mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
703497532a
Samba 4.9 became a bit more strict about creating a local NT token and a failure to resolve or create BUILTIN\Guests group will cause a rejection of the connection for a successfully authenticated one. Add a default mapping of the nobody group to BUILTIN\Guests. BUILTIN\Guests is a special group SID that is added to the NT token for authenticated users. For real guests there is 'guest account' option in smb.conf which defaults to 'nobody' user. This was implicit behavior before as 'guest account = nobody' by default would pick up 'nobody' group as well. Fixes: https://pagure.io/freeipa/issue/7705 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
37 lines
1.0 KiB
Plaintext
37 lines
1.0 KiB
Plaintext
# first
|
|
|
|
|
|
# middle
|
|
plugin: update_ca_topology
|
|
plugin: update_ipaconfigstring_dnsversion_to_ipadnsversion
|
|
plugin: update_dnszones
|
|
plugin: update_dns_limits
|
|
plugin: update_sigden_extdom_broken_config
|
|
plugin: update_sids
|
|
plugin: update_default_range
|
|
plugin: update_default_trust_view
|
|
plugin: update_tdo_gidnumber
|
|
plugin: update_ca_renewal_master
|
|
plugin: update_idrange_type
|
|
plugin: update_pacs
|
|
plugin: update_service_principalalias
|
|
plugin: update_fix_duplicate_cacrt_in_ldap
|
|
plugin: update_upload_cacrt
|
|
# update_ra_cert_store has to be executed after update_ca_renewal_master
|
|
plugin: update_ra_cert_store
|
|
plugin: update_mapping_Guests_to_nobody
|
|
|
|
# last
|
|
# DNS version 1
|
|
plugin: update_master_to_dnsforwardzones
|
|
# DNS version 2
|
|
plugin: update_dnsforward_emptyzones
|
|
plugin: update_managed_post
|
|
plugin: update_managed_permissions
|
|
plugin: update_read_replication_agreements_permission
|
|
plugin: update_idrange_baserid
|
|
plugin: update_passync_privilege_update
|
|
plugin: update_dnsserver_configuration_into_ldap
|
|
plugin: update_ldap_server_list
|
|
plugin: update_dna_shared_config
|