[Samba] Wbinfo -Y couldn't work with idmap_rid for BUILTIN groups

[Li, Ying (ESG)]

Hi,

wbinfo -Y BUILTIN\group can work without idmap_rid in Samba-3.0.14a. But
I'm experiencing wbinfo -Y with idmap_rid failed for SID to GID
conversion of BUILTIN groups. 

Since idmap_rid only works in a single domain, and captures workgroup's
domain sid as a real domain sid in rid_idmap_get_domains(), when running
"wbinfo -Y BUILTIN/System Operators", the function
rid_idmap_get_id_from_sid() checks if incoming sid is same with
workgroup domain sid by following comparison:
470   if ( sid_compare_domain(sid, &sidstr) == 0 )

This would let the first "for" loop continue to go to the end, and make
the loop variable i equal to trust.number(=1). And the code after the
loop
474        if (i == trust.number) {
475                DEBUG(0,("rid_idmap_get_id_from_sid: no suitable
range available for sid: %s\n",
476                        sid_string_static(sid)));
477                return NT_STATUS_INVALID_PARAMETER;
478        }

leads to generate an error with "no suitable range available for sid:",
even if both 
idmap uid range and idmap gid range are exactly equal to idmap_rid range
in smb.conf.

So I'm wondering idmap_rid capability. I'd like to ask somebody if
idmap_rid can work with BUILTIN group. If the answer is yes, How do we
get Samba BUILTIN groups' SID? If the answer is no, I want to know if
there is a possible solution to resolve sid to gid conversion for samba
builtin groups by winbind with idmap_rid.

smb.conf
[global]
   workgroup = MYDOMAIN
   security = ads or domain
   allow trust domains = no
   idmap backend = idmap_rid:"MYDOMAIN=50000-60000"
   idmap uid = 50000-60000
   idmap gid = 50000-60000
   ......

Any information is really appreciated.
-Ying