when you have a bidirectional trust between w2k8r2 and samba, a w2k8 dom user can add samba domain users in file ACLs but when he looks at the ACLs after that, the SIDs are not being resolved to names.
Created attachment 4855 [details] patch for 3.4 This fixes it for me (samba pdc v3-4-test plus this fix running winbind and holding two way domain trust to w2k8r2). Can you please test ?
Comment on attachment 4855 [details] patch for 3.4 The last piece of spnego_parse_auth() looks broken. free_spnego_data(&token) is called twice in a row. Maybe a "return false" is missing? Volker
Created attachment 4856 [details] patch for 3.4 (fixed version) Right, here is a fixed version. Thanks for looking so closely!
Comment on attachment 4856 [details] patch for 3.4 (fixed version) For the protocol piece I just trust you, I don't have that environment around right now. It does look entirely reasonable though. Volker
Ok, thanks Volker. So I think at least Bjoern should test this in his setup and someone else please have a look at the patch. Thanks.
Marking as blocker - a Windows version cannot do session setup against us.
sorry Günther. The test environment got kind of broken today. If you tested it successfully yourself and if you're brave you might simply give it a go. Otherwise you'll have to wait until Monday or Tuesday until I can hopefully test with that setup again.
+1 from me. This looks like a correct fix. Re-assigning to Karolin for inclusion in 3.4.3. Jeremy.
Looks good
Pushed to v3-4-test. Closing out bug report. Thanks!