Web lists-archives.com

[Samba] Issues with RPC, SID resolving; cannot use RSAT


I'm running a setup with 3 DCs, all Samba 4.5.12, Debian Stretch (is
patched for CVE-2018-1057, "samba_CVE-2018-1057_helper" been used).

Probably unrelated to the upgrade and patch for CVE-2018-1057, there's
a new problem coming up.

RSAT fails to start/connect, complaining about RPC-Server
unavailablility. On the DCs I've tried with smbclient and get the

root@vts5:/etc/samba# smbclient -L localhost -U Administrator
Enter Administrator's password:
session setup failed: NT_STATUS_INVALID_SID

This is also consistent with log entries like this:

[2018/04/03 11:37:48.411748,  0]
  Unable to convert first SID
(S-1-5-21-1449862128-1716478392-3139764938-1176) in user token to a UID.
 Conversion was returned as type 0, full token:
[2018/04/03 11:37:48.411820,  0]
  Security token SIDs (7):
    SID[  0]: S-1-5-21-1449862128-1716478392-3139764938-1176
    SID[  1]: S-1-5-21-1449862128-1716478392-3139764938-515
    SID[  2]: S-1-1-0
    SID[  3]: S-1-5-2
    SID[  4]: S-1-5-11
    SID[  5]: S-1-5-32-554
    SID[  6]: S-1-5-32-545

It is not like only one specific SID is affected. I find this for many
different ones, including S-1-1-0.

net cache list is showing me funny stuff like this:

Key: IDMAP/GID2SID/3000017       Timeout: 11:23:09       Value: -  (expired)
Key: IDMAP/SID2XID/S-1-5-32-545  Timeout: 11:40:46       Value: -1:N


Key: IDMAP/SID2XID/S-1-5-21-1449862128-1716478392-3139764938-3708
Timeout: 11:41:17       Value: -1:N


Key: IDMAP/SID2XID/S-1-5-21-1449862128-1716478392-3139764938-3680
Timeout: 11:38:37       Value: -1:N  (expired)

At the moment I'm blocked making any changes to the Domain, so I
appreciate any help solving this issue.

Thank you,

Andreas Gaiser
Andreas Gaiser
wegewerk GmbH
Saarbrücker Str. 24A
10405 Berlin

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba