[Samba] Security Principals, and SID's mapping bug

L.P.H. van Belle belle at bazuin.nl
Wed Jan 25 09:21:04 UTC 2017


While searching through the windows GPO editor for the users.
It's now as followed. ( after the smb.conf correction ) 

TEST 1 ( windows 7 ( a domain member, but local search )
Creating a task localy on the computer, Searched SYSTEM, gives back. 
WIN7 : NT AUTHORITY\SYSTEM

TEST 2
 ( Samba AD ) 
Selected a WIN7 PC and search for system    : BUILDIN\SYSTEM
Selected the samba AD and search for system : NTDOM\SYSTEM

The EXACT same steps on my windows 2008R2 server.
TEST 3 ( Windows 2008R2 server ) 
Im getting : NT AUTHORITY\System

Anyhow, samba is consistent in giving back some WRONG user/group info. 
An overview, i have compaired the output of 2 DC's and 1 member. 
All done on samba 4.5.3. 

wbinfo -u -g etc. all work fine. 
wbinfo --all-domains
BUILTIN
NTDOM

DC 1 and DC 2 are exact the same with the output. 
wbinfo --gid-info=3000001
BUILTIN\server operators:x:3000001:
wbinfo --gid-info=3000002
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 3000002
wbinfo --uid-to-sid=3000001
S-1-5-32-549
wbinfo --uid-to-sid=3000002
S-1-5-18
wbinfo --gid-to-sid=3000001
S-1-5-32-549
wbinfo --gid-to-sid=3000002
S-1-5-18
wbinfo --sid-to-uid=S-1-5-32-549
3000001
wbinfo --sid-to-uid=S-1-5-18
3000002
wbinfo --sid-to-gid=S-1-5-32-549
3000001
wbinfo --sid-to-gid=S-1-5-18
3000002
wbinfo --sid-to-name=S-1-5-32-549
BUILTIN\Server Operators 4
wbinfo --sid-to-name=S-1-5-18
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-18
wbinfo --sid-to-fullname=S-1-5-32-549
BUILTIN\Server Operators 4
wbinfo --sid-to-fullname=S-1-5-18
failed to call wbcGetDisplayName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-18
wbinfo --name-to-sid=BUILTIN\Server Operators
S-1-5-32-549 SID_ALIAS (4)
wbinfo --name-to-sid=NTDOM\Server Operators
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NTDOM\Server Operators
wbinfo --name-to-sid=BUILDIN\SYSTEM
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name BUILDIN\SYSTEM
wbinfo --name-to-sid=NTDOM\SYSTEM
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NTDOM\SYSTEM
wbinfo --lookup-sids=S-1-5-32-549
S-1-5-32-549 -> <none>\Server Operators 4
wbinfo --lookup-sids=S-1-5-18
wbcLookupSids failed: WBC_ERR_INVALID_SID
Could not lookup SIDs S-1-5-18


The member, and yes i know not all info should be here, just for comparison. 
But watch what happens with : S-1-5-18. 

wbinfo --gid-info=3000001
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 3000001
wbinfo --gid-info=3000002
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 3000002
wbinfo --uid-to-sid=3000001
failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 3000001 to sid
wbinfo --uid-to-sid=3000002
failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 3000002 to sid
wbinfo --gid-to-sid=3000001
failed to call wbcGidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert gid 3000001 to sid
wbinfo --gid-to-sid=3000002
failed to call wbcGidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert gid 3000002 to sid
wbinfo --sid-to-uid=S-1-5-32-549
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-32-549 to uid
wbinfo --sid-to-uid=S-1-5-18
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-18 to uid
wbinfo --sid-to-gid=S-1-5-32-549
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-32-549 to gid
wbinfo --sid-to-gid=S-1-5-18
2000
wbinfo --sid-to-name=S-1-5-32-549
BUILTIN\Server Operators 4
wbinfo --sid-to-name=S-1-5-18
NT AUTHORITY\SYSTEM 5
wbinfo --sid-to-fullname=S-1-5-32-549
BUILTIN\Server Operators 4
wbinfo --sid-to-fullname=S-1-5-18
NT AUTHORITY\SYSTEM 5
wbinfo --name-to-sid=BUILTIN\Server Operators
S-1-5-32-549 SID_ALIAS (4)
wbinfo --name-to-sid=NTDOM\Server Operators
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NTDOM\Server Operators
wbinfo --name-to-sid=BUILDIN\SYSTEM
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name BUILDIN\SYSTEM
wbinfo --name-to-sid=NTDOM\SYSTEM
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NTDOM\SYSTEM
wbinfo --lookup-sids=S-1-5-32-549
S-1-5-32-549 -> <none>\Server Operators 4
wbinfo --lookup-sids=S-1-5-18
wbcLookupSids failed: WBC_ERR_INVALID_SID
Could not lookup SIDs S-1-5-18


To me this confirms this bug, why would the member server give back : 
wbinfo --sid-to-name=S-1-5-18
NT AUTHORITY\SYSTEM 5

But the DC which really needs it :
wbinfo --sid-to-name=S-1-5-18
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-18

Can someone explain this difference? 


And can someone confirm this problem still exists on there system and 
gives the same results as mine so im sure its not something from and older samba. 
My setup runs as of 4.1.x and is upgraded multiple times something like 
to 4.2.3 ( and some others. )
to 4.2.10 => 4.3.x
to 4.3.x  => 4.4.3
to 4.4.5  => 4.5.3



Greetz, 

Louis








More information about the samba-technical mailing list