mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
578e4df6b1
[MS-NRPC] section 2.2.1.4.11 requires that the structure NETLOGON_VALIDATION_SAM_INFO has the same values as defined in the KERB_VALIDATION_INFO structure from [MS-PAC] section 2.5. Samba's netr_SamBaseInfo.domain_name corresponds to KERB_VALIDATION_INFO.LogonDomainName and must be a NetBIOS name of the domain, not a DNS one. Failure to provide NetBIOS name here actually breaks netr_LogonSamLogonEx call issued by IPA-enrolled Samba domain member which is confused by the returned value: [2021/01/30 16:36:36.636010, 0, pid=1633, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_util.c: 175(add_trusted_domain) add_trusted_domain: SID [S-1-5-21-3342930694-1632731913-1318603033] already used by domain [INTERNAL], expected [internal.example.test] [2021/01/30 16:36:36.636050, 10, pid=1633, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_util.c:362(add_trusted_domain_from_auth) add_trusted_domain_from_auth: Adding domain [internal.example.test] with sid [S-1-5-21-3342930694-1632731913-1318603033] failed [2021/01/30 16:36:36.636060, 0, pid=1633, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam_auth_crap.c:169(winbindd_pam_auth_crap_done) winbindd_pam_auth_crap_done: add_trusted_domain_from_auth failed [2021/01/30 16:36:36.636079, 10, pid=1633, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:814(process_request_done) process_request_done: [smbd(1650):PAM_AUTH_CRAP]: NT_STATUS_LOGON_FAILURE Fixes: https://pagure.io/freeipa/issue/8636 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Sumit Bose <sbose@redhat.com> |
||
---|---|---|
.. | ||
ipa_sam.c | ||
ipa_sam.h | ||
Makefile.am | ||
README |
This is the ipa samba passdb backend.