9457 – map username script with security=ads and winbind broken

Bug 9457 - map username script with security=ads and winbind broken

Summary: map username script with security=ads and winbind broken

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:	8622
	Show dependency tree / graph

Reported:	2012-12-04 12:06 UTC by Volker Lendecke
Modified:	2012-12-11 10:54 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
network trace, frame 11 shows NO_MEMORY (2.43 KB, application/vnd.tcpdump.pcap) 2012-12-04 12:06 UTC, Volker Lendecke	no flags	Details
Patchset for master (3.44 KB, patch) 2012-12-10 14:49 UTC, Michael Adam	no flags	Details
Patchset for 4.0 (3.44 KB, patch) 2012-12-10 14:50 UTC, Michael Adam	jra: review+ vl: review+	Details
updated patchset for 4.0 with cherry-pick-info (4.88 KB, patch) 2012-12-10 23:40 UTC, Michael Adam	obnox: review+ jra: review+	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Volker Lendecke 2012-12-04 12:06:16 UTC

Created attachment 8274 [details]
network trace, frame 11 shows NO_MEMORY

If you set "username map script = /bin/echo" to use the nss groups instead of the AD groups and also have winbind for authentication, session setup is returning NT_STATUS_NO_MEMORY:

[global]
security = ads
workgroup = SAMBA-WG
realm = SAMBA.ORG
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
username map script = /bin/echo

root@samba-member:~/git/master/source3# bin/smbclient //127.0.0.1/tmp -Uadministrator%Passw0rd
session setup failed: NT_STATUS_NO_MEMORY

looking at the attached network trace shows it is a message by the server, not a local message.

Diagnosing it boils down to source3/auth/token_util.c:741 from commit 1c3c5e21:

        *found_username = NULL;

Somewhere further up in the callchain this NULL is seen as NO_MEMORY, which then is returned to the client.

Comment 1 Michael Adam 2012-12-10 14:49:25 UTC

Created attachment 8328 [details]
Patchset for master

Verified the bug and fixed this as attached.
This patchset is for master.

Comment 2 Michael Adam 2012-12-10 14:50:34 UTC

Created attachment 8329 [details]
Patchset for 4.0

This is the patchset for 4.0, just for the record:
Basically the master patchset applies cleanly and
should be added with cherry-pick info once the master-patchset has landed.

Michael

Comment 3 Karolin Seeger 2012-12-10 19:22:12 UTC

(In reply to comment #1)
> Created attachment 8328 [details]
> Patchset for master
> 
> Verified the bug and fixed this as attached.
> This patchset is for master.

Patches have been pushed to master (0770a4c0 and c5b150b3).

Comment 4 Jeremy Allison 2012-12-10 19:29:59 UTC

Comment on attachment 8329 [details]
Patchset for 4.0

LGTM for 4.0.0 release.

Comment 5 Michael Adam 2012-12-10 23:40:59 UTC

Created attachment 8335 [details]
updated patchset for 4.0 with cherry-pick-info

This patchset contains cherry-pick-info from master.
It also contains one additional patch that Volker pushed meanwhile, which is a fix of an embarrassing typo in the comment fix.. :-)

Comment 6 Jeremy Allison 2012-12-10 23:57:34 UTC

Comment on attachment 8335 [details]
updated patchset for 4.0 with cherry-pick-info

Looks good to me. The typo was a very minor error (IMHO). :-).

Comment 7 Michael Adam 2012-12-11 00:34:12 UTC

Thanks Jeremy.

==> Karolin for 4.0.

Comment 8 Karolin Seeger 2012-12-11 08:00:22 UTC

Pushed to autobuild-v4-0-test.

Comment 9 Karolin Seeger 2012-12-11 10:54:26 UTC

Pushed to v4-0-test.
Closing out bug report.

Thanks a lot!