Public bug reported: I'm running couple of AD servers on Ubuntu 18.04 LTS using the stock Samba version found from Ubuntu's repositories: https://packages.ubuntu.com/bionic-updates/samba
There's one quite critical bug in Winbind that messes up almost all NT Authority\xxx user and group mappings and it's been fixed for over one year now in the mainstream Samba: https://gitlab.com/samba- team/devel/samba/-/commit/a0309d9e7c283c8c6ee25a067695571c93d26313#3e088ca6181fe0ec57ad73b496eb4ed4a99a5dc3 That particular bug causes SysVol replication between two domain servers go wrong. All permissions regarding NT Authority\xxx users and groups are not mapped correctly and this causes that the GPO permissions go wrong which could lead to situation where computers fetching GPOs are not able to fetch them or they can fetch GPOs that aren't meant for them. I've tested to compile the samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.17) from Ubuntu's sources but applying that patch found from the link I provided: Then the bug is gone and SysVol replication using rsync (-XAavz flags) works properly and all NT Authority\xxx users and groups are mapped correctly: Before the patch applied: root@server:~# wbinfo --group-info='NT AUTHORITY\system' failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group NT AUTHORITY\system root@server:~# getent group 'NT AUTHORITY\system (returns nothing, exit code: 2) After the patch is applied: root@server:~# wbinfo --group-info='NT AUTHORITY\system' NT AUTHORITY\system:x:3000014: root@server:~# getent group 'NT AUTHORITY\system' NT AUTHORITY\system:x:3000014: So could you please add that patch to the Ubuntu 18.04 LTS version of Samba? ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888616 Title: Please "add WIP: winbindd: handle "NT Authority"" patch into Ubuntu 18.04 LTS Samba To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1888616/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
