Bug 6815 - sid-to-name resolution in w2k8r2 trusting domains not working
Summary: sid-to-name resolution in w2k8r2 trusting domains not working
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.4.2
Hardware: Other Linux
: P3 regression
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-10-15 07:17 UTC by Björn Jacke
Modified: 2020-12-11 11:19 UTC (History)
1 user (show)

See Also:

patch for 3.4 (8.75 KB, patch)
2009-10-15 09:06 UTC, Guenther Deschner
vl: review-
patch for 3.4 (fixed version) (8.77 KB, patch)
2009-10-15 13:56 UTC, Guenther Deschner
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2009-10-15 07:17:08 UTC
when you have a bidirectional trust between w2k8r2 and samba, a w2k8 dom user can add samba domain users in file ACLs but when he looks at the ACLs after that, the SIDs are not being resolved to names.
Comment 1 Guenther Deschner 2009-10-15 09:06:04 UTC
Created attachment 4855 [details]
patch for 3.4

This fixes it for me (samba pdc v3-4-test plus this fix running winbind and holding two way domain trust to w2k8r2). Can you please test ?
Comment 2 Volker Lendecke 2009-10-15 13:47:28 UTC
Comment on attachment 4855 [details]
patch for 3.4

The last piece of spnego_parse_auth() looks broken. free_spnego_data(&token) is called twice in a row. Maybe a "return false" is missing?

Comment 3 Guenther Deschner 2009-10-15 13:56:26 UTC
Created attachment 4856 [details]
patch for 3.4 (fixed version)

Right, here is a fixed version. Thanks for looking so closely!
Comment 4 Volker Lendecke 2009-10-15 14:03:25 UTC
Comment on attachment 4856 [details]
patch for 3.4 (fixed version)

For the protocol piece I just trust you, I don't have that environment around right now. It does look entirely reasonable though.

Comment 5 Guenther Deschner 2009-10-15 16:11:58 UTC
Ok, thanks Volker. So I think at least Bjoern should test this in his setup and someone else please have a look at the patch. Thanks.
Comment 6 Guenther Deschner 2009-10-16 08:18:53 UTC
Marking as blocker - a Windows version cannot do session setup against us.
Comment 7 Björn Jacke 2009-10-16 13:39:00 UTC
sorry Günther. The test environment got kind of broken today. If you tested it successfully yourself and if you're brave you might simply give it a go. Otherwise you'll have to wait until Monday or Tuesday until I can hopefully test with that setup again.
Comment 8 Jeremy Allison 2009-10-19 17:28:36 UTC
+1 from me. This looks like a correct fix. Re-assigning to Karolin for inclusion in 3.4.3.
Comment 9 Stefan Metzmacher 2009-10-20 04:23:46 UTC
Looks good
Comment 10 Karolin Seeger 2009-10-20 05:05:05 UTC
Pushed to v3-4-test.
Closing out bug report.