samba - Apr 2025 - If a NetBIOS name used within a week is reused, an incorrect owner is returned.

On Wed, 12 Mar 2025 08:19:29 +0000
CHIBA HIROSHI(????) via samba <samba at lists.samba.org> wrote:
> Hi,
> 
>  
> 
> I suspect this behavior comes from a bug. If the behavior is as
> designed, I'd like to know the background of the design. 
> 
> - Bug information
> 
> Version: 4.20.2
> 
> When a shared guest account is enabled and a NetBIOS name that was
> used within the past week is reassigned, the owner of the guest
> account becomes Account Unknown (S-1-5-21-*-501), and WRITE returns
> ACCESS_DENIED. (For example, this issue occurs when the NetBIOS name
> is changed from "AAAA" to "BBBB" and then back to
"AAAA" again.)
> 
> This behavior seems to be caused by the idmap cache.  
Well, yes, but only because you are failing to do something.

Every time you change the computers hostname, Samba issues a new SID.
Which means that your 'Account Unknown' (which actually is known, it is
'Guest') gets a new SID and when someone connects to Samba, this is
stored in the cache.

The cache is just that, it is a cache, it is not permanent.
The fix for your problem is very easy, every time you change the
hostname, clear the cache with 'net cache flush'.

Can I close your bug report ?

Rowland

Rowland,

Thank you for the information.

I would like to know when to execute net cache flush. Are there any other
necessary timings besides hostname changes?

We propose an amendment.
I believe that if "net cache flush" is executed when Samba starts with
systemctl, the problem will not occur.

Best regards,
Hiroshi Chiba

-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny
via samba
Sent: Wednesday, March 12, 2025 6:50 PM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] If a NetBIOS name used within a week is reused, an
incorrect owner is returned.

On Wed, 12 Mar 2025 08:19:29 +0000
CHIBA HIROSHI(????) via samba <samba at lists.samba.org> wrote:
> Hi,
> 
>  
> 
> I suspect this behavior comes from a bug. If the behavior is as 
> designed, I'd like to know the background of the design.
> 
> - Bug information
> 
> Version: 4.20.2
> 
> When a shared guest account is enabled and a NetBIOS name that was 
> used within the past week is reassigned, the owner of the guest 
> account becomes Account Unknown (S-1-5-21-*-501), and WRITE returns 
> ACCESS_DENIED. (For example, this issue occurs when the NetBIOS name 
> is changed from "AAAA" to "BBBB" and then back to
"AAAA" again.)
> 
> This behavior seems to be caused by the idmap cache.  
Well, yes, but only because you are failing to do something.

Every time you change the computers hostname, Samba issues a new SID.
Which means that your 'Account Unknown' (which actually is known, it is
'Guest') gets a new SID and when someone connects to Samba, this is
stored in the cache.

The cache is just that, it is a cache, it is not permanent.
The fix for your problem is very easy, every time you change the hostname, clear
the cache with 'net cache flush'.

Can I close your bug report ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba