Recent Samba (4.18.0+) winbind configuration ?

Tue Apr 11 12:32:27 UTC 2023

Story begins when Samba 4.14.0 changed its VFS so we decided to skip 
4.14.x and also 4.15.x releases to bundle it on Solaris but various 
problems were also with later releases and we were only fixing issues in 
4.13.0 . Currently (4.18.0) the situation can called be critical so I 
focused on recent release.

winbindd is giving up and I think the key could be in log message:

[2023/04/11 11:28:53.090661,  5, pid=1525, effective(0, 0), real(0, 0), 
class=winbind] ../../source3/winbindd/wb_lookupname.c:
52(wb_lookupname_send)
   WB command lookupname start.
   Search namespace 'smbsetup' and domain 'smbsetup' for name ''.

...where "smbsetup" is my domain  ...and I have added core-dump here to 
freeze the stack:

[2023/04/11 11:28:53.090780,  0, pid=1525, effective(0, 0), real(0, 0)] 
../../source3/lib/dumpcore.c:315(dump_core)
   dumping core in /var/samba/log/cores/winbindd

I went over such many frames of "tevent's" but I do not know where to 
start evaluation. I only catch the (PIDL) generated code was 
optimized-out by gcc (11.3.0) so I built the code with -O0 and now the 
code is available.

In the mood of total madness I also tried ChatGPT which suspects my 
smb.conf but answer on my question:

Q:
what was changed in idmap configuration in smb.conf between 4.13 and 4.18 ?

A:
There have been some changes to the idmap configuration in Samba between 
version 4.13 and 4.18, although they may not necessarily be related to 
the issue you're experiencing.

One notable change is that in Samba 4.18, the idmap config parameter has 
been deprecated in favor of the idmap_ldb parameter. This new parameter 
uses an LDB backend for id mapping, which allows for better performance 
and scalability than the previous tdb backend.

Another change is that the idmap config parameter in Samba 4.18 now 
accepts a backend option, which allows you to specify the backend to use 
for id mapping. The options are rid, ad, autorid, and autorid_compat.

The rid backend continues to be the default, which means that if you 
don't specify a backend explicitly, Samba will use the RID algorithm to 
generate UIDs and GIDs.

In summary, if you're upgrading from Samba 4.13 to 4.18, you may need to 
update your smb.conf to use the new idmap_ldb parameter and specify a 
backend if you're not using the default rid backend.

....looks suspectably because I can not find "idmap_ldb" in man smb.conf 
so I asked again:

Q:
backend option of idmap config was available even in samba 4.0.0 smb.con 
so what exactly has been changed in 4.18.0 ?
A:
Something went wrong. If this issue persists please contact us through 
our help center at help.openai.com.

...I do not want to push here the way how to shot-down the f'g ChatGPT 
but I would like to know if something was really changed. I went through 
the RELEASE NOTES and there is nothing directly concerns to idmap config 
AFAIK

constraints:

  - net ads join works as usual include adding of "A" record to DNS

  - despite of successful join it looks DC can not be located:

[2023/04/11 11:28:53.083220,  1, pid=1525, effective(0, 0), real(0, 0), 
class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_
function_debug)
        wbint_PingDc: struct wbint_PingDc
           in: struct wbint_PingDc
[2023/04/11 11:28:53.083291,  1, pid=1525, effective(0, 0), real(0, 0), 
class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_
function_debug)
        wbint_InitConnection: struct wbint_InitConnection
           in: struct wbint_InitConnection
               dcname                   : *
                   dcname                   : ''

...so it really looks like a stupid mis-configuration issue of mine.

Google is silent on all my attempts to ask "him".

If someone have some good idea please share it with me.

Many thanks,
Yura