If the idmap backend already knows how to map a given SID it's not required to do a lookupsids just to find out if the sid belongs to a user or group. Also backends supporting ID_TYPE_BOTH only care if the domain exists, with that it should be possible to accept kerberos authentication without contacting any domain controller.
This bug was referenced in samba master: 1576421dbdd2cfe9a47516224cb54bf15ba51132 58e9b62222ad62c81cdf11d704859a227cb2902b f5eec89011cf7b577375d83247524587f170b592 95b0dac0af5bc7ee85c6c8099dda135c36c9684b 7518a0ca32cade2b8b9eac0e2b5416ae685ffcff 7dbe5b4897448aa71b5a8a2175850b4010316b88 5cc21a9d319e00397ad98900d81ffb9d1d70514f 1694de1ae6ce63377d0afc47e84e55e4745905d7 2103543629004a3a22e7bf60305bb15bf3b316be cd9a9702c1f97c47bd3447e2014eeff3e56268cf 209e81a2ea8c972ee57e2f0c9579da843c0e2ac7 a8f57c94fc2294c309ecb18ea79d0acac86c495b d42aaeba6e0820acd17f204ff7ab6d1aede1b303 82fd07793f065e150729848566e7c30f4f4d472e b8c74b7b46d1c7f6b66e565ee08f8c88d6dc2cc4 28e020c0a863411cfa95e3b1ed943d922b8635bd 79c1d3aaf6d465a8edd1871edb85211f8715fea1 04956350a5725325954b2caba662ecd6dace7829 797b11f198e819300007997ce536bc6d05f19843 231c8d04b19a1c17937f988d142ca5c0f889d4e0 f6bb0ed21f82f2cf1f238f9f00cd049ecf8673af cda61f592a0b33d36da8da9b6837312396cceec4 19c8b6a8b188e45a6342a3d1308085800388a38e 374acc2e5fcc3c4b40f41906d0349499e3304841 3f4626ea6d235470195918b77af35ac2cfeb227c c55f4f37589130a0d8952489da175bbcf53f6748 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 54b4d2d3cb307019a260d15c6e6b4a3fb7fc337c
https://gitlab.com/samba-team/samba/-/merge_requests/1636 is also needed
I'm not sure if we should backport this. I guess I'd at least avoid 4.12, maybe 4.13, but only if someone asks for it.
I think 4.13 would be nice.
Created attachment 16402 [details] Additional patch for v4-14-test
Created attachment 16409 [details] Additional patch for v4-14-test Added the missing Reviewed-by: Ralph Boehme <slow@samba.org>
Reassigning to Karolin for inclusion in 4.14.
(In reply to Ralph Böhme from comment #7) Pushed to autobuild-v4-14-test.
This bug was referenced in samba master: d8339056eef2845805f573bd8b0f3323370ecc8f
This bug was referenced in samba v4-14-test: 99673b77b069674a6145552eb870de8829dfa503
This bug was referenced in samba v4-14-stable (Release samba-4.14.0rc2): 99673b77b069674a6145552eb870de8829dfa503
This bug was referenced in samba v4-13-stable (Release samba-4.13.14): 05b27742da44524e6007631a401dfef0b7180d53 0792d340860a44ccfb98b231e2518db751a98a59 340e2153c7e0d8e8c5593fb6431854d16d53718c 337cb0847bfe3ddb91017821acb83994ea28d585 68a823fd032ca2cdf0d731b7d23562defbef42cb d4c9be23183f85dbdc3d88d483d31fdd6452ab38 861bc4ddd8ddd84937bc5756d552e51227720fbb 39da0df37c4d7a618f070c4216dbd7eae91f489a b7b4bb1c55ba4476bd5b78bd2f3bc4197fe4d6b1 aebe4cec6c55ee180cda345fda0921fb9cc3818f f3957ca5ce206e1224874e6495780b5130d6de0c 5e04b985acc4c774e0057056887a9f1ed05faf9b a3cca16fac5d834f2f29e1daa31ced38938fada9 12fb0f40f60ba55cae3f92a2f642a7c32f8802c1 be81631363655e3437cae4303ab39c22500165fd 3812930e641d10d1ead10b52ddc7240dd585d0f6 713f9c960073df0a515279478f5e34b656cbe4ba e226e0a163a463b67b9cad194cf07264d820a2aa 27b73f9d343821881221ea95d486acaba0098952 ca5cf8d35b9756c9d65831718c5032533612c94a 5e4491e84555fbf32b50ec08e3a8027f9ab38e9c ab4f028db000b76a7d800ad5f42c9f44de525c09 ed7664036183256d109a652aee39ff9842680d47 0ec6beec7dafa70dd9ce7dd7b97be5e61a75b7af 69c53f9c3174b0a93a425dbdf80d6cb8f5722ec3 ed1542b9f37734bc77906c4ba49ea6ea3be09af8 04e10a843187810e97bf565731ddc5d70b0f4245 bd12ce56f03ab05a5a4652344efbabe11261e46c 4925a110c4e0586ca74566beca2450bbc4d18e4c
This bug was referenced in samba v4-13-test: 05b27742da44524e6007631a401dfef0b7180d53 0792d340860a44ccfb98b231e2518db751a98a59 340e2153c7e0d8e8c5593fb6431854d16d53718c 337cb0847bfe3ddb91017821acb83994ea28d585 68a823fd032ca2cdf0d731b7d23562defbef42cb d4c9be23183f85dbdc3d88d483d31fdd6452ab38 861bc4ddd8ddd84937bc5756d552e51227720fbb 39da0df37c4d7a618f070c4216dbd7eae91f489a b7b4bb1c55ba4476bd5b78bd2f3bc4197fe4d6b1 aebe4cec6c55ee180cda345fda0921fb9cc3818f f3957ca5ce206e1224874e6495780b5130d6de0c 5e04b985acc4c774e0057056887a9f1ed05faf9b a3cca16fac5d834f2f29e1daa31ced38938fada9 12fb0f40f60ba55cae3f92a2f642a7c32f8802c1 be81631363655e3437cae4303ab39c22500165fd 3812930e641d10d1ead10b52ddc7240dd585d0f6 713f9c960073df0a515279478f5e34b656cbe4ba e226e0a163a463b67b9cad194cf07264d820a2aa 27b73f9d343821881221ea95d486acaba0098952 ca5cf8d35b9756c9d65831718c5032533612c94a 5e4491e84555fbf32b50ec08e3a8027f9ab38e9c ab4f028db000b76a7d800ad5f42c9f44de525c09 ed7664036183256d109a652aee39ff9842680d47 0ec6beec7dafa70dd9ce7dd7b97be5e61a75b7af 69c53f9c3174b0a93a425dbdf80d6cb8f5722ec3 ed1542b9f37734bc77906c4ba49ea6ea3be09af8 04e10a843187810e97bf565731ddc5d70b0f4245 bd12ce56f03ab05a5a4652344efbabe11261e46c 4925a110c4e0586ca74566beca2450bbc4d18e4c