Bug 848407 - for domain security model of Winbind accounts, allow use of domain FQDN and derive short name out of it
for domain security model of Winbind accounts, allow use of domain FQDN and d...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: authconfig (Show other bugs)
6.4
Unspecified Unspecified
medium Severity medium
: beta
: ---
Assigned To: Tomas Mraz
BaseOS QE - Apps
: FutureFeature
Depends On:
Blocks: 848417
  Show dependency treegraph
 
Reported: 2012-08-15 09:57 EDT by David Jaša
Modified: 2016-08-11 07:08 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-11 07:08:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2012-08-15 09:57:23 EDT
Description of problem:
for domain security model of Winbind accounts, allow use of domain FQDN and derive short name out of it.

Why:
1) FQDN is a canonical domain name
2) FQDN allows to get DC address from SRV records (will file separate bug)
3) dot "." should not be used for new NetBIOS domain names since Server 2003 [1]
4) dot "." is disallowed character for DNS domain names [1]

based on 3) and 4) it is safe to assume that domains names with dots are dns domain names and NetBIOS domain name used by the field/option is

Version-Release number of selected component (if applicable):
authconfig-gtk-6.1.12-10.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. when configuring rhel to authenticate against AD, use FQDN of the AD domain in "Winbind Domain" field (or --smbworkgroup option)
2.
3.
  
Actual results:
rhel can't authenticate

Expected results:
* authconfig should do 's/$\([^.]\+\)\..*/\1/' (aka feed samba-winbind with part of the domain name from the beginning of the string to leftmost dot).
* rhel should be able to get auth information (aka getenv user@domain should be sucessfull)

Additional info:
[1] http://support.microsoft.com/kb/909264
Comment 2 RHEL Product and Program Management 2012-09-07 01:16:31 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 3 Tomas Mraz 2016-08-11 07:07:50 EDT
I am sorry but we are not going to implement this feature in RHEL-6.

Note You need to log in before you can comment on or make changes to this bug.