If the option ''winbind normalize names' is set, we do not normalize usernames in wb_getpwsid(). $ getent passwd EARTH+alice_one EARTH+alice one:*:100001106:100000513:Alice One:/home/EARTH/alice one:/bin/bash Patch will follow.
Created attachment 13299 [details] patch for 4.6
This adds a call to find_domain_from_name_noinit() which may cause auth failures with users from domains that are not in the list of trusted domains. Commit 1ce165a7335 in master changes this to only call find_domain_from_name_noinit() if "winbind normalize names" is enabled (default to off), so somewhat relieves the situation.
This seems to be fixed (as of 8a2bbba5cd0862ac196739c1e52385f7be1e3836). Can someone close it?
(In reply to Mathieu Parent from comment #3) Yes and that patch is included in 4.7
Created attachment 14247 [details] additional patch for 4.7 and 4.8
Comment on attachment 14247 [details] additional patch for 4.7 and 4.8 LGTM
Can I pick the additional patch? It has not been re-assigned yet...
Yes, please do!
(In reply to Andreas Schneider from comment #8) Additional patch does not apply on current v4-7-test: user@host:/data/git/samba/v4-7-test$ git am ../v4-8-test/0001-s3-winbind-Fix-regression-introduced-with-bso-12851.patch Wende an: s3:winbind: Fix regression introduced with bso #12851 error: Anwendung des Patches fehlgeschlagen: source3/winbindd/wb_getpwsid.c:101 error: source3/winbindd/wb_getpwsid.c: Patch konnte nicht angewendet werden Anwendung des Patches fehlgeschlagen bei 0001 s3:winbind: Fix regression introduced with bso #12851
Pushed additional patch to autobuild-v4-8-test.
(In reply to Karolin Seeger from comment #10) Pushed additional patch to autobuild-v4-7-test.
Fixed as c1c764925e24788905ab91aa455b415765d6f71f for 4.9.0
*** Bug 5690 has been marked as a duplicate of this bug. ***