[SCM] Samba Shared Repository - branch master
updated - 4432967532897cc90ce7d7b11fab6f6f88f8bfc0
Michael Adam
ma at sernet.de
Wed Sep 24 09:25:08 GMT 2008
Hi Jerry, Jeremy,
Gerald (Jerry) Carter wrote:
> Gerald (Jerry) Carter wrote:
> > Jeremy Allison wrote:
> >> Michael, should these be back-ported to something
> >> other than master (3.3 ?).
Yeah, I guess that once they are thoroughly tested,
they should go into v3-3-test.
But I have only touched the ads and rpc backend so far.
Have to look into the passdb backend. (Are there more to
consider?)
> > I think these changes are actually wrong. I remember making
> > a change to ensure that names were qualified coming back from this.
> > I *hate* that crappy parameter.
I *!?x\.% hate it, too. I also made a very quick vote of disabling
it or turning it into a placebo parameter on #samba-technical.
There was only one vote, +1, by me. ... :-)
Then Volker threw in his usual (and valid) argument that we should
not break existing setups, though.
Well, when we have the parameter, we should also honour it!
> btw...Don't worry about the checkin. I'll do some regression testing.
> I might be over reacting :-)
btw: you should see the several commits as a whole.
Let me describe, what problems I tried to solve with the patches:
1. With "winbind use default domain = yes", and "security = ads",
when listing a domain group, we got s/th like
# getent group groupname
group:x:100000:DOMAIN\user1,DOMAIN\user2
where DOMAIN is the default domain. This is what 49145bfefa
is supposed to fix. (together with 1b9c2ccb1f1b that
introduces a talloc version of fill_domain_username() which
adds the domain prefix depending on the domain and the value
of "lp_winbind_use_default_domain()".)
This is bug #5748.
2. The output of "getent group" for aliases containing domain
groups was inconsistent between rpc and ads backend, since
the ads backend always added the domain prefix and the rpc
backend never did. That lead to output like this, when
BUILTIN\\administrators has ads group DOMAIN\groupname as member.
# gegent group BUILTIN\\administrators
BUILTIN\\administrators:x:100001:DOMAIN\domain\user1,DOMAIN\domain\user2
This is fixed by
(a) making rpc backend lookup_groupmem add domain prefix
conditionally with fill_domain_username_talloc() as with ads.
(1f8a7739a)
(b) change add_expanded_sid() in winbindd_group.c to not add the domain
prefix when adding users from a group looked up with lookup_groupmem.
Cheers - Michael
--
Michael Adam <ma at sernet.de>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080924/37e6c9c3/attachment.bin
More information about the samba-technical
mailing list