Bug 11143 - Winbind returns invalid group information from the winbind cache instead of the netsamlogon cache
Winbind returns invalid group information from the winbind cache instead of t...
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
4.2.0
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-09 14:24 UTC by Andreas Schneider
Modified: 2015-03-27 20:08 UTC (History)
3 users (show)

See Also:


Attachments
patch for 4.2 (1.83 KB, patch)
2015-03-10 13:27 UTC, Andreas Schneider
vl: review+
Details
patch for 4.1 (1.83 KB, patch)
2015-03-10 13:27 UTC, Andreas Schneider
vl: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2015-03-09 14:24:36 UTC
Winbind returns invalid group information from the winbind cache instead of the netsamlogon cache.


 +---------------+                               +---------------+
 |     LEVEL1    |   <---- two way trust ---->   |     LEVEL2    |
 +---------------+                               +---------------+
         ^
         |
      joined to
         |
    ===========
      WINBIND
    ===========
         ^
         |
      logs in
         |

    LEVEL2+alice1 (member of LEVEL1+bobgroupdl1 (Domain Local), LEVEL2+alicegroupgl1 (Global))


Above is the example which groups should be listed for the user alice1 of the trusted domain, but we return Domain Local groups from LEVEL2 cause of invalid cached information.
Comment 1 Andreas Schneider 2015-03-10 13:27:13 UTC
Created attachment 10839 [details]
patch for 4.2
Comment 2 Andreas Schneider 2015-03-10 13:27:59 UTC
Created attachment 10840 [details]
patch for 4.1
Comment 3 Andreas Schneider 2015-03-10 13:46:00 UTC
Karolin, please add the patches to the relevant branches. Thanks!!
Comment 4 Karolin Seeger 2015-03-15 21:08:50 UTC
Pushed to autobuild-v4-[1|2]-test.
Comment 5 Karolin Seeger 2015-03-27 20:08:54 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to both branches.
Closing out bug report.

Thanks!