diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 4c1fda5f82b..c483ee4e7a6 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -2419,6 +2419,8 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, if (entry == NULL || sid == NULL) { smbldap_make_mod(priv2ld(ldap_state), entry, &mods, LDAP_ATTRIBUTE_UIDNUMBER, IPA_MAGIC_ID_STR); + smbldap_make_mod(priv2ld(ldap_state), entry, &mods, + LDAP_ATTRIBUTE_GIDNUMBER, IPA_MAGIC_ID_STR); } if (td->netbios_name != NULL) { @@ -2823,12 +2825,18 @@ static uint32_t pdb_ipasam_capabilities(struct pdb_methods *methods) return PDB_CAP_STORE_RIDS | PDB_CAP_ADS | PDB_CAP_TRUSTED_DOMAINS_EX; } +static int ipasam_get_primary_group_sid(TALLOC_CTX *mem_ctx, + struct ldapsam_privates *ldap_state, + LDAPMessage *entry, + struct dom_sid **_group_sid); + static bool init_sam_from_td(struct samu *user, struct pdb_trusted_domain *td, LDAPMessage *entry, struct ldapsam_privates *ldap_state) { NTSTATUS status; struct dom_sid *u_sid; + struct dom_sid *g_sid; char *name; char *trustpw = NULL; char *trustpw_utf8 = NULL; @@ -2839,6 +2847,7 @@ static bool init_sam_from_td(struct samu *user, struct pdb_trusted_domain *td, bool res; char *sid_str; enum idmap_error_code err; + TALLOC_CTX *tmp_ctx; if (!pdb_set_acct_ctrl(user, ACB_DOMTRUST | ACB_TRUSTED_FOR_DELEGATION, PDB_SET)) { @@ -2884,6 +2893,23 @@ static bool init_sam_from_td(struct samu *user, struct pdb_trusted_domain *td, } talloc_free(u_sid); + tmp_ctx= talloc_init("init_sam_from_td"); + if (!tmp_ctx) { + return false; + } + + if (ipasam_get_primary_group_sid(tmp_ctx, ldap_state, entry, &g_sid) + != 0) { + talloc_free(tmp_ctx); + return false; + } + + if (!pdb_set_group_sid(user, g_sid, PDB_SET)) { + talloc_free(tmp_ctx); + return false; + } + talloc_free(tmp_ctx); + status = get_trust_pwd(user, &td->trust_auth_incoming, &trustpw, NULL); if (!NT_STATUS_IS_OK(status)) { return false;