Bug 11677 - unmappable S-1-18 should be skipped in token generation
Summary: unmappable S-1-18 should be skipped in token generation
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.3.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-01-15 15:08 UTC by Guenther Deschner
Modified: 2020-08-08 14:22 UTC (History)
1 user (show)

See Also:

patch for master (7.25 KB, patch)
2016-01-15 15:10 UTC, Guenther Deschner
asn: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2016-01-15 15:08:34 UTC

Comment 1 Guenther Deschner 2016-01-15 15:10:23 UTC
Created attachment 11781 [details]
patch for master
Comment 2 Guenther Deschner 2016-01-15 15:24:05 UTC
The S-1-18-1 (Authentication authority asserted identity) is typically part of the PAC validation info3 from Windows Server 2012 and should be ommitted for the token calculation as it remains as an unmapped group.
Comment 3 Andreas Schneider 2016-01-15 15:45:12 UTC
Comment on attachment 11781 [details]
patch for master

Comment 4 Björn Jacke 2016-09-04 12:39:43 UTC
Andreas: please close the bug if fixed or assign it accordingly
Comment 5 Ralph Böhme 2020-08-08 14:22:27 UTC
In master as ecc7022d7c3cd481b0caf6c9c48c72ea3e7ac822.