Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
This helps clarify the role of this structure and wrapper function.
The purpose here is to provide helper functions to the lib/param
loadparm_context that point back at the s3 lp_ functions. This allows
a struct loadparm_context to be passed to any point in the code, and
always refer to the correct loadparm system. If this has not been
set, the variables loaded in the lib/param code will be returned.
As requested by Michael Adam.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
This commit changes the default file server to be s3fs. Existing
installs wishing to keep the ntvfs file server need to set this in
their smb.conf:
server services = +smb -s3fs
dcerpc endpoint services = +winreg +srvsvc
Andrew Bartlett
|
|
We need to keep these files away from where waf might see them.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 15 11:10:14 CEST 2012 on sn-devel-104
|
|
member server
standalne is left as an alias.
Andrew Bartlett
|
|
This simplifies our supported configurations down to those that we test and expect
to work. security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.
The correct way to be an AD DC is to set "server role = active directory domain controller"
Andrew Bartlett
|
|
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
All the roles other than ROLE_DOMAIN_MEMBER map to SEC_USER.
Andrew Bartlett
|
|
This will in turn make it possible to put the actual parameter
definitions in common.
Andrew Bartlett
|
|
|
|
merge
This will allow us to create just one list of the FN_ macros, included
into both parameter systems.
This will in turn allow the actual parameter definitions
to be merged in a similar way.
Andrew Bartlett
|
|
While this makes no difference in the lib/param code, this allows the C files
to be compared and merged.
Andrew Bartlett
|
|
|
|
This makes it easier to them merge these two function lists without
changing the meaning of the output.
Andrew Bartlett
|
|
This reduces the difference in the parameter tables.
Andrew Bartlett
|
|
This reduces the difference in the parameter tables.
Andrew Bartlett
|
|
|
|
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 6 16:38:00 CEST 2012 on sn-devel-104
|
|
This use long to fetch time_t quantities, because there are architectures were
time_t is a signed long but long != int, So long is the proper way to deal with
it.
|
|
|
|
|
|
Someone forgot to move the README when they moved the code ...
|
|
|
|
|
|
This removes the difference between many of the key elements of the global
parameters table, and makes it easier to merge the two tables.
Andrew Bartlett
|
|
|
|
This removes the difference between many of the key elements of the global
parameters table, and makes it easier to merge the two tables.
Andrew Bartlett
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
This adds an alisas to ensure that both our loadparm systems know all
the names.
I would like to move to the 'server ..' name as canonical, and this
will be raised on the list.
Andrew Bartlett
|
|
|
|
|
|
The memory reduction compared of talloc_reference() over talloc_strdup()
is typically very low. As the strings are typically short compared
to the talloc header overhead.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 16:13:50 CET 2012 on sn-devel-104
|
|
This will allow s3 to specify modules to use as a list, rather than
needing to start the individual module with gensec_start_mech_by_ops()
Andrew Bartlett
|
|
metze
|
|
These parameters should be defined as int and not bool. This fixes
the test failures on big endian machines.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Dec 22 10:37:42 CET 2011 on sn-devel-104
|
|
This causes the copy_service() to not copy bAvailable boolean on
big endian machines causing tests to fail.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Dec 22 05:30:49 CET 2011 on sn-devel-104
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sat Dec 17 04:19:40 CET 2011 on sn-devel-104
|
|
This matches the s3 loadparm, and makes this feature available
by default for our users in a DC environment. (This is needed
for the correct operation of GPOs).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Dec 16 01:08:34 CET 2011 on sn-devel-104
|
|
when you have:
server services = +smb -s3fs
and 'smb' is already in the list, then this should not be an
error. This ensures that a config that specifically sets the services
it wants doesn't generate an error if the service list being set
happens to be the default
|
|
Configures parameter to enumerate name of python KCC
topology generator for subsequent use by samba_runcmd_send()
invocation from kcc task
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
|
|
The pdc/bdc split is only in smb.conf for Samba3 DCs, and so is
too confusing to document in this paramter. It will be clearer
to sort out "domain master" into a "pdc emulator" paramter
to conver this distinction.
Andrew Bartlett
|
|
This also permits a few more valid combinations, due to the layer at which this is
being used.
Andrew Bartlett
|
|
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|