Bug 12842 - Cracknames can fail when desired format is GUID due to deleted accounts
Summary: Cracknames can fail when desired format is GUID due to deleted accounts
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.5.0
Hardware: All All
: P5 normal (vote)
Target Milestone: 4.7
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on: CVE-2018-10918
  Show dependency treegraph
Reported: 2017-06-15 03:02 UTC by Garming Sam
Modified: 2018-07-30 02:40 UTC (History)
4 users (show)

See Also:

patch for 4.7 cherry-picked from master (15.71 KB, patch)
2017-07-24 10:04 UTC, Andrew Bartlett
abartlet: review? (garming)
dbagnall: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Garming Sam 2017-06-15 03:02:59 UTC
Every now and again, we would get flakey failures on rpc.cracknames for unknown reasons.

Cracking SAMBADOMAIN\torturetest410$ would fail. What I've discovered is that this is partly due to collisions in the test user name when using rand() % 1000. When the user is deleted, the sAMAccountName persists on the deleted object from a previous test (I'm unsure of the behaviour on Windows). Requesting GUID format then performs a SHOW_RECYCLED search which causes an error when it finds a non-unique search result.
Comment 1 Andrew Bartlett 2017-07-24 10:04:05 UTC
Created attachment 13424 [details]
patch for 4.7 cherry-picked from master
Comment 2 Karolin Seeger 2017-07-31 09:24:47 UTC
Pushed to autobuild-v4-7-test.
Comment 3 Karolin Seeger 2017-08-01 06:04:12 UTC
(In reply to Karolin Seeger from comment #2)
Pushed to v4-7-test.
Closing out bug report.