Hi there,
OES2015 Sp1 server with NSS for Ad working for some users. Other users have membership of an AD group that contains a SID history entry from a domain that is now dead. This is needed for operational reasons. Can NITD or the CIFS.conf be set to ignore these entries? These users cannot map drives otherwise.

Where the trace says Extra SID is the foreign, dead domain.

Saw this article for OES samba that is interesting: https://www.novell.com/support/kb/doc.php?id=7007419

Removed group membership of: CN=PCUser,OU=Groups,OU=LOC,OU=EST,OU=BusinessUnits ,DC=DOM,DC=XXX,DC=pri from DOM\TST_5466006A and the user CAN now map a drive!
Add the group back and it fails!!!!!!

Nitservice log when tst_54660B is a member of the above group:
Nov 17 10:51:40 SERVERNAME CIFS[32014]: DEBUG: AUTH: cifsPac g: group sid #11 is S-1-5-21-1000884740-1136923486-3828131906-92912 attributes 7 for user TST_54660B@DOM.XXX.PRI , ptr 0x1edba8c
Nov 17 10:51:40 SERVERNAME CIFS[32014]: DEBUG: AUTH: cifsPac e: Extra sid #12 is S-1-5-21-533950721-1836209735-619646970-1018 attributes 7 for user TST_54660B@DOM.XXX.PRI , ptr 0x1edbad0
Nov 17 10:51:40 SERVERNAME CIFS[32014]: DEBUG: AUTH: Ignore well known sid 1-1-18-1
Nov 17 10:51:40 SERVERNAME CIFS[32014]: DEBUG: AUTH: cifsPac e: Extra sid #13 is S-1-5-21-1000884740-1136923486-3828131906-1601 attributes 536870919 for user TST_54660B@DOM.XXX.PRI , ptr 0x1edbb14
Nov 17 10:51:40 SERVERNAME CIFS[32014]: DEBUG: AUTH: cifsPac : primary group sid #14 is S-1-5-21-1000884740-1136923486-3828131906-513 for user TST_54660B@DOM.XXX.PRI , ptr 0x1edbb58
Nov 17 10:51:40 SERVERNAME CIFS[32014]: INFO : AUTH: Successfully composed group membership information for AD user TST_54660B@DOM.XXX.PRI
Nov 17 10:51:40 SERVERNAME CIFS[32014]: [NIT_IPC 0x7f47537fe700] : nitlib_convert_sids_to_guids: Error response from nitd for converting the SIDs to GUIDs, error: -9001
Nov 17 10:51:40 SERVERNAME CIFS[32014]: WARNING: AUTH: Failed to fetch GUIDS for SIDS in pac for user TST_54660B@DOM.XXX.PRI, nitlib error= -9001
Nov 17 10:51:40 SERVERNAME CIFS[32014]: ERROR: CODIR: SESNotLoggedIn: Failed to authenticate user: TST_54660B@DOM.XXX.PRI, client: 10.50.46.167, nwErr: 0, cifsErr: 0