Winbind issue after upgrading from 4.7.x to 4.8.x

Jeremy Allison jra at samba.org
Thu Aug 9 23:26:51 UTC 2018


On Thu, Aug 09, 2018 at 04:24:56PM -0700, Jeremy Allison via samba-technical wrote:
> On Thu, Aug 09, 2018 at 02:49:06PM +0200, Miguel Sanders via samba-technical wrote:
> > Hi guys
> > 
> > We recently upgraded our Samba clusters from 4.7.x to 4.8.x and noticed a
> > difference in behavior when AD users have a (local) Linux user equivalent.
> > Assume we have a local Linux user XYZ (UID 519) as well as a AD user object
> > XYZ (UID 30001).
> > 
> > 4.7.x
> > # id XYZ
> > uid=519(XYZ) gid=1(bin) groups=1(bin)
> > 
> > 4.8.x
> > # id XYZ
> > uid=519(XYZ) gid=1(bin) groups=1(bin),30004(DOMAIN+domain users)
> > 
> > The problem originates from the parse_domain_user() function in
> > winbindd_util.c
> > In 4.7.x, if there is no winbind separator and no '@' in domuser, the
> > function simply returns false.
> 
> These code changes were done by Andreas and Metze as part of
> bug:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=13369
> 
> "Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN"
> 
> Metze and Andreas, can you take a look at this change ?

FYI, the gid refspec was : a05b63db627fdbe0bdea4d144dfaeedb39025592

Author: Andreas Schneider <asn at samba.org>
Date:   Thu Apr 26 12:17:12 2018 +0200

    winbind: Fix UPN handling in parse_domain_user()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>





More information about the samba-technical mailing list