Bug 9457 - map username script with security=ads and winbind broken
Summary: map username script with security=ads and winbind broken
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 8622
  Show dependency treegraph
 
Reported: 2012-12-04 12:06 UTC by Volker Lendecke
Modified: 2012-12-11 10:54 UTC (History)
1 user (show)

See Also:


Attachments
network trace, frame 11 shows NO_MEMORY (2.43 KB, application/vnd.tcpdump.pcap)
2012-12-04 12:06 UTC, Volker Lendecke
no flags Details
Patchset for master (3.44 KB, patch)
2012-12-10 14:49 UTC, Michael Adam
no flags Details
Patchset for 4.0 (3.44 KB, patch)
2012-12-10 14:50 UTC, Michael Adam
jra: review+
vl: review+
Details
updated patchset for 4.0 with cherry-pick-info (4.88 KB, patch)
2012-12-10 23:40 UTC, Michael Adam
obnox: review+
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Volker Lendecke 2012-12-04 12:06:16 UTC
Created attachment 8274 [details]
network trace, frame 11 shows NO_MEMORY

If you set "username map script = /bin/echo" to use the nss groups instead of the AD groups and also have winbind for authentication, session setup is returning NT_STATUS_NO_MEMORY:

[global]
security = ads
workgroup = SAMBA-WG
realm = SAMBA.ORG
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
username map script = /bin/echo

root@samba-member:~/git/master/source3# bin/smbclient //127.0.0.1/tmp -Uadministrator%Passw0rd
session setup failed: NT_STATUS_NO_MEMORY

looking at the attached network trace shows it is a message by the server, not a local message.

Diagnosing it boils down to source3/auth/token_util.c:741 from commit 1c3c5e21:

        *found_username = NULL;

Somewhere further up in the callchain this NULL is seen as NO_MEMORY, which then is returned to the client.
Comment 1 Michael Adam 2012-12-10 14:49:25 UTC
Created attachment 8328 [details]
Patchset for master

Verified the bug and fixed this as attached.
This patchset is for master.
Comment 2 Michael Adam 2012-12-10 14:50:34 UTC
Created attachment 8329 [details]
Patchset for 4.0

This is the patchset for 4.0, just for the record:
Basically the master patchset applies cleanly and
should be added with cherry-pick info once the master-patchset has landed.

Michael
Comment 3 Karolin Seeger 2012-12-10 19:22:12 UTC
(In reply to comment #1)
> Created attachment 8328 [details]
> Patchset for master
> 
> Verified the bug and fixed this as attached.
> This patchset is for master.

Patches have been pushed to master (0770a4c0 and c5b150b3).
Comment 4 Jeremy Allison 2012-12-10 19:29:59 UTC
Comment on attachment 8329 [details]
Patchset for 4.0

LGTM for 4.0.0 release.
Comment 5 Michael Adam 2012-12-10 23:40:59 UTC
Created attachment 8335 [details]
updated patchset for 4.0 with cherry-pick-info

This patchset contains cherry-pick-info from master.
It also contains one additional patch that Volker pushed meanwhile, which is a fix of an embarrassing typo in the comment fix.. :-)
Comment 6 Jeremy Allison 2012-12-10 23:57:34 UTC
Comment on attachment 8335 [details]
updated patchset for 4.0 with cherry-pick-info

Looks good to me. The typo was a very minor error (IMHO). :-).
Comment 7 Michael Adam 2012-12-11 00:34:12 UTC
Thanks Jeremy.

==> Karolin for 4.0.
Comment 8 Karolin Seeger 2012-12-11 08:00:22 UTC
Pushed to autobuild-v4-0-test.
Comment 9 Karolin Seeger 2012-12-11 10:54:26 UTC
Pushed to v4-0-test.
Closing out bug report.

Thanks a lot!