Use workaround for winbind default domain only when set.
This commit is contained in:
parent
b9c801614f
commit
2c6f626ea7
48
samba-4.0.0rc6-winbind_default_domain_workaround.patch
Normal file
48
samba-4.0.0rc6-winbind_default_domain_workaround.patch
Normal file
@ -0,0 +1,48 @@
|
||||
commit 3bbe690c50a5d4e2ff81ff1eeeaa728990b73637
|
||||
Author: Sumit Bose <sbose@redhat.com>
|
||||
AuthorDate: Mon Oct 29 12:09:22 2012 +0100
|
||||
Commit: Andreas Schneider <asn@cryptomilk.org>
|
||||
CommitDate: Mon Nov 12 15:54:15 2012 +0100
|
||||
|
||||
Use work around for 'winbind use default domain' only if it is set
|
||||
|
||||
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
|
||||
character is always added to the user name returned by Get_Pwnam_alloc() if it
|
||||
does not contain the winbind separator character. As comments in the code
|
||||
indicates this is done as a work around if 'winbind use default domain' is set
|
||||
to yes in the samba configuration.
|
||||
|
||||
This make sense if the option is set because otherwise the domain information is
|
||||
lost from the user name. But it causes errors if other services than winbind are
|
||||
used for user lookup, e.g. sssd. sssd can handle different kind of fully
|
||||
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
|
||||
canonical name, by default user@domain.name.
|
||||
|
||||
While it would be possible to get around this issue with a special configuration
|
||||
either on the sssd or samba side I think the cleaner solution is to use the work
|
||||
around only if 'winbind use default domain' is set to yes which is what this
|
||||
patch does.
|
||||
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||
|
||||
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
||||
Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
|
||||
---
|
||||
source3/auth/auth_util.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
||||
index a08d094..83c95a9 100644
|
||||
--- a/source3/auth/auth_util.c
|
||||
+++ b/source3/auth/auth_util.c
|
||||
@@ -1331,7 +1331,8 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
|
||||
/* make sure we get the case of the username correct */
|
||||
/* work around 'winbind use default domain = yes' */
|
||||
|
||||
- if ( !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
|
||||
+ if ( lp_winbind_use_default_domain() &&
|
||||
+ !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
|
||||
char *domain;
|
||||
|
||||
/* split the domain and username into 2 strings */
|
@ -1,4 +1,4 @@
|
||||
%define main_release 166
|
||||
%define main_release 167
|
||||
|
||||
%define samba_version 4.0.0
|
||||
%define talloc_version 2.0.7
|
||||
@ -62,6 +62,7 @@ Source200: README.dc
|
||||
Source201: README.downgrade
|
||||
|
||||
Patch0: samba-4.0.0rc6-LogonSamLogon_failover.patch
|
||||
Patch1: samba-4.0.0rc6-winbind_default_domain_workaround.patch
|
||||
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
@ -405,6 +406,7 @@ the local kerberos library to use the same KDC as samba and winbind use
|
||||
%setup -q -n samba-%{version}%{pre_release}
|
||||
|
||||
%patch0 -p1 -b .samlogon_failover
|
||||
%patch1 -p1 -b .winbind_default_domain_workaround
|
||||
|
||||
%build
|
||||
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
|
||||
@ -1298,6 +1300,9 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man7/winbind_krb5_locator.7*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 13 2012 - Andreas Schneider <asn@redhat.com> - 2:4.0.0-167.rc5
|
||||
- Use workaround for winbind default domain only when set.
|
||||
|
||||
* Tue Nov 13 2012 - Andreas Schneider <asn@redhat.com> - 2:4.0.0-166.rc5
|
||||
- Update to Samba 4.0.0rc5.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user