In 3.0.1pre1 Windows presents only SIDs in backward mapping, no names.
I should mention, we use LDAP and 3.0.0 did it correctly.
in pre2 the same, group accounts resolve to "unknown" in WinNT.
Can you set me a level 10 debug log (smbd and winbindd if you are running wbindd) and you smb.conf? Mail me directly if you prefer.
Did your domain SID change when you upgraded? run 'net getlocalsid <DOMAINNAME>' on the Samba PDC. Send me that and and complete SID displayed in the local Administrators group listing.
Created attachment 250 [details] extract of log LSA_LOOKUPSIDS working 3.0.0
Created attachment 251 [details] extract of log LSA_LOOKUPSIDS fails 3.0.1pre2
Created attachment 252 [details] extract of log LSA_LOOKUPSIDS fails 3.0.1pre2
Domain SID in either case is S-1-5-21-598206826-3982707997-2769875126. I attached a log extract of the working (3.0.0) and one of the the broken scenario (CVS). Sorry, I created the second attachment twice.
This loks similar to bug 822
These logs are not lookuping up the same sid. The first one is looking up the domain admins group and the second one is looking up built-in groups.
Created attachment 289 [details] add Replicator and RAS Servers built in accounts
Try this patch
patch fixes the failure for me: rpcclient queso -U% --debuglevel=0 -c 'lookupsids S-1-5-32-553' S-1-5-32-553 BUILTIN\RAS Servers (4) checking it in and marking as fixed.
No, I think it's identical to Aurélien Degrémont's SID bug from the mailing list. I wonder if the patch will fix it, but I'll try tomorrow.
I think the fix was neither in 3.0.0 nor 3.0.1pre, but it worked with the older one. The second log looks indeed wrong, as Aurélien mentioned, Windows maybe requested other SIDs than the displayed. I will look to get a better log.
verified in 3.0.1rc2, it works, thanks!