Bug 452993 - authconfig configuration of samba config file prevents getent from working as expected.
authconfig configuration of samba config file prevents getent from working as...
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-26 10:28 EDT by Jason Fenner
Modified: 2008-07-17 17:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-17 17:24:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Suggested patch. (1.35 KB, patch)
2008-06-27 16:17 EDT, Jason Fenner
no flags Details | Diff

  None (edit)
Description Jason Fenner 2008-06-26 10:28:33 EDT
Description of problem:

When using either authconfig-gtk OR authconfig-tui to configure the system to
use winbind for user information and user authentication, the config changes
that are made to /etc/samba/smb.conf automatically are missing two lines.  These
two lines are necessary for the following two commands to be able to return
unified results (results from ADS and local):
getent passwd
getent group

It is important that both of these commands work because standard documentation
states to use these two commands to make sure that winbind/ADS integration is
working.  Also, some users may have scripted against the output of getent.

The two configuration lines that authconfig is not putting in
/etc/samba/smb.conf are:
winbind enum groups = yes
winbind enum users = yes

Version-Release number of selected component (if applicable):

How reproducible:
Every time tested.

Steps to Reproduce:
1. In Gnome: System -> Administration -> Authentication
2. User Info tab: check winbind
3. Click configure winbind
4. Enter configuration info to integrate with Active Directory Server
5. Click Join Domain and complete the join
6. Click on Authentication Tab
7. Check winbind
8. Click Ok
9. Open console
10. Verify that ADS integration is working by issuing: wbinfo -g   You should
see all local and groups from Active Directory.
11. run: getent group
12. You will only see local entries
13. edit /etc/samba/smb.conf
14. Add these lines to winbind section created by authconfig:
winbind enum groups = yes
winbind enum users = yes
15. run: getent group
16. You should now see groups displayed from both active directory and local.
Actual results:
Only local users and groups are displayed when running:
getent group
getent passwd

Expected results:
Both Active Directory and local users and/or groups should be displayed when
getent group
getent passwd

Additional info:
Comment 1 Jason Fenner 2008-06-27 16:17:07 EDT
Created attachment 310477 [details]
Suggested patch.

Here is the suggested patch.
Comment 2 Jason Fenner 2008-06-27 16:18:37 EDT
Since I have not heard an update or any activity on this bug yet, I went ahead
and wrote a patch for the file authinfo.py to correct this issue.  I have tested
this patch and it works for me.

The path does not add the two new config lines as command line options or
options in the gui interfaces.

I hope this patch helps and can be added to the package.  Please find the patch
attached as a .diff
Comment 3 Tomas Mraz 2008-06-30 12:12:08 EDT
I am not really sure that authconfig should add the options by default. If the
default should be yes, then you should convince about that the samba developers.
It doesn't make much sense to me to change authconfig to always put the lines there.
Comment 4 Jason Fenner 2008-07-17 13:41:34 EDT
Why would I need to convince the Samba developers of this?  It is the program
authconfig that adds the auth configs to smb.conf, not the Samba package.  It
doesn't make sense to concern the Samba team with proposed changes to authconfig.

I think my patch only makes authconfig behave more inline with documentation for
AD authentication that is found on the web. 
Comment 5 Tomas Mraz 2008-07-17 17:24:55 EDT
Because these options are by default no for a reason and it doesn't make any
sense to change this default by authconfig.

Note You need to log in before you can comment on or make changes to this bug.