[Pkg-samba-maint] Bug#972223: Acknowledgement (samba: NT4-style domain member doesn't work without winbind, but even with it, doesn't work)

Thu Oct 15 09:06:12 BST 2020

Hi,

I tried to analyze the samba* attributes in that LDAP directory, and found
some glaring inconsistencies - namely there were 4 pairs of accounts with
duplicate sambaSID attributes. Some time after fixing that, and some service
restarts, I realized that wbinfo -u started to work on the buster Samba
domain member server.

However, the authentication was still broken, based on the users group whose
gitNumber was the default for all users. I checked LDAP and saw its cn=users
entry wasn't a sambaGroup*, so I made it one because that seemed
inconsistent. Sadly, that still didn't help.

When I try to look up a user, it says:

% sudo wbinfo -i joy
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user joy

The log says:

[2020/10/15 06:07:13.320974,  3] ../source3/winbindd/winbindd_misc.c:419(winbindd_interface_version)
  [24581]: request interface version (version = 30)
[2020/10/15 06:07:13.321216,  3] ../source3/winbindd/winbindd_getpwnam.c:58(winbindd_getpwnam_send)
  getpwnam joy
[2020/10/15 06:07:13.321898,  5] ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
  Could not convert sid S-1-22-1-1000: NT_STATUS_INVALID_PARAMETER

Looks like it wants a domain SID S-1-22-1, which I don't actually recognize
from my LDAP...

Further down the line, I also enabled more debugging, and observed
messages like these:

[2020/10/15 08:00:57.669098,  3, pid=29639, effective(0, 0), real(0, 0)] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
  string_to_sid: SID root is not in a valid format

[2020/10/15 08:00:57.669313,  3, pid=29639, effective(0, 0), real(0, 0)] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
  string_to_sid: SID @users is not in a valid format

I guess I'm gonna have to UTSL to figure that one out

-- 
Josip Rodin