freeipa/daemons
Florence Blanc-Renaud e052c2dce0 ipa-sam: create the gidNumber attribute in the trusted domain entry
When a trusted domain entry is created, the uidNumber attribute is created
but not the gidNumber attribute. This causes samba to log
	Failed to find a Unix account for DOM-AD$
because the samu structure does not contain a group_sid and is not put
in the cache.
The fix creates the gidNumber attribute in the trusted domain entry,
and initialises the group_sid field in the samu structure returned
by ldapsam_getsampwnam. This ensures that the entry is put in the cache.

Note that this is only a partial fix for 6660 as it does not prevent
_netr_ServerAuthenticate3 from failing with the log
	_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client VM-AD machine account dom-ad.example.com.

https://pagure.io/freeipa/issue/6827

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-04-07 12:38:35 +02:00
..
dnssec configure: Use ODS_USER and NAMED_GROUP in daemons/dnssec/*.service.in 2017-03-22 13:39:18 +01:00
ipa-kdb IPA-KDB: use relative path in ipa-certmap config snippet 2017-04-05 07:30:41 +00:00
ipa-otpd Use RemoveOnStop to cleanup systemd sockets 2017-02-17 15:19:07 +01:00
ipa-sam ipa-sam: create the gidNumber attribute in the trusted domain entry 2017-04-07 12:38:35 +02:00
ipa-slapi-plugins extdom: improve cert request 2017-03-28 18:21:18 +02:00
ipa-version.h.in Build: move version handling from Makefile to configure 2016-11-09 13:08:32 +01:00
Makefile.am Build: properly integrate ipa-version.h.in into build system 2016-11-29 15:28:24 +01:00