If the idmap backend already knows how to map a given SID it's not required to do a lookupsids just to find out if the sid belongs to a user or group. Also backends supporting ID_TYPE_BOTH only care if the domain exists, with that it should be possible to accept kerberos authentication without contacting any domain controller.
This bug was referenced in samba master: 1576421dbdd2cfe9a47516224cb54bf15ba51132 58e9b62222ad62c81cdf11d704859a227cb2902b f5eec89011cf7b577375d83247524587f170b592 95b0dac0af5bc7ee85c6c8099dda135c36c9684b 7518a0ca32cade2b8b9eac0e2b5416ae685ffcff 7dbe5b4897448aa71b5a8a2175850b4010316b88 5cc21a9d319e00397ad98900d81ffb9d1d70514f 1694de1ae6ce63377d0afc47e84e55e4745905d7 2103543629004a3a22e7bf60305bb15bf3b316be cd9a9702c1f97c47bd3447e2014eeff3e56268cf 209e81a2ea8c972ee57e2f0c9579da843c0e2ac7 a8f57c94fc2294c309ecb18ea79d0acac86c495b d42aaeba6e0820acd17f204ff7ab6d1aede1b303 82fd07793f065e150729848566e7c30f4f4d472e b8c74b7b46d1c7f6b66e565ee08f8c88d6dc2cc4 28e020c0a863411cfa95e3b1ed943d922b8635bd 79c1d3aaf6d465a8edd1871edb85211f8715fea1 04956350a5725325954b2caba662ecd6dace7829 797b11f198e819300007997ce536bc6d05f19843 231c8d04b19a1c17937f988d142ca5c0f889d4e0 f6bb0ed21f82f2cf1f238f9f00cd049ecf8673af cda61f592a0b33d36da8da9b6837312396cceec4 19c8b6a8b188e45a6342a3d1308085800388a38e 374acc2e5fcc3c4b40f41906d0349499e3304841 3f4626ea6d235470195918b77af35ac2cfeb227c c55f4f37589130a0d8952489da175bbcf53f6748 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 54b4d2d3cb307019a260d15c6e6b4a3fb7fc337c
https://gitlab.com/samba-team/samba/-/merge_requests/1636 is also needed
I'm not sure if we should backport this. I guess I'd at least avoid 4.12, maybe 4.13, but only if someone asks for it.
I think 4.13 would be nice.
Created attachment 16402 [details] Additional patch for v4-14-test
Created attachment 16409 [details] Additional patch for v4-14-test Added the missing Reviewed-by: Ralph Boehme <slow@samba.org>
Reassigning to Karolin for inclusion in 4.14.
(In reply to Ralph Böhme from comment #7) Pushed to autobuild-v4-14-test.
This bug was referenced in samba master: d8339056eef2845805f573bd8b0f3323370ecc8f
This bug was referenced in samba v4-14-test: 99673b77b069674a6145552eb870de8829dfa503
This bug was referenced in samba v4-14-stable (Release samba-4.14.0rc2): 99673b77b069674a6145552eb870de8829dfa503