Public bug reported:

I'm running couple of AD servers on Ubuntu 18.04 LTS using the stock
Samba version found from Ubuntu's repositories:
https://packages.ubuntu.com/bionic-updates/samba

There's one quite critical bug in Winbind that messes up almost all NT
Authority\xxx user and group mappings and it's been fixed for over one
year now in the mainstream Samba: https://gitlab.com/samba-
team/devel/samba/-/commit/a0309d9e7c283c8c6ee25a067695571c93d26313#3e088ca6181fe0ec57ad73b496eb4ed4a99a5dc3

That particular bug causes SysVol replication between two domain servers
go wrong. All permissions regarding NT Authority\xxx users and groups
are not mapped correctly and this causes that the GPO permissions go
wrong which could lead to situation where computers fetching GPOs are
not able to fetch them or they can fetch GPOs that aren't meant for
them.

I've tested to compile the samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.17) from
Ubuntu's sources but applying that patch found from the link I provided:
Then the bug is gone and SysVol replication using rsync (-XAavz flags)
works properly and all NT Authority\xxx users and groups are mapped
correctly:

Before the patch applied:
root@server:~# wbinfo --group-info='NT AUTHORITY\system'
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT AUTHORITY\system
root@server:~# getent group 'NT AUTHORITY\system
(returns nothing, exit code: 2)

After the patch is applied:
root@server:~# wbinfo --group-info='NT AUTHORITY\system'
NT AUTHORITY\system:x:3000014:
root@server:~# getent group 'NT AUTHORITY\system'
NT AUTHORITY\system:x:3000014:

So could you please add that patch to the Ubuntu 18.04 LTS version of
Samba?

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1888616

Title:
  Please "add WIP: winbindd: handle "NT Authority"" patch into Ubuntu
  18.04 LTS Samba

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1888616/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to