User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 3.0.28-x introduced a regression bug where users in trusted domains could not be enumerated by Samba when a client was joined to a child domain. This included user and group enumeration from both parent and peer domains. Authentication of users in those domains no longer works because of this and I had to downgrade to the 3.0.25-x packages. I'm uncertain whether I could still join the child domain after the update, as the clients were already domain members. Reproducible: Always Steps to Reproduce: 1. Create a Server 2003 R2 domain and a child domain (subdomain) 2. Join the child domain using the 'net join' syntax 3. Attempt to enumerate users and groups in both the child and parent domain with 'wbinfo' and receive incomplete results Actual Results: Results of user and groups enumeration are incomplete. Authentication using parent domain accounts is not possible. Expected Results: Complete user and group info from parent domain, child domain and peer domains should be listed. Authentication via trusted domain credentials should succeed and does with the 3.0.25-x packages No problems experienced when attaching clients directly to the parent domain and authenticating with those credentials.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Trusted domain interoperability has been finalized in the 3.5.x series and is not available in earlier code bases. Between 3.3.x and 3.5.x there are no incompatible changes of note.
*** Bug 599051 has been marked as a duplicate of this bug. ***
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,2 +1 @@ -Trusted domain interoperability has been finalized in the 3.5.x series and is not available in earlier code bases. +Users of trusted child domains were not authenticated correctly. As a result, some users of such domains were not members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.-Between 3.3.x and 3.5.x there are no incompatible changes of note.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Users of trusted child domains were not authenticated correctly. As a result, some users of such domains were not members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.+Users of trusted child domains were not authenticated correctly. As a result, some users of such domains did not appear as members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0054.html
*** Bug 621686 has been marked as a duplicate of this bug. ***