According to a report of bug id 1676, Althogh commands below are written in smb.conf, "%G" never changes into a group name. security = ADS template homedir = /home/%G/%U template shaell = /bin/bash winbind use default domain = yes For exemple: With this directive, when using "getent", we should get: $ getent passwd .... miracle2:x:10006:40003:miracle2:/home/dev/miracle2:/bin/bash .... Here is what I actually get: miracle2:x:10006:40003:miracle2:/home/40003/miracle2:/bin/bash With investigating file "source/lib/substitute.c", I founded that the return value of "gidtoname" function is not a group name, but is still gid.
Created attachment 868 [details] a possible fix
*** Bug 2192 has been marked as a duplicate of this bug. ***
*** Bug 1676 has been marked as a duplicate of this bug. ***
Is there any news on when this fox will be integrated? at the moment I have to ln -sf UIDForStaffGroup /home/staff and it looks really messy. I'm using version 3.6.3
Created attachment 7379 [details] Ported first third of the patch @Volker: for the remaining part I'm not sure if we need an additional configuration parameter as we already have with lp_template_homedir() and lp_template_shell()
talloc_sub_specified() needs to be called with the additional argument, grpname
Moving to Samba 3.6.
%G does not work in the path parameter when Samba is used in an AD environment, e.g. path = /homes/D%D/u%u/U%U/g%g/G%G gets expanded to /homes/DDOMAIN/uDOMAIN\administrator/Uadministrator/gDOMAIN\domain users/G%G %G remains untouched Debugging this shows that alloc_sub_basic gets passed smb_name = administrator and tries to resolve this name via Get_Pwnam_alloc, but this fails: Get_Pwnam_internals didn't find user [administrator]!
i got last release(3.6.12) from samba.org and compile it to debian,but samba can NOT resolve %G or %g in "template homedir". i checked it by "wbinfo -i <i>username</i>" ,and i have another problem ,i configed nsswitch.conf but i cant see my DC users by "getend passwd" command. i want to know ,it`s still a bug or i configed samba incorrect.
*** Bug 9652 has been marked as a duplicate of this bug. ***
Created attachment 9432 [details] Patch for master If you're fine with the two patches, please push them to master. I will backport them once they hit the repo.
Do they fix the problem described in comment #8?
I don't really understand what you want to say in comment #8. But I developed this with winbind joined to AD. samba:~ # getent passwd LEVEL1+bob1 LEVEL1+bob1:*:100001106:100000513:Bob One:/home/LEVEL1/Domain Users/bob1:/bin/bash
samba:~ # getent passwd LEVEL1+Administrator LEVEL1+administrator:*:100000500:100000513:Administrator:/home/LEVEL1/Domain Users/administrator:/bin/bash samba:~ # getent passwd DISCWORLD+Administrator DISCWORLD+administrator:*:1000000:1000012:Administrator:/home/DISCWORLD/Domain Users/administrator:/bin/bash
Ambi I'm not sure which codepath you are talking about but in this case 'security = ADS' we are inside winbind and call gidtoname(gid) which calls getgrgid(). As we are in winbind we have an environment variable set which prevents winbind talking to itself to not end up in an infinite loop. What I do is to call directly the winbind function in this case and pass the group name down.
Ambi?
I will try and get to this today or tomorrow. Just FYI. Jeremy.
(In reply to comment #14) > I don't really understand what you want to say in comment #8. But I developed > this with winbind joined to AD. > > samba:~ # getent passwd LEVEL1+bob1 > LEVEL1+bob1:*:100001106:100000513:Bob One:/home/LEVEL1/Domain > Users/bob1:/bin/bash My example was made using path = /homes/D%D/u%u/U%U/g%g/G%G for a share in smb.conf. In that case, make_connection_snum() calls talloc_sub_advanced() which does not treat %G (only %g) and then calls talloc_sub_basic() which fails to perform the proper resolution. As I currently do not have an environment handy to test this out, it would be good if you could give this a quick test on your own by using such a path definition in smb.conf and see what it gets resolved to.
Yes, this doesn't work and I would say is unrelated to this bug report. These are different codepath. The bug I fixed is a problem in winbind and you describe a bug in smbd. So you should open a bug for %G not treated by smbd. I've opened bug #10286 for that.
(In reply to comment #20) > Yes, this doesn't work and I would say is unrelated to this bug report. These > are different codepath. The bug I fixed is a problem in winbind and you > describe a bug in smbd. So you should open a bug for %G not treated by smbd. Agreed.. looks like I did not carefully enough at the scope of this bug. > I've opened bug #10286 for that. Thanks
Comment on attachment 9432 [details] Patch for master LGTM. Will push to master.
Created attachment 9477 [details] v4-1-test patch
Created attachment 9478 [details] v4-0-test patch
Comment on attachment 9432 [details] Patch for master looks good
Comment on attachment 9477 [details] v4-1-test patch looks good
Comment on attachment 9478 [details] v4-0-test patch looks good
Karolin, please add the patches to 4.0 and 4.1. If someone is interested I have patches for 3.6 too. Thanks!
Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Pushed to v4-1-test and v4-0-test. Closing out bug report. Thanks!
I think we need something like --- a/source3/winbindd/wb_fill_pwent.c +++ b/source3/winbindd/wb_fill_pwent.c @@ -91,7 +91,7 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq) state->pw->pw_uid = (uid_t)xid.id; - subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1); + subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 0); if (tevent_req_nomem(subreq, req)) { return; } on top of this. Enumerating group members can be expensive or even impossible here.
(In reply to comment #31) > I think we need something like > > --- a/source3/winbindd/wb_fill_pwent.c > +++ b/source3/winbindd/wb_fill_pwent.c > @@ -91,7 +91,7 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req > *subreq) > > state->pw->pw_uid = (uid_t)xid.id; > > - subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, > 1); > + subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, > 0); > if (tevent_req_nomem(subreq, req)) { > return; > } > > on top of this. Enumerating group members can be expensive or even impossible > here. Re-assigning to Andreas for commenting.
Volker: I've tested the patch and it looks fine. Should I push it to master?
(In reply to comment #33) > Volker: I've tested the patch and it looks fine. Should I push it to master? Sure. If it works, it certainly improves things significantly.
Created attachment 9601 [details] additional v4-1-test patch
Created attachment 9602 [details] additional v4-0-test patch
Karo, please push to 4.0 and 4.1. Thanks, Volker
Comment on attachment 9602 [details] additional v4-0-test patch Please upload a cherry-pick from master commit 1a43778433934530d77791edd1af538de8b1d8a3, d145b21f3eb42de9b3bd2b813d4a07d46d9eb775 is not a public commit!
Comment on attachment 9601 [details] additional v4-1-test patch Please upload a cherry-pick from master commit 1a43778433934530d77791edd1af538de8b1d8a3, d145b21f3eb42de9b3bd2b813d4a07d46d9eb775 is not a public commit!
Created attachment 9639 [details] additional v4-1-test patch
Created attachment 9641 [details] additional v4-0-test patch
Pushed additional patches to autobuild-v4-1-test and autobuild-v4-0-test.
(In reply to comment #42) > Pushed additional patches to autobuild-v4-1-test and autobuild-v4-0-test. Pushed to v4-1-test and v4-0-test. Closing out bug report. Thanks!