Winbind issue after upgrading from 4.7.x to 4.8.x
miguel.sanders.external at arcelormittal.com
miguel.sanders.external at arcelormittal.com
Fri Aug 10 07:34:54 UTC 2018
Hi Jeremy / Andreas
Thanks for the feedback.
I applied the patch for bug 13503 and that fixed the problem.
Met vriendelijke groeten
Best regards
*Miguel Sanders*
ArcelorMittal Europe – Flat Products – Business Division North
External collaborator | Midrange UNIX
John Kennedylaan 51 B-9042 Gent
*T* +32 9 347 52 78
*E* gen-sid-ism-cbi-sig at arcelormittal.com
*E* miguel.sanders.external at arcelormittal.com
On 10-08-18 09:31, Andreas Schneider wrote:
> **This Message originated from a Non-ArcelorMittal source**
>
>
> On Friday, 10 August 2018 01:26:51 CEST Jeremy Allison wrote:
>> On Thu, Aug 09, 2018 at 04:24:56PM -0700, Jeremy Allison via samba-technical
> wrote:
>>> On Thu, Aug 09, 2018 at 02:49:06PM +0200, Miguel Sanders via samba-
> technical wrote:
>>>> Hi guys
>>>>
>>>> We recently upgraded our Samba clusters from 4.7.x to 4.8.x and noticed
>>>> a
>>>> difference in behavior when AD users have a (local) Linux user
>>>> equivalent.
>>>> Assume we have a local Linux user XYZ (UID 519) as well as a AD user
>>>> object
>>>> XYZ (UID 30001).
>>>>
>>>> 4.7.x
>>>> # id XYZ
>>>> uid=519(XYZ) gid=1(bin) groups=1(bin)
>>>>
>>>> 4.8.x
>>>> # id XYZ
>>>> uid=519(XYZ) gid=1(bin) groups=1(bin),30004(DOMAIN+domain users)
>>>>
>>>> The problem originates from the parse_domain_user() function in
>>>> winbindd_util.c
>>>> In 4.7.x, if there is no winbind separator and no '@' in domuser, the
>>>> function simply returns false.
>>> These code changes were done by Andreas and Metze as part of
>>> bug:
>>>
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.samba.org_show-5Fbug.cgi-3Fid-3D13369&d=DwICAg&c=y5LGzd1hT50ruE_IlUH7x8VGgWz9W0tFVWT6rSvPUKA&r=-jarnr4YmBQFoNnIGAjHDx81m61Dvp1EaoZlwqmtvF74kGNWdeWU__tBrcfos55v&m=w5cW0frJnnu8yOVq5t1Hf_hMd0--1DukzcbkBFc-AEY&s=nZ5o5xhb36kmsaG2CVuWaMHXprqaiuAsnIXA7HfJQR8&e=
>>>
>>> "Looking up the user using the UPN results in user name with the REALM
>>> instead of the DOMAIN"
>>>
>>> Metze and Andreas, can you take a look at this change ?
>> FYI, the gid refspec was : a05b63db627fdbe0bdea4d144dfaeedb39025592
>>
>> Author: Andreas Schneider <asn at samba.org>
>> Date: Thu Apr 26 12:17:12 2018 +0200
>>
>> winbind: Fix UPN handling in parse_domain_user()
>>
>> BUG: https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.samba.org_show-5Fbug.cgi-3Fid-3D13369&d=DwICAg&c=y5LGzd1hT50ruE_IlUH7x8VGgWz9W0tFVWT6rSvPUKA&r=-jarnr4YmBQFoNnIGAjHDx81m61Dvp1EaoZlwqmtvF74kGNWdeWU__tBrcfos55v&m=w5cW0frJnnu8yOVq5t1Hf_hMd0--1DukzcbkBFc-AEY&s=nZ5o5xhb36kmsaG2CVuWaMHXprqaiuAsnIXA7HfJQR8&e=
>>
>> Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
>> Signed-off-by: Andreas Schneider <asn at samba.org>
>> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> See
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.samba.org_show-5Fbug.cgi-3Fid-3D13503&d=DwICAg&c=y5LGzd1hT50ruE_IlUH7x8VGgWz9W0tFVWT6rSvPUKA&r=-jarnr4YmBQFoNnIGAjHDx81m61Dvp1EaoZlwqmtvF74kGNWdeWU__tBrcfos55v&m=w5cW0frJnnu8yOVq5t1Hf_hMd0--1DukzcbkBFc-AEY&s=khJgHZDsHB-qdKl8d7KVvlM78kGJleV1IGY_bPgNkM4&e=
>
>
> which is not in 4.8 yet.
>
> --
> Andreas Schneider asn at samba.org
> Samba Team https://urldefense.proofpoint.com/v2/url?u=http-3A__www.samba.org&d=DwICAg&c=y5LGzd1hT50ruE_IlUH7x8VGgWz9W0tFVWT6rSvPUKA&r=-jarnr4YmBQFoNnIGAjHDx81m61Dvp1EaoZlwqmtvF74kGNWdeWU__tBrcfos55v&m=w5cW0frJnnu8yOVq5t1Hf_hMd0--1DukzcbkBFc-AEY&s=UOTSJ_8m93QicLwMIqDg8LIbDPDzSyZSd6ag8p1FR0Q&e=
> GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
>
>
More information about the samba-technical
mailing list