Bug 7542 - winbind returns AD group members in camel case while users are coverted to lower case - AD group memebership check fails
Summary: winbind returns AD group members in camel case while users are coverted to lo...
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.5
Hardware: All Linux
: P3 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-01 05:55 UTC by Vladimir Soloviev
Modified: 2017-08-24 15:27 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Soloviev 2010-07-01 05:55:12 UTC 
getent passwd | grep isaev
return
isaev_ef:*:10250:10000: bla-bla-bla
getent group | grep project
return
project-ias:x:10132:Isaev_EF,   bla-bla-bla

Windind conver logins returned as passwd database memebers to lower case,
while keep case for logins returned as group memebers. This behaivor prevent AD group memebersip checking.

patch:
file
source/winbindd/winbindd_group.c
function
static NTSTATUS expand_groups
.......
.......
		/* Separate users and groups into two lists */

		for ( j=0; j<num_names; j++ ) {

			/* Users */
			if ( name_types[j] == SID_NAME_USER ||
			     name_types[j] == SID_NAME_COMPUTER )
			{
				/* vsplus ++ */
                                fstring tmp_user;
                                char *ptmp_user = &tmp_user;
                                fstrcpy(tmp_user, names[j]);
                                strlower_m(tmp_user);
                                /* vsplus -- */
                                status = add_names_to_list( ctx, members, 
							    n_members,
							    &ptmp_user, 1 );
							    /* names+j, 1 ); */
				if ( !NT_STATUS_IS_OK(status) )
					goto out;

				continue;				
			} 
.......
Comment 1 Björn Jacke 2017-08-24 14:12:56 UTC 
sorry for the long delay, I just checked this and it seems to work with current Samba 4.6 so it seems like this can be maked as fixed. Can you confirm that?