Age | Commit message (Collapse) | Author | Files | Lines |
|
- Set the password on the newly added 'root' user so we can connect with a user that exists in getpwnam() without further configuration
- bind interfaces only so we don't conflict with other Samba instances
- use the full DNS name for smbclient
- don't connect to localhost (as we will be on ${INTERFACE_IP} only
- Use the windows domain in the wbinfo command (winbindd won't take bare name here).
- Register our IP address in DNS using 'net ads dns register'
Andrew Bartlett
|
|
This allows the administrator to more carefully chose what name to register.
Andrew Bartlett
|
|
This allows us to run a private BIND in the S3 test, and allows the S3
test to join a freshly provisioned AD instance if the VM isn't already
configured.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.
We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.
Andrew Bartlett
|
|
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
|
|
This matches the improved security measures of Windows Vista.
Andrew Bartlett
|
|
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
|
|
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
|
|
available.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Dec 10 03:49:03 CET 2010 on sn-devel-104
|
|
package.
|
|
|
|
different location.
|
|
dist' inclusion of configure)
|
|
|
|
|
|
|
|
|
|
|
|
subunitrun.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
now obsolete --analyse-cmd.
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 10 01:26:44 CET 2010 on sn-devel-104
|
|
|
|
This function is a wrapper around waf's check_python_header.
It avoids searching more than once for the headers bringing a small
speed improvement and a better lisibility of the logs.
But it's mainly to avoid a nasty bug when python libraries are in path
pointed by python_LIBPL (ie. /usr/local/lib/python2.6/config/) instead
of python_LIBDIR (ie. /usr/local/lib).
On the first call waf will correctly find that in order to link with
python libs it needs to add -L$python_LIBPL.
But on the next calls of check_python_headers, waf will use both the
current library path value (ie. -L/usr/local/lib/python2.6/config) and
-L$python_LIBDIR (ie. /usr/local/lib/) which will make him beleive that
python libraries are in $python_LIBDIR which at the end will make the
final link test fails in check_python_headers as it will not use the
good directory.
So by avoiding calling check_python_headers more than once we avoid
making waf fooling itself.
|
|
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Dec 9 23:57:03 CET 2010 on sn-devel-104
|
|
This is a simple UDP-based echo server. It is mainly intended as an
example on how to do server service tasks in s4.
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 9 17:55:57 CET 2010 on sn-devel-104
|
|
Somehow I forgot to remove this after discussion with Jelmer.
metze
|
|
This is particularly important before dcpromo, as the password will
otherwise be expired in the new domain.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 13:33:00 CET 2010 on sn-devel-104
|
|
we need the vnum for ABI checking for public libraries built as
private libraries when bundled
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 9 12:47:41 CET 2010 on sn-devel-104
|
|
this broke in a recent patch
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
|
|
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC. We should get
this from group policy, but for now it's parametric smb.conf options.
Andrew Bartlett
|
|
The new default breaks some tests that were assuming LM or NTLM auth
Andrew Bartlett
|
|
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 9 04:32:18 CET 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
if the library has a vnum, then use it. If it doesn't have a vnum then
use the application version for symbol versions
|
|
|
|
This changes our version-script generation to use the ABI files that
are saved in git with each version number change of our public
libraries.
We use these ABI files to generate a linker version script that gives
the exact version number that each symbol was introduced. This
provides us with automatic fine grained symbol versioning.
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|