Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
[
{
"vendor": "n/a",
"product": "samba",
"versions": [
{
"version": "Affected - All versions since Samba 4.0.0, Fixed-In - v4.15.2, v4.14.10 and v4.13.14",
"status": "affected"
}
]
}
]