to be set up on the DCs? Then how does
windows figure's out the ids in the Unix Attributes tab? I thought you needed both
rfc2307 and idmap on the DC and the members.
Em 27/10/2016 05:39, Rowland Penny via samba escreveu:
> On Wed, 26 Oct 2016 17:27:37 -0400
> Ryan Ashley via samba <samba at lists.samba.org> wrote:
>
2015 Jul 03
3
Clients unable to get group policy...
On 03/07/15 15:18, Ryan Ashley wrote:
> The only Unix client I can think of would be the Buffalo NAS. It runs
> Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the
> Samba4 DC. DNS does work and the domain name resolves to the IP address
> of the server. DHCP is also handled on the DC. As for the GPO's, they're
> in the correct place as far as I can tell.
2015 Jul 03
2
Clients unable to get group policy...
On 03/07/15 15:58, Ryan Ashley wrote:
> They left a PC on, so I got the info. The info pissed me off, but not
> because of the issue. This time it worked flawlessly, but I got the
> error from the event log from prior attempts. First, today's results.
>
> C:\Users\reachfp.KIGM>gpupdate
> Updating Policy...
>
> User Policy update has completed successfully.
>
2015 Jul 17
1
"wbinfo --sid-to-gid" returns false gids
17.07.2015, 17:30, "Rowland Penny" <rowlandpenny241155 at gmail.com>:
> On 17/07/15 12:03, Andrej Surkov wrote:
>> I've got this on the backup DC
>>
>> root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
>> 3000000
>
> OK, you have problems there, but not what you think. On my first DC
> (note I don't have
2015 Apr 19
1
[bug?] idmap.ldb xidNumber attributes overlap with existing users'/groups' uidNumber/gidNumber
Greetings, All!
I've discovered a nasty mismatch in my recently upgraded domain.
It seems that a number of builtin groups have mappings in idmap.ldb that
overlap with posixAccount mappings in the sam.ldb.
Namely,
# file: var/lib/samba/sysvol/ads.example.com/scripts/
# owner: root
# group: 544
user::rwx
user:root:rwx
group::rwx
group:544:rwx
group:30000:r-x
group:30001:rwx
2016 Jun 20
2
Rights issue on GPO
Hi,
> OK, I take it that 3000009 points to CN=S-1-5-11 and it is just
> CN=S-1-5-18 that is wrong by pointing at proxmox$ (which incidentally,
> is one of your computers)
> Try backing up idmap.ldb, then open idmap.ldb in ldbedit, find and
> delete the stanza that holds CN=S-1-5-18, it will look like this:
>
> dn: CN=S-1-5-18
> cn: S-1-5-18
> objectClass: sidMap
>
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > The trouble came from 'root' or groups '3000002' and '3000003'?
> No and very very probably no & no ;-)
> > How can i fix them? Thanks.
> Fix what? The owner has to be 'root', and you can find out just who
> '3000002' & '3000003' are by opening
2015 Mar 30
2
Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny!
>>> Hi Louis, It works for me
>>> This appears in log.smbd on my DC when I run the same command:
>>> [2015/03/30 10:15:42.442881, 3]
>>> ../source3/smbd/service.c:856(make_connection_snum)
>>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT
>>> AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013)
2015 Jul 17
2
"wbinfo --sid-to-gid" returns false gids
I've got this on the backup DC
root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
3000000
while
root at bdc:~# ldbedit -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-1166961617-3197558402-3341820450-516
shows correct xid 3000019
and on the primary DC I've got
itk at dc:/$ wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
3000019
2020 Nov 04
2
ID Mapping
On 04/11/2020 00:14, O'Connor, Daniel wrote:
> Hmm, you say 'uidNumber' but I have xidNumber:
> # editing 1 records
> # record 1
> dn: CN=S-1-5-21-1638907138-195301586-368347949-3088
> cn: S-1-5-21-1638907138-195301586-368347949-3088
> objectClass: sidMap
> objectSid: S-1-5-21-1638907138-195301586-368347949-3088
> type: ID_TYPE_BOTH
> xidNumber: 1044
>
2015 Jul 02
5
Clients unable to get group policy...
On 02/07/15 16:55, Ryan Ashley wrote:
> Rowland, here is what I found in the ldb.
>
> # record 68
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000000
> distinguishedName: CN=S-1-5-32-544
>
> # record 70
> dn: CN=S-1-5-32-549
> cn: S-1-5-32-549
> objectClass: sidMap
>
2017 Sep 05
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Thank you very much for clarifying the ID mapping "magic";)
> You do not need 'posixgroup', it is an auxiliary objectclass of
group, you can add any of the rfc2307 attributes without it.
Well, is there any option to remove it? Because "posixgroup" is on
every group that was migrated from Samba 3.
And I cannot edit this attribute in ADUC (delete button is grayed).
2020 Oct 25
2
GPO fail and sysvol perm errors
On Sun, Oct 25, 2020 at 2:38 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
> So '5035' is a computer, but what is '3000011' ?
> You can find out by running this on the DC:
> ldbsearch -H /path/to/idmap.ldb '(&(objectClass=sidMap)(xidNumber=3000011))'
===================================
# ldbsearch -H /usr/local/samba/private/idmap.ldb
2017 May 27
3
idmap woes after upgrade
Hello All,
I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7.
Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on.
I used to be able to use the unix command 'id' to show user info,
2015 Mar 30
1
Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny!
>>>>> Hi Louis, It works for me
>>>>> This appears in log.smbd on my DC when I run the same command:
>>>>> [2015/03/30 10:15:42.442881, 3]
>>>>> ../source3/smbd/service.c:856(make_connection_snum)
>>>>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT
>>>>>
2017 Jun 16
2
Erro sysvolcheck/sysvolreset
:-|
ls -lnd /opt/samba/var/locks/sysvol
drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
Em 16-06-2017 13:38, Rowland Penny via samba escreveu:
> On Fri, 16 Jun 2017 13:15:19 -0300
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
>
>> OK, sorry, uncomment a line :-D
>>
>> Yes exist!
>>
>> ls -ld
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 17:46, steve wrote:
> On 01/12/14 18:25, Rowland Penny wrote:
>> On 01/12/14 17:16, steve wrote:
>>> On 01/12/14 18:11, Rowland Penny wrote:
>>>> On 01/12/14 17:09, steve wrote:
>>>>> On 01/12/14 17:31, Greg Zartman wrote:
>>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny
>>>>>> <rowlandpenny at
2017 Jan 13
3
Fwd: Re: Duplicate xidNumbers
Rowland,
Thank you for the quick response.
I have just run net cache flush no change in problem. I have dumped the
idmap.ldp using ldbsearch -H /var/lib/samba/private/idmap.ldb >
idmap.txt and did some sorting, that is how I found the duplicates.
On 1/13/2017 11:09 AM, Rowland Penny via samba wrote:
> samba-tool ntacl
> >sysvolreset