Windows displays incorrect ACE Trustee Names when displaying ACEs for Samba server in an ADS parent/child forest?

Richard Sharpe realrichardsharpe at gmail.com
Thu Jun 30 17:39:31 MDT 2011


On Thu, Jun 30, 2011 at 3:33 PM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Thu, Jun 30, 2011 at 03:00:11PM -0700, Richard Sharpe wrote:
>> >> Well, a quick rebuild demonstrates that this problem has nothing to do
>> >> with DsRoleGetPrimaryDomainInfomation, it seems. I hard coded the
>> >> correct info, but nothing has changed.
>> >
>> > Verified that the same problem does not occur on a Win2K08 member
>> > server ... digging deeper now.
>>
>> OK, so the bug seems to be in lsa_LookupSids2 ... the node requesting
>> the SecDesc is sending the lsa_LookupSids2 request to the Samba server
>> (but so it did to the Win2K08 member server) and Samba is
>> mis-translating the SIDs. It returns the domain as the same even
>> though the authorities portions are different.
>>
>> I guess I know where to look to fix the code now.
>
> https://bugzilla.samba.org/show_bug.cgi?id=7841
>
> Even comes with patches :-)

Great, thanks ... I had tracked it down to winbindd, but now I can
stop looking :-)

-- 
Regards,
Richard Sharpe


More information about the samba-technical mailing list