[PATCH] winbindd: lookup-domain for well-known SIDs on a DC
Ralph Böhme
slow at samba.org
Sat Apr 1 17:05:11 UTC 2017
On Sat, Apr 01, 2017 at 04:39:52PM +0100, Rowland Penny wrote:
> On Fri, 31 Mar 2017 22:43:34 +0200
> Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
>
> > Hi!
> >
> > Attached is a fix for bug:
> > <https://bugzilla.samba.org/show_bug.cgi?id=12727>
> >
> > ---8<---
> > On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by
> > the local domain, otherwise something simple like this fails with
> > WBC_ERR_DOMAIN_NOT_FOUND:
> >
> > $ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1
> >
> > localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-1-0
> >
> > On a member server asking our DC works and is what we're currently
> > doing, but changing it to ask passdb avoids the overhead.
> > ---8<---
> >
> > Ran across this when working on another bug in the sids2xids code.
> >
> > Please review & push if ok. Thanks!
> >
> > Cheerio!
> > -slow
>
> OK, I have had a good look at the Bash script part of the PATCH and I
> have few questions ;-)
>
> Shouldn't 'CREATOR GROUP 5' be 'CREATOR_GROUP 5' ?
$ ./bin/wbinfo -s S-1-3-1
\Creator Group 5
> The group names in 'WELL_KNOWN_SIDS' start with forward slashes, is
> there something in the code somewhere that turns then into the required
> backslashes ?
$ git grep "winbind separator" selftest/
:)
> or are the 'RESOLVED_NAME' tests supposed to always fail ?
Heavens, no! :)
> Do you realise that whatever $failed gets set to inside the while loop
> will be lost when the loop exits ?
Are you sure?
$ failed=0 ; while [ true ] ; do failed=1 ; break ; done ; echo $failed
1
$
Cheerio!
-slow
More information about the samba-technical
mailing list