Age | Commit message (Collapse) | Author | Files | Lines |
|
auth_netlogond was an important module in the development of the
combined Samba 4.0, and was the first module to link smbd with the AD
authentication store, showing that it was possible for NTLM
authentication to be offloaded to the AD server components.
We now have auth_samba4, which provides the full GENSEC stack to smbd,
which also matches exactly the group membership and privileges
assignment and which is supported and tested as part of the official
Samba 4.0 release configuration.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 16 10:13:20 CEST 2012 on sn-devel-104
|
|
pdb_ads was an important module in the development of the combined Samba 4.0, and
was the first module to show that standard samba3 tools such as smbpasswd can be
made to operate on the sam.ldb.
We now have pdb_samba4, which operates directly on the sam.ldb, rather than via
ldapi://, which uses transactions and which is supported and tested as part
of the official Samba 4.0 release configuration.
This module is not as complete (for example, it does not honour the idmap
configuration) and requires that the samba binary be running to operate.
Andrew Bartlett
|
|
|
|
|
|
domains in samba3upgrade
|
|
This commit changes the default file server to be s3fs. Existing
installs wishing to keep the ntvfs file server need to set this in
their smb.conf:
server services = +smb -s3fs
dcerpc endpoint services = +winreg +srvsvc
Andrew Bartlett
|
|
root if it is -500
Many upgraded installations have root as -1000, and so that account needs to be kept.
Andrew Bartlett
|
|
The issue was that the numbers at the end of the lines are space
padded.
Andrew Bartlett
|
|
|
|
This is a solution for users who are upgrading from Samba 3.x in
particuar, or have clients that will be using idmap_ad. This avoids
needing to have duplicate values in idmap.ldb and in the directory.
No check for conflicts is made with the idmap.ldb - the AD store always wins.
Andrew Bartlett
|
|
Samba) does not send correct responses to NT Transact Secondary when no data and no params
for the Trans2 calls. See MS-CIFS 2.2.4.47.2 for details.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 16 07:59:19 CEST 2012 on sn-devel-104
|
|
not send correct responses to NT Transact Secondary when no data and no params
Found by Richard Sharpe <realrichardsharpe@gmail.com>. The correct
command code in a reply to NT Transact Secondary (0xa1) is
NT Transact (0xa0).
|
|
The "else" is not necessary, we did a return in the if-branch
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
We changed a lot since alpha13, so there are lots of legitimate errors to fix.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 16 05:44:15 CEST 2012 on sn-devel-104
|
|
This will then allow us to make schema modifications, overriding the default ban.
Andrew Bartlett
|
|
|
|
Some early Linux 2.6 platforms can not handle sendfile and _FILE_OFFSET_BITS == 64
This disables sendfile() on these platforms.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 16 02:21:28 CEST 2012 on sn-devel-104
|
|
I saw this at least 10 times in the last weeks.
[1425/1517 in 1h12m22s] samba4.nss.test using winbind(s3dc)
UNEXPECTED(failure): samba4.nss.test using winbind(s3dc).run nsstest(s3dc)
REASON: _StringException: _StringException: ERROR setpwent: NSS_STATUS=-1 1 (nss_errno=0)
ERROR getpwent: NSS_STATUS=-1 1 (nss_errno=0)
ERROR endpwent: NSS_STATUS=-1 1 (nss_errno=0)
ERROR setgrent: NSS_STATUS=-1 1 (nss_errno=0)
ERROR getgrent: NSS_STATUS=-1 1 (nss_errno=0)
ERROR endgrent: NSS_STATUS=-1 1 (nss_errno=0)
ERROR Non existent user gave error -1
ERROR Non existent uid gave error -1
ERROR Non existent group gave error -1
ERROR Non existent gid gave error -1
total_errors=10
FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 15 20:24:11 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
With "gpfs:acl=no" you can pass the acl calls to the next SMB_VFS module.
Based on a patch from Hans-Dieter Schuster <hans-dieter.schuster@ts.fujitsu.com>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
We assign the only struct member one line down
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jun 15 18:16:11 CEST 2012 on sn-devel-104
|
|
This corrects an error in 8e31d97c8b62d34aff5d52bfe46dbcc5805dae03.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 15 16:25:20 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 15 14:20:04 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
dbwrap_trans_change_int32_atomic->dbwrap_trans_change_int32_atomic_bystring
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
dbwrap_trans_change_uint32_atomic->dbwrap_trans_change_uint32_atomic_bystring
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
We need to keep these files away from where waf might see them.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 15 11:10:14 CEST 2012 on sn-devel-104
|
|
|
|
|
|
To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER
is mapped to the samba4 auth module, and this is no longer required to
be specified in fileserver.conf.
Andrew Bartlett
|
|
member server
standalne is left as an alias.
Andrew Bartlett
|
|
This simplifies our supported configurations down to those that we test and expect
to work. security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.
The correct way to be an AD DC is to set "server role = active directory domain controller"
Andrew Bartlett
|
|
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
module list
|
|
The SID for the SYSTEM token should be a fixed value, and not the
administrator. Note however that it will be replaced by the SID of
sec_initial_uid() by the create_local_token() code. Fixing this
requires fixes the other parts of the code that cannot cope with a
token of just SID_NT_SYSTEM.
Andrew Bartlett
|
|
This continues on from commit caaebb455cf955f66c2f662c53998c480cb2d6c9
which is marked as being part of bug #8944, ldapsam:trusted and ipasam
and an additional fix for bug #8567
(0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).
The problem here was that the primary_gid was simply the pointer result
of dom_sid_parse_talloc() cast to a uint32_t (found by the IRIX cc on
the build farm).
Andrew Bartlett
|
|
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 15 09:17:33 CEST 2012 on sn-devel-104
|
|
metze
|
|
This should fix build problems on AIX.
metze
|
|
We should allow NDR_PRINT_DEBUG() to log them.
TODO: we could add some more magic which logs it at level 100.
metze
|