I was running samba 4.5.12 as AD DC. I have no special settings for idmap or winbind in my smb.conf, thus everything should be set to the default for freshly provisioned domains. Files created using an admin account and therefore belonging to "BUILTIN\Administrators" (uid/gid 3000000) were resolved correctly: # wbinfo --uid-info 3000000 BUILTIN\administrators:*:3000000:3000000::/srv/samba/home/administrators:/bin/bash # wbinfo --gid-info=3000000 BUILTIN\administrators:x:3000000: # l file-created-with-admin-account.txt -rwxrwxr-x+ 1 BUILTIN\administrators users 0 12. Dez 16:11 file-created-with-admin-account.txt After upgrading to 4.7.3, resolving uids of BUILTIN groups fails: # wbinfo --uid-info=3000000 failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for uid 3000000 # wbinfo --gid-info=3000000 BUILTIN\administrators:x:3000000: # l file-created-with-admin-account.txt -rwxrwxr-x 1 3000000 users 0 12. Dez 15:11 file-created-with-admin-account.txt However, in both cases, resolving as a gid works: # wbinfo --gid-info=3000000 BUILTIN\administrators:x:3000000: I bisected the bug the following commit between 4.5 and 4.6.0: bce19a6efe1 winbind: Restructure wb_getpwsid Before this commit, resolving 3000000 as uid works as expected. After this commit and with any newer stable version (I tested 4.6.3, 4.6.11, 4.7.3), these uid can't be resolved. bug 11757 is similar, but as far as I can see not a duplicated because it is older than the mentioned commit. Maybe it has the same root cause. I tried to dig through the winbind query functions and noticed that resolving uid 3000000 to the corresponding SID works, but afterwards translating this SID to the name fails. I have not been able to find the root cause for that, but I'm curious to try if someone can point me in the right direction.
I have a the same Problem with all BUILTIN\ACCOUNTS after update my samba DCs and MEMBERSERVERs from Version 4.5.11 to 4.7.0 and 4.7.5 The user (uid) translation for BUILTIN\ACCOUNTS works not correct. The B flag (accounttyp both) is not reading right by winbind, so my opinion. On my "old" Memberserver all works fine. On my samba DC (linux opensuse 42.3) with samba 4.7.5: Linux dc1 4.4.104-39-default #1 SMP Thu Jan 4 08:11:03 UTC 2018 (7db1912) x86_64 x86_64 x86_64 GNU/Linux Translate gid works fine. dc1:/ # /usr/local/samba/bin/wbinfo --gid-info=100545 BUILTIN\users:x:100545: net cache list: Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: Thu Feb 22 19:14:55 2018 Value: 100545:G (group is wrong) Translate uid doesn't work. dc1:/ # /usr/local/samba/bin/wbinfo --uid-info=100545 failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for uid 100545 net cache list: Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: Thu Feb 22 19:15:07 2018 Value: 100545:B (change to both!) On my samba DC (unix freebsd 11.1) with samba 4.7.0: FreeBSD fn1.schluettergmbh.site 11.1-STABLE FreeBSD 11.1-STABLE #0 r321665+4bd3ee42941(freenas/11.1-stable): Thu Jan 18 15:45:01 UTC 2018 root@gauntlet:/freenas-11-releng/freenas/_BE/objs/freenas-11-releng/freenas/_BE/os/sys/FreeNAS.amd64 amd64 Translate gid works fine. root@fn1:~ # wbinfo --gid-info=100545 BUILTIN\users:x:100545: net cache list: Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: Thu Feb 22 18:58:47 2018 Value: 100545:G (group is wrong) Translate uid doesn't work. root@fn1:~ # wbinfo --uid-info=100545 failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for uid 100545 net cache list: Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: Thu Feb 22 18:58:47 2018 Value: 100545:B (change to both!) On my "old" samba MEMBERSERVER (unix freebsd 10.3) with samba 4.5.11: FreeBSD fn2.schluettergmbh.site 10.3-STABLE FreeBSD 10.3-STABLE #0 r295946+21897e6695f(HEAD): Tue Jul 25 00:03:12 UTC 2017 root@gauntlet:/freenas-9.10-releng/_BE/objs/freenas-9.10-releng/_BE/os/sys/FreeNAS.amd64 amd64 Translate gid and uid works fine! [root@fn2] ~# wbinfo --gid-info=100545 net cache list: Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: Thu Feb 22 18:53:29 2018 Value: 100545:B (both is correct) BUILTIN\users:x:100545: [root@fn2] ~# wbinfo --uid-info=100545 BUILTIN\users:*:100545:100545::/home/BUILTIN/users:/bin/false net cache list: Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: Thu Feb 22 18:53:29 2018 Value: 100545:B (both is correct) Best regards and very thanks for SAMBA! Alfred Schlütter
Now, new test with samba 4.11.2. It works fine: dc1:~ # /usr/local/samba/bin/wbinfo --gid-info=100545 BUILTIN\users:x:100545: dc1:~ # dc1:~ # dc1:~ # /usr/local/samba/bin/wbinfo --uid-info=100545 BUILTIN\users:*:100545:100545::/home/BUILTIN/users:/bin/bash Bug can closed. Best regards and very thanks for SAMBA! Alfred Schlütter