Univention Bugzilla – Bug 49935
Samba4.10 Regression: idmap uid to sid fails for accounts with uid in range 300000-400000
Last modified: 2019-09-03 14:47:07 CEST
Ticket#: 2019072621000454 documents another case of Bug #49747, where some user accounts had "S-1-22-$uidNumber" in their NTACLs. This seems to happen for accounts with uidNumber in the idmap range 300000-400000: root@dc123:~# wbinfo --uid-to-sid 386028 failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert uid 386028 to sid it works the other way around though: root@dc123:~# wbinfo --sid-to-uid \ S-1-5-21-1234567890-1234567890-1234567890-123456 386028 root@dc123:~# lsb_release -r Release: 4.4-1 errata186 It starts to work again when I adjust the default idmap range fot the alloc domain ("*"): root@dc123:~# sed -i 's/idmap config \* : range = 300000-40000/idmap config \* : range = 900000-100000/' /etc/samba/smb.conf root@dc123:~# net cache flush root@dc123:~# /etc/init.d/samba restart Note: Unfortunately winbind doesn't seem to pick up the local.conf (any longer?), at least my attempt to override the value via local.conf didn't change anything.
This is fixed in Samba 4.10.4 via https://bugzilla.samba.org/show_bug.cgi?id=13903
Patch added as 99_bug49935.quilt in svn rev 18637 Package: samba Version: 2:4.10.1-1A~4.4.0.201908191057 Branch: ucs_4.4-0 Scope: errata4.4-1 git 9b88081 yaml Added testcase: 51_samba4/63uid-to-sid_sid-to-uid_mapping Package: ucs-test Version: 9.0.3-15A~4.4.0.201908211729
Verified: * Patch ok * Applied during built * Test case works * Advisory Ok
<http://errata.software-univention.de/ucs/4.4/246.html>