with most recent git master smbd fails to start in AD DC mode

[Jeremy Allison]

On Sun, Mar 23, 2014 at 05:11:11AM +0100, Günter Kukkukk wrote:
> 
> Hi Jeremy, Andrew,
> 
> i'm atm doing all my tests with opensuse-13.1 - which uses *very* recent stuff all around..
> 
> It should be easy to do the same steps on other distros:
> 
> 1.) built recent git master
> 2.) "make install"
> 3.) samba-tool domain provision --interactive
> 4.) /usr/local/samba/sbin/samba -i -M single -d3
> 
> I see enough other samba-4.x problems here around - and would be happy if some
> other developer would do the same (simple) steps from above...
> Just to validate that this problem really exists (not only for me).

I believe you, but I'm at home right now
without a good setup to reproduce.

I'm pretty sure I understand the problem
fully now, it was a misunderstanding in
my earlier patch of what SIDs in sid[0]
might be passed in to create a token.

My original patch ignored non-mappable
SIDs like LOCAL\System, but guest is a
rather special case, as it can be mapped
to a real user, but sid[0] in its token
is set to be the Guest SID.

Here is a fix that I think is correct,
and is a little better than the original
change as it separates out the new code
into a separate function.

It should apply cleanly on top of current
master (once you've removed the earlier
test patch I sent you).

Let me know if it fixes the issue for
you, and I'll be able to do some testing
myself on Monday.

Cheers,

	Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-smbd-Factor-out-code-that-calls-getgroups_unix_us.patch
Type: text/x-diff
Size: 5985 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140322/f0fbd542/attachment.patch>