The Samba-Bugzilla – Attachment 14752 Details for
Bug 13697
smbd fails if winbind is running on default intall: create_local_token failed: NT_STATUS_ACCESS_DENIED
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-9-test
tmp49.diff.txt (text/plain), 1.81 KB, created by
Stefan Metzmacher
on 2018-12-20 12:45:52 UTC
(
hide
)
Description:
Patch for v4-9-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2018-12-20 12:45:52 UTC
Size:
1.81 KB
patch
obsolete
>From 1e8931dfc24a2576a3b1fe9115c4ccbfefbbd298 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 19 Dec 2018 09:38:33 +0100 >Subject: [PATCH] s3:auth: ignore create_builtin_guests() failing without a > valid idmap configuration > >This happens on standalone servers, where winbindd is automatically >started by init scripts if it's installed. But it's not really >used and may not have a valid idmap configuration ( >"idmap config * : range" has no default!) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 865538fabaea33741f5fa542dbc3f2e08308c2c1) >--- > source3/auth/token_util.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > >diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c >index f5b0e6944335..ee38d6c9645b 100644 >--- a/source3/auth/token_util.c >+++ b/source3/auth/token_util.c >@@ -745,7 +745,23 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, > status = create_builtin_guests(domain_sid); > unbecome_root(); > >- if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) { >+ /* >+ * NT_STATUS_PROTOCOL_UNREACHABLE: >+ * => winbindd is not running. >+ * >+ * NT_STATUS_ACCESS_DENIED: >+ * => no idmap config at all >+ * and wbint_AllocateGid()/winbind_allocate_gid() >+ * failed. >+ * >+ * NT_STATUS_NO_SUCH_GROUP: >+ * => no idmap config at all and >+ * "tdbsam:map builtin = no" means >+ * wbint_Sids2UnixIDs() fails. >+ */ >+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) || >+ NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_GROUP)) { > /* > * Add BUILTIN\Guests directly to token. > * But only if the token already indicates >-- >2.17.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14752">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
ab
:
review+
Actions:
View
Attachments on
bug 13697
:
14750
|
14751
| 14752