wbinfo -i output domain realm vs. ntdomain before login
Andreas Schneider
asn at samba.org
Fri Apr 20 11:53:05 UTC 2018
On Friday, 20 April 2018 06:52:58 CEST Stefan Metzmacher wrote:
> Hi Samuel,
>
> > I had a look to the attached patches in bugzilla. The LSA LookupNames
> > is called when the winbind cache is cold and it returns all the
> > necessary information (the referenced domain name and domain SID to
> > which the looked up names belongs), so why can't we pass this up to the
> > caller and use it instead checking the given name format to lookup the
> > domain name after obtaining the SID?
> >
> > What do you think about this patch?
>
> It guess it doesn't handle a case the following:
>
> userPrincipalName: some.one at example.com
> sAMAccountName: some
>
> REALM: AD.EXAMPLE.PRIVATE
> DOMAIN: ADDOM
>
> If you ask for 'some.one at example.com' you should get
> back 'ADDOM\some' instead of 'ADDOM\some.one'.
>
> We may need to avoid using wcache_save_sid_to_name()
> within wb_cache_name_to_sid().
I've started to write tests for this issue and fixed the looking up the user
if the UPN name doesn't match the account name.
Samuel, I thinks we should first have a minimal fix which is easy to backport
to 4.7. We could look into your rewrite it once we have tests.
Makes sense?
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list