Profile directory/user SID mismatch

[Angelos Oikonomopoulos]

Hello all,

recently, the VM with my Samba4 domain controller had to be forcefully 
terminated. After that, I discovered that 2 of the profile directories 
have an owner_sid that differs from the objectSid of the respective 
user. As a result, those two users get logged in with a temporary profile.

It's just the last part of the SID that's different: 1114 vs 1263 and 
1171 vs 1262. 1114 and 1171 do not correspond to existing users. Note, 
however that I'm not sure that the crash was the cause of the problem. 
These user accounts are not very active, so the only thing I know at the 
moment is that ACL issue wasn't there on January 12th. Besides, there 
was nobody using the server when the crash occured.

My first question is, how could this have happened? Is it a bug in the 
filesystem perhaps? I'm using ext3 with user_xattr as described in the 
Samba4 howto. I'm not sure how ext3 stores extended attributes, but I 
assume the EA on the profile dirs never change during normal operation, 
so I can't imagine that ext3 could have corrupted them (at least not 
without evident large-scale fs corruption).

My second question is much easier to answer: exactly how does one set 
the NT ACL on a filesystem object? The usage information from samba-tool

# /usr/local/samba/bin/samba-tool acl nt set
Usage: net set <acl> <file> [--xattr-backend=native|tdb] 
[--eadb-file=file] [options]

is not very clear to me and I can't easily tell from the source how to 
specify a new value for the owner_sid. Is there an example somewhere 
that I have missed? (checked the wiki and also searched the list 
archives for a bit).

This is with Samba4 from November 16th.

Thanks in advance,
Aggelos