Bug 11677 - unmappable S-1-18 should be skipped in token generation
unmappable S-1-18 should be skipped in token generation
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
4.3.4
All All
: P5 normal
: ---
Assigned To: Andreas Schneider
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-15 15:08 UTC by Guenther Deschner
Modified: 2016-09-04 12:39 UTC (History)
1 user (show)

See Also:


Attachments
patch for master (7.25 KB, patch)
2016-01-15 15:10 UTC, Guenther Deschner
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2016-01-15 15:08:34 UTC

    
Comment 1 Guenther Deschner 2016-01-15 15:10:23 UTC
Created attachment 11781 [details]
patch for master
Comment 2 Guenther Deschner 2016-01-15 15:24:05 UTC
The S-1-18-1 (Authentication authority asserted identity) is typically part of the PAC validation info3 from Windows Server 2012 and should be ommitted for the token calculation as it remains as an unmapped group.
Comment 3 Andreas Schneider 2016-01-15 15:45:12 UTC
Comment on attachment 11781 [details]
patch for master

LGTM
Comment 4 Björn Jacke 2016-09-04 12:39:43 UTC
Andreas: please close the bug if fixed or assign it accordingly