| Message ID | 533AE1EA.4030103@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 04/01/2014 11:57 AM, Shijoe George wrote: > Issues with AD/IPA Trust works & how SSSD deals with AD users. > > Lets say we have a IPA domain linux.example.com & AD domain win.example.com, We setup IPA/AD trust so that Windows domain users can login into Linux, When we setup AD Trust with IPA, AD users login as username@AD_REALM, With our example above, username will be "user@win.example.com" Without @win.example.com that user will be searched only in IPA domain not in AD domain. That is the reason @DOMAIN part is important in SSSD when dealing with IPA-AD trust. > > With current behaviour the client-side code is stripping the domain off based on the location of the first "@" character in the value returned by the server. This results in UID/GID mappings failing and resulting in ownership on the clients as "nobody". > > With the provided patch, we can accept fully qualified usernames. Committed... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
commit 7ff76ddf2e37d595732d9c8e534de8aa530eb57a
Author: Shijoe Panjikkaran <spanjikk@redhat.com>
Date: Tue Apr 1 20:53:54 2014 +0530
nss: strrchr() instead of strchr() to get the last occurrence of "@"
Signed-off-by: Shijoe Panjikkaran <spanjikk@redhat.com>
diff --git a/nss.c b/nss.c
index b2b1227..f8129fe 100644
--- a/nss.c
+++ b/nss.c
@@ -135,7 +135,7 @@ static char *strip_domain(const char *name, const char *domain)
char *l = NULL;
int len;
- c = strchr(name, '@');
+ c = strrchr(name, '@');
if (c == NULL && domain != NULL)
goto out;
if (c == NULL && domain == NULL) {