Bug 608 - Reverse group mapping fails in 3.0.1pre1
Summary: Reverse group mapping fails in 3.0.1pre1
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on: 822
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-10-13 05:27 UTC by Daniel Beschorner (dead mail address)
Modified: 2005-01-20 11:29 UTC (History)
0 users

See Also:


Attachments
extract of log LSA_LOOKUPSIDS working 3.0.0 (11.26 KB, text/plain)
2003-11-13 03:03 UTC, Daniel Beschorner (dead mail address)
no flags Details
extract of log LSA_LOOKUPSIDS fails 3.0.1pre2 (27.75 KB, text/plain)
2003-11-13 03:04 UTC, Daniel Beschorner (dead mail address)
no flags Details
extract of log LSA_LOOKUPSIDS fails 3.0.1pre2 (27.75 KB, text/plain)
2003-11-13 03:04 UTC, Daniel Beschorner (dead mail address)
no flags Details
add Replicator and RAS Servers built in accounts (810 bytes, patch)
2003-12-01 10:04 UTC, Gerald (Jerry) Carter (dead mail address)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Beschorner (dead mail address) 2003-10-13 05:27:22 UTC
In 3.0.1pre1 Windows presents only SIDs in backward mapping, no names.
Comment 1 Daniel Beschorner (dead mail address) 2003-10-13 11:58:26 UTC
I should mention, we use LDAP and 3.0.0 did it correctly.
Comment 2 Daniel Beschorner (dead mail address) 2003-11-09 14:10:22 UTC
in pre2 the same, group accounts resolve to "unknown" in WinNT.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2003-11-10 08:22:04 UTC
Can you set me a level 10 debug log (smbd and 
winbindd if you are running wbindd) and you 
smb.conf? Mail me directly if you prefer.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2003-11-12 14:52:33 UTC
Did your domain SID change when you upgraded?
run 'net getlocalsid <DOMAINNAME>' on the Samba 
PDC.  Send me that and and complete SID displayed 
in the local Administrators group listing.
Comment 5 Daniel Beschorner (dead mail address) 2003-11-13 03:03:59 UTC
Created attachment 250 [details]
extract of log LSA_LOOKUPSIDS working 3.0.0
Comment 6 Daniel Beschorner (dead mail address) 2003-11-13 03:04:38 UTC
Created attachment 251 [details]
extract of log LSA_LOOKUPSIDS fails 3.0.1pre2
Comment 7 Daniel Beschorner (dead mail address) 2003-11-13 03:04:48 UTC
Created attachment 252 [details]
extract of log LSA_LOOKUPSIDS fails 3.0.1pre2
Comment 8 Daniel Beschorner (dead mail address) 2003-11-13 03:12:50 UTC
Domain SID in either case is S-1-5-21-598206826-3982707997-2769875126.

I attached a log extract of the working (3.0.0) and one of the the broken 
scenario (CVS).
Sorry, I created the second attachment twice.
Comment 9 Gerald (Jerry) Carter (dead mail address) 2003-11-30 21:10:20 UTC
This loks similar to bug 822
Comment 10 Gerald (Jerry) Carter (dead mail address) 2003-12-01 10:03:50 UTC
These logs are not lookuping up the same sid.  The first 
one is looking up the domain admins group and the second 
one is looking up built-in groups.
Comment 11 Gerald (Jerry) Carter (dead mail address) 2003-12-01 10:04:42 UTC
Created attachment 289 [details]
add Replicator and RAS Servers built in accounts
Comment 12 Gerald (Jerry) Carter (dead mail address) 2003-12-01 10:04:57 UTC
Try this patch
Comment 13 Gerald (Jerry) Carter (dead mail address) 2003-12-01 10:36:50 UTC
patch fixes the failure for me:

  rpcclient queso -U% --debuglevel=0 -c 'lookupsids S-1-5-32-553'
  S-1-5-32-553 BUILTIN\RAS Servers (4)

checking it in and marking as fixed.
Comment 14 Daniel Beschorner (dead mail address) 2003-12-09 15:15:15 UTC
No, I think it's identical to Aurélien Degrémont's SID bug from the mailing 
list.
I wonder if the patch will fix it, but I'll try tomorrow.
Comment 15 Daniel Beschorner (dead mail address) 2003-12-09 15:28:24 UTC
I think the fix was neither in 3.0.0 nor 3.0.1pre, but it worked with the older 
one.
The second log looks indeed wrong, as Aurélien mentioned, Windows maybe 
requested other SIDs than the displayed.
I will look to get a better log.
Comment 16 Daniel Beschorner (dead mail address) 2003-12-11 06:16:34 UTC
verified in 3.0.1rc2, it works, thanks!