[PATCH] Can't authenticate user from child-domain of trusted forest
metze at samba.org
Wed Nov 29 12:16:04 UTC 2017
Am 29.11.2017 um 12:28 schrieb Ralph Böhme:
> On Mon, Nov 27, 2017 at 08:50:15PM +0100, Ralph Böhme via samba-technical wrote:
>> Attached is a fix for a regression introduced by
>> This results in the inability of winbind to enumerate trusts of trusted forests,
>> so we can't authenticate users from any child-domain (or additional tree-roots)
>> of the trusted forest.
>> I had filed a bugreport although the regression in only in master so we won't
>> need backports. I'm not sure about having the bug URLs in the commit messages in
>> this case.
>> Please review&push if ok. As usual, the funky stuff doesn't have tests. :)
> slightly modified version attached that keeps the SEC_CHAN_NULL check in
> rpccli_connect_netlogon(), triggering direct failure.
> Reviewed by metze, will push later on.
Thanks! I think that's good to fix the regression.
But the real bug is that we trigger the code path at all
and we need to continue improving things.
And adding winbind_domain structs on demand might be step on a long road
to get rid of the list in the end.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical