First Last Prev Next    This bug is not in your last search results.
Bug 49935 - Samba4.10 Regression: idmap uid to sid fails for accounts with uid in range 300000-400000
Samba4.10 Regression: idmap uid to sid fails for accounts with uid in range 3...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-1-errata
Assigned To: Erik Damrose
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-29 19:36 CEST by Arvid Requate
Modified: 2019-09-03 14:47 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019072621000454
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-07-29 19:36:40 CEST 
Ticket#: 2019072621000454 documents another case of Bug #49747, where some user accounts had "S-1-22-$uidNumber" in their NTACLs. This seems to happen for accounts with uidNumber in the idmap range 300000-400000:


root@dc123:~# wbinfo --uid-to-sid 386028
failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 386028 to sid

it works the other way around though:

root@dc123:~# wbinfo --sid-to-uid \
                     S-1-5-21-1234567890-1234567890-1234567890-123456
386028

root@dc123:~# lsb_release -r
Release:        4.4-1 errata186




It starts to work again when I adjust the default idmap range fot the alloc domain ("*"):

root@dc123:~# sed -i 's/idmap config \* : range = 300000-40000/idmap config \* : range = 900000-100000/' /etc/samba/smb.conf
root@dc123:~# net cache flush
root@dc123:~# /etc/init.d/samba restart


Note: Unfortunately winbind doesn't seem to pick up the local.conf (any longer?), at least my attempt to override the value via local.conf didn't change anything.
Comment 1 Arvid Requate univentionstaff 2019-07-29 20:10:36 CEST 
This is fixed in Samba 4.10.4 via

https://bugzilla.samba.org/show_bug.cgi?id=13903
Comment 2 Erik Damrose univentionstaff 2019-08-21 17:34:35 CEST 
Patch added as 99_bug49935.quilt in svn rev 18637

Package: samba
Version: 2:4.10.1-1A~4.4.0.201908191057
Branch: ucs_4.4-0
Scope: errata4.4-1

git 9b88081 yaml

Added testcase: 51_samba4/63uid-to-sid_sid-to-uid_mapping 
Package: ucs-test
Version: 9.0.3-15A~4.4.0.201908211729
Comment 3 Arvid Requate univentionstaff 2019-08-28 22:18:14 CEST 
Verified:
* Patch ok
* Applied during built
* Test case works
* Advisory Ok
Comment 4 Arvid Requate univentionstaff 2019-09-03 14:47:07 CEST 
<http://errata.software-univention.de/ucs/4.4/246.html>
First Last Prev Next    This bug is not in your last search results.