wbinfo -i output domain realm vs. ntdomain before login
Heiner Lesaar
heiner.lesaar at googlemail.com
Sat Apr 21 12:19:45 UTC 2018
Thank you all for replying to my request.
I can confirm that using Samba 4.8 fixed this in our case.
Have a nice weekend and regards,
Heiner
Von meinem iPhone gesendet
> Am 20.04.2018 um 13:53 schrieb Andreas Schneider <asn at samba.org>:
>
>> On Friday, 20 April 2018 06:52:58 CEST Stefan Metzmacher wrote:
>> Hi Samuel,
>>
>>> I had a look to the attached patches in bugzilla. The LSA LookupNames
>>> is called when the winbind cache is cold and it returns all the
>>> necessary information (the referenced domain name and domain SID to
>>> which the looked up names belongs), so why can't we pass this up to the
>>> caller and use it instead checking the given name format to lookup the
>>> domain name after obtaining the SID?
>>>
>>> What do you think about this patch?
>>
>> It guess it doesn't handle a case the following:
>>
>> userPrincipalName: some.one at example.com
>> sAMAccountName: some
>>
>> REALM: AD.EXAMPLE.PRIVATE
>> DOMAIN: ADDOM
>>
>> If you ask for 'some.one at example.com' you should get
>> back 'ADDOM\some' instead of 'ADDOM\some.one'.
>>
>> We may need to avoid using wcache_save_sid_to_name()
>> within wb_cache_name_to_sid().
>
> I've started to write tests for this issue and fixed the looking up the user
> if the UPN name doesn't match the account name.
>
> Samuel, I thinks we should first have a minimal fix which is easy to backport
> to 4.7. We could look into your rewrite it once we have tests.
>
>
> Makes sense?
>
>
> Andreas
>
> --
> Andreas Schneider GPG-ID: CC014E3D
> Samba Team asn at samba.org
> www.samba.org
>
>
>
>
More information about the samba-technical
mailing list