samba - Apr 2018 - Issues with RPC, SID resolving; cannot use RSAT

Hello,


I'm running a setup with 3 DCs, all Samba 4.5.12, Debian Stretch (is
patched for CVE-2018-1057, "samba_CVE-2018-1057_helper" been used).

Probably unrelated to the upgrade and patch for CVE-2018-1057, there's
a new problem coming up.

RSAT fails to start/connect, complaining about RPC-Server
unavailablility. On the DCs I've tried with smbclient and get the
following:

root at vts5:/etc/samba# smbclient -L localhost -U Administrator
Enter Administrator's password:
session setup failed: NT_STATUS_INVALID_SID

This is also consistent with log entries like this:

[2018/04/03 11:37:48.411748,  0]
../source4/auth/unix_token.c:79(security_token_to_unix_token)
  Unable to convert first SID
(S-1-5-21-1449862128-1716478392-3139764938-1176) in user token to a UID.
 Conversion was returned as type 0, full token:
[2018/04/03 11:37:48.411820,  0]
../libcli/security/security_token.c:63(security_token_debug)
  Security token SIDs (7):
    SID[  0]: S-1-5-21-1449862128-1716478392-3139764938-1176
    SID[  1]: S-1-5-21-1449862128-1716478392-3139764938-515
    SID[  2]: S-1-1-0
    SID[  3]: S-1-5-2
    SID[  4]: S-1-5-11
    SID[  5]: S-1-5-32-554
    SID[  6]: S-1-5-32-545

It is not like only one specific SID is affected. I find this for many
different ones, including S-1-1-0.

net cache list is showing me funny stuff like this:

Key: IDMAP/GID2SID/3000017       Timeout: 11:23:09       Value: -  (expired)
Key: IDMAP/SID2XID/S-1-5-32-545  Timeout: 11:40:46       Value: -1:N

...

Key: IDMAP/SID2XID/S-1-5-21-1449862128-1716478392-3139764938-3708
Timeout: 11:41:17       Value: -1:N

...

Key: IDMAP/SID2XID/S-1-5-21-1449862128-1716478392-3139764938-3680
Timeout: 11:38:37       Value: -1:N  (expired)

At the moment I'm blocked making any changes to the Domain, so I
appreciate any help solving this issue.


Thank you,

Andreas Gaiser
-- 
Andreas Gaiser
wegewerk GmbH
Saarbrücker Str. 24A
10405 Berlin