Bug 11677 - unmappable S-1-18 should be skipped in token generation
unmappable S-1-18 should be skipped in token generation
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
All All
: P5 normal
: ---
Assigned To: Andreas Schneider
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2016-01-15 15:08 UTC by Guenther Deschner
Modified: 2016-09-04 12:39 UTC (History)
1 user (show)

See Also:

patch for master (7.25 KB, patch)
2016-01-15 15:10 UTC, Guenther Deschner
asn: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2016-01-15 15:08:34 UTC

Comment 1 Guenther Deschner 2016-01-15 15:10:23 UTC
Created attachment 11781 [details]
patch for master
Comment 2 Guenther Deschner 2016-01-15 15:24:05 UTC
The S-1-18-1 (Authentication authority asserted identity) is typically part of the PAC validation info3 from Windows Server 2012 and should be ommitted for the token calculation as it remains as an unmapped group.
Comment 3 Andreas Schneider 2016-01-15 15:45:12 UTC
Comment on attachment 11781 [details]
patch for master

Comment 4 Björn Jacke 2016-09-04 12:39:43 UTC
Andreas: please close the bug if fixed or assign it accordingly