Bug 11235 - AD group not resolved correctly
AD group not resolved correctly
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.2.1
All Linux
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-24 06:56 UTC by Daniele Dario
Modified: 2015-04-24 06:57 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniele Dario 2015-04-24 06:56:03 UTC
After upgrading from 4.1.14 to 4.2.1 the resolution of some AD groups did not work properly.
The domain had two DCs, one running on a 32 bit VM guest ubuntu server 10.04 and one running on a real host 64 bit with ubuntu server 12.04 wich acts also as file server. Both DCs use internal DNS.
After upgrade, noticed that the access to shares owned by group "ufficio tecnico" by users part of that group where not permitted anymore.
Noticed that winbindd resolved the group name to a SID/GID different than that stated in sam.ldb and than users did not have permissions to connect to the share.
Trying to restart also the 32 bit VM I noticed that the problem appeared also there.
Workaround suggested by Rowland Penny was to add the line
...
   server services = -winbindd + winbind
...
in smb.conf
After doing that both DCs resolved all groups correctly.

Details on this thread
http://samba.2283325.n4.nabble.com/gid-numbers-changed-after-upgrading-from-4-1-14-to-4-2-1-tp4684825.html