[PATCH] winbindd: lookup-domain for well-known SIDs on a DC

Rowland Penny rpenny at samba.org
Sat Apr 1 15:39:52 UTC 2017

On Fri, 31 Mar 2017 22:43:34 +0200
Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:

> Hi!
> Attached is a fix for bug:
> <https://bugzilla.samba.org/show_bug.cgi?id=12727>
> ---8<---
> On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by
> the local domain, otherwise something simple like this fails with
> $ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1
> localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-1-0
> On a member server asking our DC works and is what we're currently
> doing, but changing it to ask passdb avoids the overhead.
> ---8<---
> Ran across this when working on another bug in the sids2xids code.
> Please review & push if ok. Thanks!
> Cheerio!
> -slow

OK, I have had a good look at the Bash script part of the PATCH and I
have few questions ;-)

Shouldn't 'CREATOR GROUP 5' be 'CREATOR_GROUP 5' ?

The group names in 'WELL_KNOWN_SIDS' start with forward slashes, is
there something in the code somewhere that turns then into the required
backslashes ? or are the 'RESOLVED_NAME' tests supposed to always fail ?

Do you realise that whatever $failed gets set to inside the while loop
will be lost when the loop exits ?


More information about the samba-technical mailing list