Bug 13831 - Inconsistent output from wbinfo --sid-to-name depending on cache state
Inconsistent output from wbinfo --sid-to-name depending on cache state
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
4.10.0rc4
All All
: P5 normal
: ---
Assigned To: Christof Schmitt
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-11 23:33 UTC by Christof Schmitt
Modified: 2019-03-12 18:47 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christof Schmitt 2019-03-11 23:33:52 UTC
wbinfo --sid-to-name returns different outputs, depending on what has
been queried and cached previously:

$ bin/wbinfo --name-to-sid="$REALM/$DC_USERNAME"
S-1-5-21-274866641-1785003985-1147516049-500 SID_USER (1)

$ bin/wbinfo --sid-to-name=S-1-5-21-274866641-1785003985-1147516049-500
ADDOM.SAMBA.EXAMPLE.COM/administrator 1

$ bin/net cache -s $SERVERCONFFILE flush

$ bin/wbinfo --sid-to-name=S-1-5-21-274866641-1785003985-1147516049-500
ADDOMAIN/Administrator 1

Internall, winbindd issues a LSA lookupnames call that takes the
realm.com\username as input (which is valid according to 3.1.4.5
LsarLookupNames4 (Opnum 77)). The lookupnames call also returns domain
information, including the short domain name. The problem here is that
winbindd fills the cache based on the input from wbinfo, instead of
the domain name queried from the domain controller.

Patches to follow.