CentOS - Feb 2022 - CentOS 7.9: No authentication after samba update

We are using FreeIPA for Linux accounts and a Windows DC for Windows 
accounts.
Users were able to access their Linux file systems from Windows using 
their windows user name and password.

After upgrading samba from samba-4.10.16-7.el7_9.x86_64 to 
samba-4.10.16-18.el7_9.x86_64 users cannot authenticate and I get the 
following error message:

1.2.3.4.log:
../../source3/auth/auth_util.c:1889(check_account)
   check_account: Failed to convert SID 
S-1-5-21-xxxxxxx-xxxxxxx-xxxxxxx-1158 to a UID (dom_user[DOMAIN\username])

Winbind is still running

My smb.conf:

[global]
        netbios name = HOSTNAME
        security = ADS
        workgroup = DOMAIN
        realm = DOMAIN.FULL.NAME

        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 
SO_SNDBUF=131072
        use sendfile = true
        dns proxy = no

        log file = /var/log/samba/%m.log
        max log size = 50
        log level = 1

        client signing = required
        server signing = auto

[Tmpdisk]
         comment = TMP-Disk
         public = yes
         path = /tmp
         browsable = Yes
         read only = No

Nothing else updated or changed.
What do I miss? This setup was working for years..

Thank you in advance!

Gerhard Schneider

-- 
Gerhard Schneider
Institute of Lightweight Design and       e-Mail: gs at ilsb.tuwien.ac.at
Structural Biomechanics (E317)                 Tel.: +43 1 58801 31716
TU Wien / Vienna / Austria                     Fax:  +43 1 58801 31799
A-1060 Wien, Gumpendorfer Stra?e 7   http://www.ilsb.tuwien.ac.at/~gs/

Am 04.02.2022 um 18:30 schrieb Gerhard Schneider:
> 
> After upgrading samba from samba-4.10.16-7.el7_9.x86_64 to 
> samba-4.10.16-18.el7_9.x86_64 users cannot authenticate and I get the 
> following error message:
> 
It seems that the problem is related to
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1954342

and some backported security fix is breaking Samba

The remove_domain.pl workaround mentioned IS working for me! (but it 
should NOT be a final solution - should it?) :-D

Shall I open a bug at RedHat?

Gerhard Schneider

-- 
Gerhard Schneider
Institute of Lightweight Design and       e-Mail: gs at ilsb.tuwien.ac.at
Structural Biomechanics (E317)                 Tel.: +43 1 58801 31716
TU Wien / Vienna / Austria                     Fax:  +43 1 58801 31799
A-1060 Wien, Gumpendorfer Stra?e 7   http://www.ilsb.tuwien.ac.at/~gs/