[Samba] suddenly change: idmap uid + gid
Andrew Bartlett
abartlet at samba.org
Sun Nov 3 21:11:06 UTC 2019
On Sun, 2019-11-03 at 20:57 +0000, Rowland penny wrote:
>
> > G'Day Rowland,
> >
> > Are you really sure that is the case?
> >
> > The "winbind use default domain" code, which I authored, certainly
> > isn't intended to do that. It changes the formatting at the nss
> > interface to strip the domain\ prefix, allowing local logins with
> > pam
> > etc to avoid typing the domain.
>
> I suppose it depends on just where the domain is stripped. If it is
> very
> early on, then DOMAINA\fred and DOMAINB\fred would become fred and
> fred,
> so how would winbind know which is which ?
It only strips the default domain. All the others are untouched. It is
(essentially) also only in the getpwnam() and pam codepaths, not in the
SID->ID stuff, we generally avoid going via names as much as possible.
This is by design. The while idea of idmap_autorid and idmap_rid is
that we don't want to rely on any remote communication (eg name->sid
calls and reverse) to determine the mapping, as that could fail at the
critical momenet.
> This is the only reason I can think of that could change the ID.
>
> Can you think of another reason Andrew ?
As I said, I suspect autorid.tdb is being damanaged or removed.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list