Age | Commit message (Collapse) | Author | Files | Lines |
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
jrv@vanzandt.mv.com
Most of them didn't apply any more, but the bits that did I've commited.
Andrew Bartlett
(This used to be commit 1022a176e5af25872f34147d6f8b38601134915c)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
and there is no real reason for it to depend on more than the abilty
to compile the code.
(This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
a little while back. We might have to look at the migration path for these
options. (or as --with-ldap has always been 'experimental' we could ignore
it...)
Andrew Bartlett
(This used to be commit 35e909b33870f6c5d8af9398d6f9f816e83e2ca4)
|
|
(This used to be commit e8ede079b5af4187573f1b8ed0d94b6f03cbbd22)
|
|
* fix typos
* regenerate pages
(This used to be commit edfafa1d40649101d599859951f7289c1d057cfa)
|
|
(This used to be commit 0ffda9ffad2073a5995ce34fde5c3b5fc4859b90)
|
|
Doco for pdbedit and (ugly, but the best we could come up with) fix
for compiling pdbedit on some non-gcc compilers.
Andrew Bartlett
(This used to be commit 80adf1dbb56cf8bdbfbcc2c8c7b670c0a23c97f8)
|
|
Volker
(This used to be commit 8973a01f5efa547ed356e27fe1660da732b24cdd)
|
|
(This used to be commit 206f1158bd059de9bf4290935d131f42e4639f99)
|
|
(This used to be commit 1650bc969fbd36a02758fafd9addc66ea715e835)
|
|
Andrew Bartlett
(This used to be commit 012b3326c40ca0f8f4c7673310d73f695cc4f79b)
|
|
All uids and gids must create valid RIDs, becouse other code expects this, and
can't handle the failure case. (ACL code in particular)
Allow admins to adjust the base of the RID algorithm, so avoid clashes with
users brought in from NT (for example).
Put all the algorithm code back in one place, so that this change is global.
Better coping with NULL sid pointers - but it still breaks a lot of stuff.
BONUS: manpage entry for new paramater :-)
counter based rids for normal users in tdbsam is disabled for the timebeing,
idra and I will work out some things here soon I hope.
Andrew Bartlett
(This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
|
|
* addedd "private dir" to smb.conf.5.sgml
* regenerated man pages, HOWTOs, etc...
(This used to be commit 3b29006e35a991d20cda1c92d535ef016099d0d4)
|
|
Once again, can someone run docbook on this?
(This used to be commit dc77ad423da65cc1135674085494a28678ec4b6f)
|
|
addition of long flags from conversion to popt, and update of the version
number. Can someone with working docbook do the magic to this thing?
(This used to be commit e074f10622329ba6588078f8c640fbc29f536c5b)
|
|
(This used to be commit 9a9e4e92ae079eb906dcc7123df092f4917b5dad)
|
|
(This used to be commit b1cbc23d82cfca1179d6be1e11b8bea2d0acdc9e)
|
|
(This used to be commit 8b357e6551c3a91aa7017ae8dcf38558f15f1c0b)
|
|
"code page directory", "character set", et. al.)
(This used to be commit 6ff236249559f8a11381cab9cc1757b26764a39d)
|
|
(This used to be commit 7b7e4190739bd7df422e3f239fd89373edb97ee5)
|
|
(This used to be commit a60be0216eb3d0c76f93ec3a3edd861861cb1a4e)
|
|
(This used to be commit 55c53ef08974947cf10a79882b63d6d8e8baad4c)
|
|
(This used to be commit 2137c7163475691056fe1701b75128e238520b05)
|
|
Thanks!
Andrew Bartlett
(This used to be commit 7f7a53e8489f97ced28936252eca322c09b01d61)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
|
|
manpage.
(This used to be commit a10cdbfbed4e04609f511cbbf976df4b4d391729)
|
|
(This used to be commit 88b0e670426c216d754716dc6095b673b9645f1a)
|
|
All should be curent now.
(This used to be commit 91662683e3e690fb69f333fadf0f317c53995ba7)
|
|
my files were not being checked in sometimes.....
cvs update -A
cleared all the sticky tages and now I have to recheck some things in.
j-
(This used to be commit 241f4a548d57083b153afafafdd18ed5de5412b7)
|
|
(This used to be commit 789c1defa47a1efd25efafab2d8a5a51c03b85b4)
|
|
(This used to be commit 67c6a24344e31c417c8c6f5db27697e268524401)
|
|
(This used to be commit 9713bce0354009fb4d9c06989ff86900101eae0c)
|
|
(This used to be commit f7d900873c3553dde88d42d903b74dc49c9a6c71)
|
|
(This used to be commit 4aecb650e1ece234fb7359270deb74fe1c1a4a16)
|
|
Jeremy.
(This used to be commit a076e2e4c512cd2ef2f9c38447c44d93e4b6ac57)
|
|
(This used to be commit d57c43fd05d8759f09c8c460baeb513a8ed41479)
|
|
(This used to be commit fe7ad3761233f7adb13756d611a11dbf0594b77f)
|
|
(This used to be commit c5ee06b7c8fc9f1fec679acc7d7f47f333707456)
|
|
Jeremy.
(This used to be commit 6a10accbcaa130b51381d43cb10c55e86ba2a320)
|
|
(This used to be commit c6a01f0a67148a234175439bdfe439ae011d397d)
|
|
(This used to be commit c76bf8ed3275e217d1b691879153fe9137bcbe38)
|
|
(This used to be commit 865167203ceff157a7204418cda8905833314575)
|
|
(This used to be commit 68dc525e8e7906a8618b6d28c5543ce89768563d)
|
|
(This used to be commit f66899965ea3d9677ba75dff56df2319b3e4b7c0)
|
|
than 'var=value'.
Fixed up some dodgy quoting on the way.
(This used to be commit 0606c194d6e3aba0c1aac883fe04e0c6e9e9a578)
|
|
(This used to be commit 51795ca3509d9f1a076fae902211ebad02897c72)
|