mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
31c703766f
In FreeIPA deployment with active Global Catalog service, when a two-way trust to Active Directory forest is established, Windows systems can look up FreeIPA users and groups. When using a security tab in Windows Explorer on AD side, a lookup over a trusted forest might come as realm\name instead of NetBIOS domain name: -------------------------------------------------------------------- [2020/01/13 11:12:39.859134, 1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug) lsa_LookupNames3: struct lsa_LookupNames3 in: struct lsa_LookupNames3 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-1c5e-a750e5810000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x001e (30) size : 0x0020 (32) string : * string : 'ipa.test\admins' sids : * sids: struct lsa_TransSidArray3 count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6) count : * count : 0x00000000 (0) lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) client_revision : LSA_CLIENT_REVISION_2 (2) -------------------------------------------------------------------- If we are running as a DC and PASSDB supports returning domain info (pdb_get_domain_info() returns a valid structure), check domain of the name in lookup_name() against DNS forest name and allow the request to be done against the primary domain. This corresponds to FreeIPA's use of Samba as a DC. For normal domain members a realm-based lookup falls back to a lookup over to its own domain controller with the help of winbindd. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Nov 11 10:59:01 UTC 2020 on sn-devel-184 |
||
---|---|---|
.. | ||
ABI | ||
account_pol.c | ||
login_cache.c | ||
lookup_sid.c | ||
lookup_sid.h | ||
machine_account_secrets.c | ||
machine_sid.c | ||
machine_sid.h | ||
passdb.c | ||
pdb_compat.c | ||
pdb_get_set.c | ||
pdb_interface.c | ||
pdb_ldap_schema.c | ||
pdb_ldap_schema.h | ||
pdb_ldap_util.c | ||
pdb_ldap_util.h | ||
pdb_ldap.c | ||
pdb_ldap.h | ||
pdb_nds.c | ||
pdb_nds.h | ||
pdb_samba_dsdb.c | ||
pdb_secrets.c | ||
pdb_secrets.h | ||
pdb_smbpasswd.c | ||
pdb_smbpasswd.h | ||
pdb_tdb.c | ||
pdb_tdb.h | ||
pdb_util.c | ||
py_passdb.c | ||
secrets_lsa.c | ||
secrets.c | ||
wscript_build |