Bug 12960 - session setup failed: NT_STATUS_INVALID_SID
session setup failed: NT_STATUS_INVALID_SID
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.6.6
x64 Linux
: P5 major
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-10 17:56 UTC by Niumar Klein
Modified: 2017-08-11 09:34 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Niumar Klein 2017-08-10 17:56:33 UTC
Hi guys!

I am passing over the same issues disscussed on https://bugzilla.samba.org/show_bug.cgi?id=11062#c0

This is my domain configuration:

samba 4.6.6 running as DC (ubuntu 14.04)
samba 4.6.6 running as MEMBER (File Server) (ubuntu 16.04)
windows 10 joined to the domain

Every all was working fine until I shutdow this structure for 2 weeks ago. On turnning it on again today, the problems reported by Charles started to happen on my structure.

Well what happens exactly:

On computer File Server:
wbinfo -u returns nothing.

wbinfo --ping-dc
checking the NETLOGON for domain[IME] dc connection to "" failed
wbcPingDc2(IME): error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)

On computer DC:
smbclient -L localhost -U%
session setup failed: NT_STATUS_INVALID_SID

Checking on DC the log file from File Server, this was reported:
[2017/08/10 11:03:15.770546,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_SID] || at ../source3/smbd/smb2_sesssetup.c:134

On computer Windows 10, I am not able anymore to open de "users and computers from active directory snap". It shows me an error saying that the RPC server is not available.

In order to resolve the problem, i tried to alter the parameter "server services" by changing windbindd with winbind. I also tried to clear the cache by running the command "net cache flush".
None of them has worked.

So I think the thread could be unresolved, even in more new releases
Please, could you help me with some suggestions?

Bellow are my smb.confs

Thanks,
Niumar


DC conf:
# Global parameters
[global]
	bind interfaces only = Yes
	interfaces = lo eth0
	netbios name = SAMBA4
	realm = IME.COM.BR
	server services = -dns 
	workgroup = IME
	log file = /usr/local/samba/var/log/log.%m
	log level = 3
	server role = active directory domain controller
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind use default domain = Yes
	idmap config * : range = 100000 - 200000
	idmap config * : backend = tdb
	idmap config ime : range = 10000 - 99999
	idmap config ime : backend = rid
	idmap_ldb:use rfc2307 = yes
	comment = 

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/ime.com.br/scripts
	read only = No

[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No


File Server conf:
[global]
	bind interfaces only = Yes
	interfaces = lo ens32
	netbios name = FILESERVERL
	realm = IME.COM.BR
	workgroup = IME
	log file = /usr/local/samba/var/log/log.%m
	log level = 4
	security = ADS
	username map = /usr/local/samba/etc/usermap
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind use default domain = Yes
	idmap config * : range = 100000 - 200000
	idmap config * : backend = tdb
	idmap config ime : range = 10000 - 99999
	idmap config ime : backend = rid
	comment = 
	store dos attributes = Yes
	map acl inherit = Yes
	vfs objects = acl_xattr

[Data]
	path = /data
	read only = No