Bug 459842 - Regression bug enumerating users in Windows 2003 parent and trusted domains when in a child domain
Regression bug enumerating users in Windows 2003 parent and trusted domains w...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba3x (Show other bugs)
5.2
x86_64 Linux
medium Severity high
: rc
: ---
Assigned To: Guenther Deschner
qe-baseos-daemons
: Rebase
: 599051 621686 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-22 16:42 EDT by MHouse
Modified: 2011-02-10 13:21 EST (History)
8 users (show)

See Also:
Fixed In Version: samba3x-3.5.4-0.56.el5
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Users of trusted child domains were not authenticated correctly. As a result, some users of such domains did not appear as members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-13 17:44:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description MHouse 2008-08-22 16:42:42 EDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

3.0.28-x introduced a regression bug where users in trusted domains could not be enumerated by Samba when a client was joined to a child domain.  This included user and group enumeration from both parent and peer domains.  Authentication of users in those domains no longer works because of this and I had to downgrade to the 3.0.25-x packages.  I'm uncertain whether I could still join the child domain after the update, as the clients were already domain members.

Reproducible: Always

Steps to Reproduce:
1. Create a Server 2003 R2 domain and a child domain (subdomain)
2. Join the child domain using the 'net join' syntax
3. Attempt to enumerate users and groups in both the child and parent domain with 'wbinfo' and receive incomplete results
Actual Results:  
Results of user and groups enumeration are incomplete.  Authentication using parent domain accounts is not possible.

Expected Results:  
Complete user and group info from parent domain, child domain and peer domains should be listed.  Authentication via trusted domain credentials should succeed and does with the 3.0.25-x packages

No problems experienced when attaching clients directly to the parent domain and authenticating with those credentials.
Comment 7 Simo Sorce 2010-06-07 13:19:28 EDT
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.

New Contents:
Trusted domain interoperability has been finalized in the 3.5.x series and is not available in earlier code bases.
Between 3.3.x and 3.5.x there are no incompatible changes of note.
Comment 13 Suzanne Yeghiayan 2010-12-09 14:10:18 EST
*** Bug 599051 has been marked as a duplicate of this bug. ***
Comment 14 Eva Kopalova 2010-12-15 02:53:12 EST
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,2 +1 @@
-Trusted domain interoperability has been finalized in the 3.5.x series and is not available in earlier code bases.
+Users of trusted child domains were not authenticated correctly. As a result, some users of such domains were not members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.-Between 3.3.x and 3.5.x there are no incompatible changes of note.
Comment 15 Eva Kopalova 2010-12-15 03:06:45 EST
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1 @@
-Users of trusted child domains were not authenticated correctly. As a result, some users of such domains were not members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.+Users of trusted child domains were not authenticated correctly. As a result, some users of such domains did not appear as members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully.
Comment 17 errata-xmlrpc 2011-01-13 17:44:19 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0054.html
Comment 18 Jeff Layton 2011-02-10 07:37:03 EST
*** Bug 621686 has been marked as a duplicate of this bug. ***
Comment 19 Jeff Layton 2011-02-10 13:21:14 EST
*** Bug 621686 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.