Bug 39804 – Windows Client join: Samba objectSid not synchronized to OpenLDAP

Bug 39804 - Windows Client join: Samba objectSid not synchronized to OpenLDAP


Summary:	Windows Client join: Samba objectSid not synchronized to OpenLDAP

Status:	RESOLVED DUPLICATE of bug 36570

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.1-x
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-11-05 18:11 CET by Arvid Requate
Modified:	2016-11-02 13:51 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	5: Will affect all installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
win7pro_openldap.ldif (1.86 KB, text/x-ldif) 2015-11-05 18:11 CET, Arvid Requate	Details
win7pro_samba.ldif (1.51 KB, text/plain) 2015-11-05 18:12 CET, Arvid Requate	Details
win7pro_idmap.ldif (550 bytes, text/plain) 2015-11-05 18:13 CET, Arvid Requate	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-11-05 18:11:04 CET

After the situation of Bug #39802 I found it to be another case where the Windows Client objectSid was not synchronized to OpenLDAP:

dn: cn=WIN7PRO,cn=computers,dc=ar41s4pt1,dc=qa
uidNumber: 2008
sambaSID: S-1-4-2008


In Samba we have:

dn: CN=WIN7PRO,CN=Computers,DC=ar41s4pt1,DC=qa
objectSid: S-1-5-21-3323138872-3195841188-3338175544-1111



This is will cause problems with idmap and file access for that client when somebody puts the windows client into some file ACL on a samba share or if GPO security filtering is used directly for that Windows Client. In the GPO case it would generate GPO evaluation issues for that client. All logs from the server are attached to Bug #39802.

Comment 1 Arvid Requate

2015-11-05 18:11:30 CET

Created attachment 7253 [details]
win7pro_openldap.ldif

Comment 2 Arvid Requate

2015-11-05 18:12:24 CET

Created attachment 7254 [details]
win7pro_samba.ldif

Comment 3 Arvid Requate

2015-11-05 18:13:10 CET

Created attachment 7255 [details]
win7pro_idmap.ldif

Comment 4 Arvid Requate

2016-03-29 17:20:07 CEST


*** This bug has been marked as a duplicate of bug 36570 ***