[Patch] Bug 11362 primary group missing in kerberos PAC GROUP_MEMBERSHIP_ARRAY
Andrew Bartlett
abartlet at samba.org
Thu Jun 25 18:36:03 MDT 2015
On Thu, 2015-06-25 at 14:09 +0200, Felix Botner wrote:
> Hi,
>
> this patch adds the primary group to the kerberos PAC_LOGON_INFO
> GROUP_MEMBERSHIP_ARRAY.
>
> GPO security filtering is based on the groups in the kerberos pac.
> If the primary group is missing and the security filter is the
> primary group, the GPO can not be applied.
>
> More information can be found on https://bugzilla.samba.org/show_bug.cgi?id=11362
This looks really interesting. What we need is a couple of tests:
- a manual test to confirm that this behaviour is the same over
SamLogon on NETLOGON
- the addition of an automated test, using net ads kerberos pac dump.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list