On Wed, Jul 12, 2006 at 09:04:22AM -0700, M. D. Parker wrote: > Ok...ok...I'll appologize to the everybody. And yes I do understand that > bugs unreported cannot be fixed, but on a 'beta' you cannot be very sure > that maybe what you built was not quite right. I remember this because I > tried one of the CVS versions for the alpha 3.0.23 and had the same problem > that I have now. However, it was a problem to build it at that point and > again I assummed that it was some issue that was being addressed in the > build process causing the build problem.
Build problems are also welcome on [EMAIL PROTECTED] Attached find a patch that should solve your problem. The circumstances are: security=domain, no winbind, and valid users = username. The code to evaluate the valid users line has been restructured to make use of the lookup_name routine to create a central point where arbitrary names are being coverted to SIDs. When winbind is not around, this routine is incomplete in the sense that it does not connect to the domain controller, whereas winbind would. So lookup_name falls back to returning S-1-22-1-<uid>. It is checked whether this SID is part of the user's NT token. Before this happens, we have however assigned the SID the domain controller has returned in the SamLogon reply. This is a S-1-5-21-<a>-<b>-<c>-RID type SID, not the S-1-22-1 one locally defined. The attached patch adds the S-1-22-1-<uid> to the user's token. It is a bit larger than strictly necessary, but the minimum diff size would have made the code a bit clumsy. Volker
pgpuyGqcaiL8j.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
