John
2006-Jul-14 07:56 UTC
[Samba] Samba 3.0.23 winbind use default domain = yes behaviour
Hello list, I encountered a problem in Samba 3.0.23 regarding the winbind use default domain = yes behaviour. It only works for the users an NOT anymore for the Group. So this make getent group to show NETBIOSDOMAINNAME/group which course mail squid configuration to fail. My squid configuration allowed access based on the AD groups, which are provided by Winbindd. Tested distribution: SuSE 9.0, CentOS 4.3 Samba build: Sernet 3.0.23 Is this a bug or is this by design? Does anybody know a way to getent group to honour the winbind use default domain = yes option? Regards, John The Netherlands.
Dietrich Streifert
2006-Jul-14 08:19 UTC
[Samba] Samba 3.0.23 winbind use default domain = yes behaviour
Hi John, this is already filed as a bug: https://bugzilla.samba.org/show_bug.cgi?id=3920 and Jerry is working on it. I'v attached an inofficial not supported patch against relaease 3.0.23 of nsswitch/winbindd_group.c which reverted the change and worked for me. John schrieb:> Hello list, > > I encountered a problem in Samba 3.0.23 regarding the winbind use default > domain = yes behaviour. > It only works for the users an NOT anymore for the Group. So this make > getent group to show NETBIOSDOMAINNAME/group which course mail squid > configuration to fail. My squid configuration allowed access based on the AD > groups, which are provided by Winbindd. > Tested distribution: > SuSE 9.0, CentOS 4.3 > Samba build: Sernet 3.0.23 > Is this a bug or is this by design? Does anybody know a way to getent group > to honour the winbind use default domain = yes option? > > Regards, > John > The Netherlands. > > > >-- Mit freundlichen Gr??en Dietrich Streifert Visionet GmbH -------------- next part -------------- --- samba-3.0.23.orig/source/nsswitch/winbindd_group.c Fri Jun 23 15:16:50 2006 +++ samba-3.0.23/source/nsswitch/winbindd_group.c Thu Jul 13 10:34:06 2006 @@ -42,7 +42,7 @@ { fstring full_group_name; - fill_domain_username( full_group_name, dom_name, gr_name, False); + fill_domain_username( full_group_name, dom_name, gr_name, True); gr->gr_gid = unix_gid; @@ -146,7 +146,7 @@ /* Append domain name */ - fill_domain_username(name, domain->name, the_name, False); + fill_domain_username(name, domain->name, the_name, True); len = strlen(name); @@ -752,7 +752,7 @@ /* Fill in group entry */ fill_domain_username(domain_group_name, ent->domain_name, - name_list[ent->sam_entry_index].acct_name, False); + name_list[ent->sam_entry_index].acct_name, True); result = fill_grent(&group_list[group_list_ndx], ent->domain_name, @@ -929,7 +929,7 @@ groups.sam_entries)[i].acct_name; fstring name; - fill_domain_username(name, domain->name, group_name, False); + fill_domain_username(name, domain->name, group_name, True); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, strlen(name));