Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Domain groups can't be added as members of local groups in Windows #67086

Open
2 of 9 tasks
xj25vm opened this issue Dec 3, 2024 · 1 comment
Open
2 of 9 tasks

[BUG] Domain groups can't be added as members of local groups in Windows #67086

xj25vm opened this issue Dec 3, 2024 · 1 comment
Labels
Bug broken, incorrect, or confusing behavior needs-triage

Comments

@xj25vm
Copy link

xj25vm commented Dec 3, 2024
edited
Loading

Description
As per title, a domain group can't be added as a member of a local group - in spite of the documentation appearing to support this.

Setup
Salt-master v.3007.1 on Linux Slackware 64
Salt-minion v.3007.1 on Windows 10 Pro 64bit
Salt minion machine is joined to Samba AD domain

(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)

Please be as specific as possible and give set-up details.

  • on-prem machine
  • VM (Virtualbox, KVM, etc. please specify)
  • VM running on a cloud service, please be explicit and add details
  • container (Kubernetes, Docker, containerd, etc. please specify)
  • or a combination, please be explicit
  • jails if it is FreeBSD
  • classic packaging
  • onedir packaging
  • used bootstrap to install

Steps to Reproduce the behavior
I used the simple state file below as per instructions at the bottom of the page at this link (https://docs.saltproject.io/en/latest/ref/states/all/salt.states.group.html):

Administrators:
  group.present:
    - addusers:
      - MYDOMAIN\testgroup

The "testgroup" group already exists in the domain. I can successfully add a domain user to the local Administrators, using the state file above. I can also add a local group to the local Administrators group. But attempting to add any domain group to the local Administrators group results in the following message:

$ salt "my_minion_name" state.sls add_domain_group_to_local_administrators
my_minon_name:
----------
          ID: Administrators
    Function: group.present
      Result: False
     Comment: The following group attributes are set to be changed:
              addusers: ['my_minion_name\\mydomain\\testgroup']
              Some changes could not be applied
     Started: 18:06:06.070874
    Duration: 390.612 ms
     Changes:   
              ----------
              Failed:
                  ----------
                  addusers:
                      - my_minion_name\mydomain\testgroup

Summary for my_minion
------------
Succeeded: 0 (changed=1)
Failed:    1
------------
Total states run:     1
Total run time: 390.612 ms

(Include debug logs if possible and relevant)

Expected behavior
The domain group should be added as member of local Administrators group. It seems domain groups don't get recognised by the group.members module - but instead it attempts to interpret them as a local group by prepending the minion machine hostname - or something along these lines.

Versions Report

Salt Version: Salt: 3007.1

Python Version:
Python: 3.9.5 (default, May 4 2021, 18:07:24)

Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.9.0.post0
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 3.1.4
libgit2: Not Installed
looseversion: 1.3.0
M2Crypto: 0.37.1
Mako: 1.1.4
msgpack: 1.1.0
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 20.9
pycparser: Not Installed
pycrypto: Not Installed
pycryptodome: Not Installed
pygit2: Not Installed
python-gnupg: Not Installed
PyYAML: 6.0.2
PyZMQ: 26.2.0
relenv: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 6.4.2
ZMQ: 4.3.5

Salt Package Information:
Package Type: Not Installed

System Versions:
dist: slackware 14.2 current
locale: utf-8
machine: x86_64
release: 5.10.41
system: Linux
version: Slackware 14.2 current

Additional context
Add any other context about the problem here.
@xj25vm xj25vm added Bug broken, incorrect, or confusing behavior needs-triage labels Dec 3, 2024
@welcome Welcome
Copy link

welcome bot commented Dec 3, 2024

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xj25vm