summaryrefslogtreecommitdiff
path: root/lib/param/loadparm_server_role.c
AgeCommit message (Collapse)AuthorFilesLines
2013-05-28param: Remove _SAMBA_BUILD_ checks from now the autoconf build is goneAndrew Bartlett1-4/+0
Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2012-06-15lib/param: make security=domain and security=ads conflict with being a DCAndrew Bartlett1-18/+2
This simplifies our supported configurations down to those that we test and expect to work. security=domain and domain logons = yes has never made much sense, and security=ads and domain logons = yes was only ever used in early experiments for our AD support using smbd. The correct way to be an AD DC is to set "server role = active directory domain controller" Andrew Bartlett
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett1-1/+3
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-11lib/param: simplfy lp_find_security()Andrew Bartlett1-5/+0
All the roles other than ROLE_DOMAIN_MEMBER map to SEC_USER. Andrew Bartlett
2012-05-15s3-auth: remove "security=server" (depricated since 3.6)Stefan Metzmacher1-8/+1
"security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-6/+1
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2011-12-22param: domain_logons and domain_master are of type enum_bool_autoAmitay Isaacs1-1/+1
These parameters should be defined as int and not bool. This fixes the test failures on big endian machines. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Thu Dec 22 10:37:42 CET 2011 on sn-devel-104
2011-11-17param: use lp_is_security_and_server_role_valid()Andrew Bartlett1-5/+11
This also permits a few more valid combinations, due to the layer at which this is being used. Andrew Bartlett
2011-11-17param: Check if server role and security parameters are conflictingAmitay Isaacs1-0/+39
2011-11-17param: move server role helpers into loadparm.hAndrew Bartlett1-1/+1
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17param: calculate server role from security, and security from server roleAndrew Bartlett1-0/+143
This allows smb.conf files from either the samba3 or samba4 tradition to come to the same value of server role, using the information in the smb.conf file. This is important so that tools like 'net getlocalsid' work against a Samba4 AD installation (yes, users have tried this). Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>