Bug 454160 - getent group doesn't favor default domain
Summary: getent group doesn't favor default domain
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 9
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-05 17:15 UTC by Vadym Chepkov
Modified: 2008-11-14 14:40 UTC (History)
1 user (show)

Fixed In Version: 3.2.4-0.21.fc9
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-11-14 14:40:07 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Patch proposed upstream, still pending verification (1.57 KB, patch)
2008-07-07 17:36 UTC, Simo Sorce 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Samba Project 5571 0 None None None Never

Description Vadym Chepkov 2008-07-05 17:15:53 UTC 
Description of problem:

getent group doesn't obey  'winbind use default domain' setting.


Version-Release number of selected component (if applicable):

Fedora release 9 (Sulphur)
glibc-2.8-3.i686
glibc-common-2.8-3.i386
samba-client-3.2.0-2.17.fc9.i386
samba-winbind-3.2.0-2.17.fc9.i386
samba-common-3.2.0-2.17.fc9.i386


My settings:
# /etc/nsswitch.conf
passwd:     files winbind
group:      files winbind

# /etc/samba/smb.conf
        workgroup = VN
        winbind separator = /
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes

  
Actual results:
# getent passwd|grep vchepkov
vchepkov:*:10022:10000:Vadym Chepkov:/home/vchepkov:/usr/local/bin/winbind.sh

this works as expected
# getent group|grep vchepkov
domain admins:*:10014:VN/Administrator,VN/vchepkov
vpn admins:*:10045:VN/vchepkov

Expected results:
It should not return VN/ prefix
Comment 1 Vadym Chepkov 2008-07-06 02:01:34 UTC 
Forgot to mention, this started to happen after upgrade to Fedora 9, prior the 
upgrade it worked as expected. The bug brakes all ADS group memberships check

This version worked fine
[2008/07/05 04:16:27, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.28a-1.fc7 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008

This doesn't

[2008/07/05 10:00:23,  0] winbindd/winbindd.c:main(1120)
  winbindd version 3.2.0-17.fc9 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
Comment 2 Simo Sorce 2008-07-06 15:45:10 UTC 
It seem it has been reported upstream too:
https://bugzilla.samba.org/show_bug.cgi?id=5571

Will followup when upstream fixes it.
Comment 3 Vadym Chepkov 2008-07-07 17:15:40 UTC 
Access Denied
You are not authorized to access bug #5571. 
:(
Comment 4 Simo Sorce 2008-07-07 17:35:22 UTC 
Sorry it has been restricted because the original poster accidentally added a
comment with private information and he asked to block that info from public view.
I will post the patch here too.
Comment 5 Simo Sorce 2008-07-07 17:36:16 UTC 
Created attachment 311196 [details]
Patch proposed upstream, still pending verification
Comment 6 Vadym Chepkov 2008-09-10 20:09:55 UTC 
Still an issue:

samba-common-3.2.3-0.20.fc9.i386
samba-client-3.2.3-0.20.fc9.i386
samba-winbind-3.2.3-0.20.fc9.i386
Comment 7 Simo Sorce 2008-09-11 13:05:47 UTC 
This patch was not included in 3.2.3, I am working to push it now.
Comment 8 Vadym Chepkov 2008-11-06 20:58:07 UTC 
Fixed in

samba-common-3.2.4-0.21.fc9.i386
samba-client-3.2.4-0.21.fc9.i386
samba-winbind-3.2.4-0.21.fc9.i386
Note You need to log in before you can comment on or make changes to this bug.