91d3694 ipa-sam: create the gidNumber attribute in the trusted domain entry

1 file Authored by frenaud 6 years ago, Committed by mbasti 6 years ago,
    ipa-sam: create the gidNumber attribute in the trusted domain entry
    
    When a trusted domain entry is created, the uidNumber attribute is created
    but not the gidNumber attribute. This causes samba to log
    	Failed to find a Unix account for DOM-AD$
    because the samu structure does not contain a group_sid and is not put
    in the cache.
    The fix creates the gidNumber attribute in the trusted domain entry,
    and initialises the group_sid field in the samu structure returned
    by ldapsam_getsampwnam. This ensures that the entry is put in the cache.
    
    Note that this is only a partial fix for 6660 as it does not prevent
    _netr_ServerAuthenticate3 from failing with the log
    	_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client VM-AD machine account dom-ad.example.com.
    
    https://pagure.io/freeipa/issue/6827
    
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    
        
file modified
+37 -3