[PATCH] winbindd: lookup-domain for well-known SIDs on a DC
Rowland Penny
rpenny at samba.org
Sat Apr 1 15:39:52 UTC 2017
On Fri, 31 Mar 2017 22:43:34 +0200
Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
> Hi!
>
> Attached is a fix for bug:
> <https://bugzilla.samba.org/show_bug.cgi?id=12727>
>
> ---8<---
> On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by
> the local domain, otherwise something simple like this fails with
> WBC_ERR_DOMAIN_NOT_FOUND:
>
> $ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1
>
> localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-1-0
>
> On a member server asking our DC works and is what we're currently
> doing, but changing it to ask passdb avoids the overhead.
> ---8<---
>
> Ran across this when working on another bug in the sids2xids code.
>
> Please review & push if ok. Thanks!
>
> Cheerio!
> -slow
OK, I have had a good look at the Bash script part of the PATCH and I
have few questions ;-)
Shouldn't 'CREATOR GROUP 5' be 'CREATOR_GROUP 5' ?
The group names in 'WELL_KNOWN_SIDS' start with forward slashes, is
there something in the code somewhere that turns then into the required
backslashes ? or are the 'RESOLVED_NAME' tests supposed to always fail ?
Do you realise that whatever $failed gets set to inside the while loop
will be lost when the loop exits ?
Rowland
More information about the samba-technical
mailing list