Bug 1853272
Summary: | The 'require_membership_of' documentation in pam_winbind manpage is incorrect [rhel-7.9.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Akshay Sakure <asakure> |
Component: | samba | Assignee: | Andreas Schneider <asn> |
Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.8 | CC: | asn, dkarpele, gdeschner, iboukris, jarrpa, jreznik, tscherf |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | samba-4.10.16-8.el7_9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-12-15 11:18:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Akshay Sakure
2020-07-02 10:20:12 UTC
We will update the pam_winbind.conf manpage with: require_membership_of=[SID or NAME] If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: MYDOMAIN\mygroup or MYDOMAIN\myuser (where '\' character corresponds to the value of 'winbind separator' parameter).. pam_winbind will, in that case, lookup the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a user is a member of with 'wbinfo --user-sids=SID'. We should fix the documentation of the manpages for pam_winbind(8) and pam_winbind.conf(5) for 'require_membership_of' that customer are able to configure their systems correctly and avoid more support cases because of incorrect manpages. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: samba security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5439 |