Bug in the SIDs of system account

Andrew Bartlett abartlet at samba.org
Mon Jun 13 17:36:04 MDT 2011

On Tue, 2011-06-14 at 00:43 +0400, Matthieu Patou wrote:
> Hello andrew,
> Can you have a look at this patch ?
> I discovered today that SIDs for the group and the user are quite often 
> broken, for the group it's rather obvious as we have the domain SID as 
> value.

Hmm, so the provision would have been created with 'domain users' as the
owning user for everything, rather than the domain administrator?

I really should have tested that change better...

> Can you check that's the only problem of such kind, and if so sign-off 
> my patch ?

What we need is a unit test for admin_session(), to ensure this stays

> Thanks.
> Matthieu.
> note: it means that all provision since Jan 2011 have broken SDs, 
> unfortunately I discovered a couple of issues in upgradeprovision so I 
> propose to postpone the release of alpha16 up to the moment I finish 
> fixes for upgradeprovision so that our users can cleanly upgrade the SD 
> of their provision.

That sounds like a reasonable reason to postpone a release, but if we
can't fix this in a reasonable time (remember, we are trying to do the
release for OpenChange), then I suggest we just do another alpha once
the upgradeprovision fix is available.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list