freeipa

Clone
Source Code
GIT

91abd1f ipasam: add handling of machine accounts

Authored and Committed by abbra 4 years ago
raw patch tree parent
1 file changed. 45 lines added. 3 lines removed.
daemons/ipa-sam/ipa_sam.c
file modified
+45 -3 
    ipasam: add handling of machine accounts
    
    Domain member is represented for SMB as a machine account with
    NetBIOS name ending with '$', e.g. 'FILESERVER$'. Such name will need to
    be resolved as a POSIX account by smbd at some point but first we need
    to make sure it is returned as a machine account through PASSDB layer.
    
    In addition to that, machine accounts are normal Kerberos services,
    named as 'cifs/<hostname>@REALM'. This name also will need to be
    resolved as a POSIX account by smbd on the domain controller.
    
    These two factors mean that LDAP entry for SMB kerberos service has to
    have multiple 'uid' values. This is allowed by the LDAP schema and we
    need to support it in ipasam.
    
    Fixes: https://pagure.io/freeipa/issue/3999
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+45 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.