idmap.rfc2307 flakey

[Andrew Bartlett]

On Fri, 2017-12-08 at 17:32 +0100, Stefan Metzmacher via samba-
technical wrote:
> Hi,
> 
> I found part of the reason why idmap.rfc2307 is flakey.
> 
> The main difference is that the failing version doesn't have the
> domain sids as member of builtin groups.
> 
> $ bin/tdbdump
> /data/tmp/samba-master3.fail/ad_member_rfc2307/lockdir/group_mapping.tdb
> > grep -A1 'MEMBEROF'
> 
> $ bin/tdbdump
> /data/tmp/samba-master3.ok/ad_member_rfc2307/lockdir/group_mapping.tdb
> > grep -A1 'MEMBEROF'
> 
> key(55) = "MEMBEROF/S-1-5-21-1335776168-1709816617-1386263926-513\00"
> data(13) = "S-1-5-32-545\00"
> --
> key(55) = "MEMBEROF/S-1-5-21-1335776168-1709816617-1386263926-512\00"
> data(13) = "S-1-5-32-544\00"
> 
> At join time libnet_join_add_dom_rids_to_builtins() hits the
> NT_STATUS_PROTOCOL_UNREACHABLE case generated by pdb_create_builtin()
> because winbindd is not running yet.
> 
> Can anyone explain how this is supposed to work?
> What's the code patch where this is some times added and some times not???

I don't have any idea on the question, but I do want to say a big
thanks for getting some more data on this!

In similar news, Jamie and Garming worked out why some of our tests
(samba3rpc) are ordering dependent, due to the NSS_ environment
variables being set during selftest startup.  Expect some patches next
week.

We will tame this dragon eventually ;-)

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba