Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 454160 - getent group doesn't favor default domain
Summary: getent group doesn't favor default domain
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 9
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-05 17:15 UTC by Vadym Chepkov
Modified: 2008-11-14 14:40 UTC (History)
1 user (show)

Fixed In Version: 3.2.4-0.21.fc9
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-11-14 14:40:07 UTC


Attachments (Terms of Use)
Patch proposed upstream, still pending verification (deleted)
2008-07-07 17:36 UTC, Simo Sorce
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Samba Project 5571 None None None Never

Description Vadym Chepkov 2008-07-05 17:15:53 UTC
Description of problem:

getent group doesn't obey  'winbind use default domain' setting.


Version-Release number of selected component (if applicable):

Fedora release 9 (Sulphur)
glibc-2.8-3.i686
glibc-common-2.8-3.i386
samba-client-3.2.0-2.17.fc9.i386
samba-winbind-3.2.0-2.17.fc9.i386
samba-common-3.2.0-2.17.fc9.i386


My settings:
# /etc/nsswitch.conf
passwd:     files winbind
group:      files winbind

# /etc/samba/smb.conf
        workgroup = VN
        winbind separator = /
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes

  
Actual results:
# getent passwd|grep vchepkov
vchepkov:*:10022:10000:Vadym Chepkov:/home/vchepkov:/usr/local/bin/winbind.sh

this works as expected
# getent group|grep vchepkov
domain admins:*:10014:VN/Administrator,VN/vchepkov
vpn admins:*:10045:VN/vchepkov

Expected results:
It should not return VN/ prefix

Comment 1 Vadym Chepkov 2008-07-06 02:01:34 UTC
Forgot to mention, this started to happen after upgrade to Fedora 9, prior the 
upgrade it worked as expected. The bug brakes all ADS group memberships check

This version worked fine
[2008/07/05 04:16:27, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.28a-1.fc7 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008

This doesn't

[2008/07/05 10:00:23,  0] winbindd/winbindd.c:main(1120)
  winbindd version 3.2.0-17.fc9 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008


Comment 2 Simo Sorce 2008-07-06 15:45:10 UTC
It seem it has been reported upstream too:
https://bugzilla.samba.org/show_bug.cgi?id=5571

Will followup when upstream fixes it.

Comment 3 Vadym Chepkov 2008-07-07 17:15:40 UTC
Access Denied
You are not authorized to access bug #5571. 
:(

Comment 4 Simo Sorce 2008-07-07 17:35:22 UTC
Sorry it has been restricted because the original poster accidentally added a
comment with private information and he asked to block that info from public view.
I will post the patch here too.


Comment 5 Simo Sorce 2008-07-07 17:36:16 UTC
Created attachment 311196 [details]
Patch proposed upstream, still pending verification

Comment 6 Vadym Chepkov 2008-09-10 20:09:55 UTC
Still an issue:

samba-common-3.2.3-0.20.fc9.i386
samba-client-3.2.3-0.20.fc9.i386
samba-winbind-3.2.3-0.20.fc9.i386

Comment 7 Simo Sorce 2008-09-11 13:05:47 UTC
This patch was not included in 3.2.3, I am working to push it now.

Comment 8 Vadym Chepkov 2008-11-06 20:58:07 UTC
Fixed in

samba-common-3.2.4-0.21.fc9.i386
samba-client-3.2.4-0.21.fc9.i386
samba-winbind-3.2.4-0.21.fc9.i386


Note You need to log in before you can comment on or make changes to this bug.