Message ID | 533AE1EA.4030103@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On 04/01/2014 11:57 AM, Shijoe George wrote: > Issues with AD/IPA Trust works & how SSSD deals with AD users. > > Lets say we have a IPA domain linux.example.com & AD domain win.example.com, We setup IPA/AD trust so that Windows domain users can login into Linux, When we setup AD Trust with IPA, AD users login as username@AD_REALM, With our example above, username will be "user@win.example.com" Without @win.example.com that user will be searched only in IPA domain not in AD domain. That is the reason @DOMAIN part is important in SSSD when dealing with IPA-AD trust. > > With current behaviour the client-side code is stripping the domain off based on the location of the first "@" character in the value returned by the server. This results in UID/GID mappings failing and resulting in ownership on the clients as "nobody". > > With the provided patch, we can accept fully qualified usernames. Committed... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
commit 7ff76ddf2e37d595732d9c8e534de8aa530eb57a Author: Shijoe Panjikkaran <spanjikk@redhat.com> Date: Tue Apr 1 20:53:54 2014 +0530 nss: strrchr() instead of strchr() to get the last occurrence of "@" Signed-off-by: Shijoe Panjikkaran <spanjikk@redhat.com> diff --git a/nss.c b/nss.c index b2b1227..f8129fe 100644 --- a/nss.c +++ b/nss.c @@ -135,7 +135,7 @@ static char *strip_domain(const char *name, const char *domain) char *l = NULL; int len; - c = strchr(name, '@'); + c = strrchr(name, '@'); if (c == NULL && domain != NULL) goto out; if (c == NULL && domain == NULL) {