| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
metze
|
|
This commit changes the default file server to be s3fs. Existing
installs wishing to keep the ntvfs file server need to set this in
their smb.conf:
server services = +smb -s3fs
dcerpc endpoint services = +winreg +srvsvc
Andrew Bartlett
|
|
We need to keep these files away from where waf might see them.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 15 11:10:14 CEST 2012 on sn-devel-104
|
|
member server
standalne is left as an alias.
Andrew Bartlett
|
|
This simplifies our supported configurations down to those that we test and expect
to work. security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.
The correct way to be an AD DC is to set "server role = active directory domain controller"
Andrew Bartlett
|
|
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
All the roles other than ROLE_DOMAIN_MEMBER map to SEC_USER.
Andrew Bartlett
|
|
This will in turn make it possible to put the actual parameter
definitions in common.
Andrew Bartlett
|
|
|
|
merge
This will allow us to create just one list of the FN_ macros, included
into both parameter systems.
This will in turn allow the actual parameter definitions
to be merged in a similar way.
Andrew Bartlett
|
|
While this makes no difference in the lib/param code, this allows the C files
to be compared and merged.
Andrew Bartlett
|
|
|
|
This makes it easier to them merge these two function lists without
changing the meaning of the output.
Andrew Bartlett
|
|
This reduces the difference in the parameter tables.
Andrew Bartlett
|
|
This reduces the difference in the parameter tables.
Andrew Bartlett
|
|
|
|
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 6 16:38:00 CEST 2012 on sn-devel-104
|
|
This use long to fetch time_t quantities, because there are architectures were
time_t is a signed long but long != int, So long is the proper way to deal with
it.
|
|
|
|
|
|
Someone forgot to move the README when they moved the code ...
|
|
|
|
|
|
This removes the difference between many of the key elements of the global
parameters table, and makes it easier to merge the two tables.
Andrew Bartlett
|
|
|
|
This removes the difference between many of the key elements of the global
parameters table, and makes it easier to merge the two tables.
Andrew Bartlett
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
This adds an alisas to ensure that both our loadparm systems know all
the names.
I would like to move to the 'server ..' name as canonical, and this
will be raised on the list.
Andrew Bartlett
|
|
|
|
|
|
The memory reduction compared of talloc_reference() over talloc_strdup()
is typically very low. As the strings are typically short compared
to the talloc header overhead.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 16:13:50 CET 2012 on sn-devel-104
|
|
This will allow s3 to specify modules to use as a list, rather than
needing to start the individual module with gensec_start_mech_by_ops()
Andrew Bartlett
|
|
metze
|
|
These parameters should be defined as int and not bool. This fixes
the test failures on big endian machines.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Dec 22 10:37:42 CET 2011 on sn-devel-104
|
|
This causes the copy_service() to not copy bAvailable boolean on
big endian machines causing tests to fail.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Dec 22 05:30:49 CET 2011 on sn-devel-104
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sat Dec 17 04:19:40 CET 2011 on sn-devel-104
|
|
This matches the s3 loadparm, and makes this feature available
by default for our users in a DC environment. (This is needed
for the correct operation of GPOs).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Dec 16 01:08:34 CET 2011 on sn-devel-104
|
|
when you have:
server services = +smb -s3fs
and 'smb' is already in the list, then this should not be an
error. This ensures that a config that specifically sets the services
it wants doesn't generate an error if the service list being set
happens to be the default
|
|
Configures parameter to enumerate name of python KCC
topology generator for subsequent use by samba_runcmd_send()
invocation from kcc task
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
|
|
The pdc/bdc split is only in smb.conf for Samba3 DCs, and so is
too confusing to document in this paramter. It will be clearer
to sort out "domain master" into a "pdc emulator" paramter
to conver this distinction.
Andrew Bartlett
|
|
This also permits a few more valid combinations, due to the layer at which this is
being used.
Andrew Bartlett
|
|
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
This #include hack is required as it is not possible to declare a
compile-time sized array in a header file.
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.
This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
