11677 – unmappable S-1-18 should be skipped in token generation

Bug 11677 - unmappable S-1-18 should be skipped in token generation

Summary: unmappable S-1-18 should be skipped in token generation

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.3.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andreas Schneider
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-15 15:08 UTC by Guenther Deschner
Modified:	2020-08-08 14:22 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
patch for master (7.25 KB, patch) 2016-01-15 15:10 UTC, Guenther Deschner	asn: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Guenther Deschner 2016-01-15 15:08:34 UTC

Comment 1 Guenther Deschner 2016-01-15 15:10:23 UTC

Created attachment 11781 [details]
patch for master

Comment 2 Guenther Deschner 2016-01-15 15:24:05 UTC

The S-1-18-1 (Authentication authority asserted identity) is typically part of the PAC validation info3 from Windows Server 2012 and should be ommitted for the token calculation as it remains as an unmapped group.

Comment 3 Andreas Schneider 2016-01-15 15:45:12 UTC

Comment on attachment 11781 [details]
patch for master

LGTM

Comment 4 Björn Jacke 2016-09-04 12:39:43 UTC

Andreas: please close the bug if fixed or assign it accordingly

Comment 5 Ralph Böhme 2020-08-08 14:22:27 UTC

In master as ecc7022d7c3cd481b0caf6c9c48c72ea3e7ac822.