Bug 12811 - Login is allowed for non existing doamains
Summary: Login is allowed for non existing doamains
Status: RESOLVED DUPLICATE of bug 12709
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.3.3
Hardware: x64 Linux
: P5 critical (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-31 13:42 UTC by Vijay
Modified: 2017-06-07 08:42 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vijay 2017-05-31 13:42:25 UTC
Hi,

We have a domain called domain1.local and we created some users for example from user1 to user100... today we found a strange issue with login, normally user logins should work as domain1.local\user1 and his password, but we are able to login with any domain name (anything like adkskasfk\user1) with the domain1.local credentials. In this ticket, I mentioned the version as 4.3.3 but tried with 4.1.17 and 4.3.1 too.

May I know if you come across this, please help us to fix it.

Thanks,
Vijay
Comment 1 Vijay 2017-06-06 10:07:36 UTC
Hi Andrew,

May I know if you could check this ?

Thanks,
Vijay
Comment 2 Vijay 2017-06-06 12:01:28 UTC
Tried with below version too, same issue. Created a domain like tempdomain.local, joined one system to this domain, i can login from client as tempdomain.local\administrator or vijay.local\administrator.

[root@tempdc01 samba-4.6.3]# /usr/local/samba/sbin/samba -V
Version 4.6.3
[root@tempdc01 samba-4.6.3]#

Please help me to fix this.

Vijay
Comment 3 Vijay 2017-06-06 13:35:18 UTC
Unfortunately same issue in sernet samba 4.2.14 version too
Comment 4 Volker Lendecke 2017-06-06 13:51:52 UTC
It's a known issue in all versions of the Samba AD DC. Stefan Metzmacher right now is working on trusted domain support. When that's done, this bug will also be fixed.
Comment 5 Stefan Metzmacher 2017-06-07 08:42:54 UTC

*** This bug has been marked as a duplicate of bug 12709 ***