Windows displays incorrect ACE Trustee Names when displaying ACEs for Samba server in an ADS parent/child forest?

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Jun 30 16:33:16 MDT 2011

On Thu, Jun 30, 2011 at 03:00:11PM -0700, Richard Sharpe wrote:
> >> Well, a quick rebuild demonstrates that this problem has nothing to do
> >> with DsRoleGetPrimaryDomainInfomation, it seems. I hard coded the
> >> correct info, but nothing has changed.
> >
> > Verified that the same problem does not occur on a Win2K08 member
> > server ... digging deeper now.
> OK, so the bug seems to be in lsa_LookupSids2 ... the node requesting
> the SecDesc is sending the lsa_LookupSids2 request to the Samba server
> (but so it did to the Win2K08 member server) and Samba is
> mis-translating the SIDs. It returns the domain as the same even
> though the authorities portions are different.
> I guess I know where to look to fix the code now.

Even comes with patches :-)


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen

More information about the samba-technical mailing list