[PATCH 1/2] s3-auth: fix force user for AD user
Andreas Schneider
asn at samba.org
Tue Dec 17 13:59:01 MST 2013
On Wednesday 18 December 2013 09:52:20 Andrew Bartlett wrote:
> On Tue, 2013-12-17 at 16:20 +0100, Andreas Schneider wrote:
> > On Saturday 14 December 2013 07:37:52 Andrew Bartlett wrote:
> > > > Günther and I are working on it. Here is our WIP branch:
> > > >
> > > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/force_u
> > > > ser
> > >
> > > This looks like a much better approach!
> >
> > Hi Andrew,
> >
> > here is the proposed patchset:
> >
> > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/force_user
> >
> > I will run 'make test' but this should work. Could you please take another
> > look?
>
> The main issue I see is that this new (great!) codepath is called for
> users from /etc/passwd, not just users from winbind forced in via force
> user. See the callers in auth_unix.c and user_krb5.c.
Yes, that's correct. We follwed all codepath and checked what is happening and
why. In user_krb5.c it is called if the information can't be found in the PAC.
So it can be a local user or the information could be retrieved from winbind.
And auth_unix.c is for a unix user. I've tested that and it works if I use a
local user for 'force user'.
That's also why me renamed the function cause we just have a passwd struct we
convert ...
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list