Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit 4e1816855a8f86d1228c44b39126fbfb3cb893c0)
|
|
(This used to be commit 44d4bab991d5fc88005a542d2490ae3254a0f5b5)
|
|
Paul
(This used to be commit f5be3e12e2dc42a2092b71c9e4cab6f5d0ef8860)
|
|
on Solaris.
Jeremy.
(This used to be commit b65c6468651282879a39fa8029c190f2d1a91a28)
|
|
password via stdin
(This used to be commit 60d4aabc3205aa80f8d49c3c2db95927c61a81a5)
|
|
this one
(This used to be commit 8f5b198acaca5ce14ab1098d86f34df9a67619d4)
|
|
(since removal implies greater permissions that Windows clients require)
(This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)
|
|
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
(This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
|
|
source code.
(This used to be commit 9559886a92b1fdd33d380bf0100dcddb12477ff2)
|
|
(This used to be commit ae56154fc7694042496a55d4dade8ef1a7ba361c)
|
|
(This used to be commit d19dad88155f985f113c667b6bdad5a1b25eca18)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
metze
(This used to be commit a48b1f7fae538a4220e087a1863015dd8c564005)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
stack tracing support. This provides an easy way for users to provide
stack traces (hopefully it will be implemented on something other than
ia64).
(This used to be commit 0b5e07e12daa98095dae27e0a6d53fe8ec3f3700)
|
|
Guenther
(This used to be commit 6161e525de55769ed5e45d505f26f6cd9d6555e5)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
not support shared libraries.
(This used to be commit a1c12d7949f9110530526cc7133424e842cdcc71)
|
|
should list
long share names.
Volker
(This used to be commit d3d388180dacb7b9db5d122bc3f2ce1045434f53)
|
|
handling anymore when we remove $(LIBS) from pam_winbind again.
Also make sure to build our own copy of iniparser with -fPIC.
Guenther
(This used to be commit e32c4f6f6e090ca5babe9f131bbcb9babedcec05)
|
|
Temporary linking fix for --with-included-iniparser
(gd will do a proper fix later).
(This used to be commit 7d5adcf3a7237d130efea6cc9f6e5d28e65e2e51)
|
|
Guenther
(This used to be commit 5ae22cf46b1077b8892a2941a2891fe7412f1b9f)
|
|
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
|
|
/etc/security/pam_winbind.conf as config file for the PAM module by
default.
Guenther
(This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
|
|
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
|
|
CC_CHECKER=mycheker make
metze
(This used to be commit b562459fbfdbfa25c774d631b48f1187fc3e15eb)
|
|
jerry: can you test that please
metze
(This used to be commit aa76c2edee17a023ee49f9b960a79df402f785ea)
|
|
Samba3 - with some 64-bit macro madness. Attempt to fix
the broken directory handling in the *BSD-of-the-month
club.
Jeremy.
(This used to be commit fd98427f64f4206c01f16f82fadf24f5863878db)
|
|
metze
(This used to be commit 789694d12e53ccd327c4a3e4755ef5004503cb4e)
|
|
HSM is interested in. Tested on both IRIX and SLES9.
(This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)
|
|
for module in ; do ... ; done
leads to an error (true64, solaris 8).
We now use {,UN}INSTALL_PAM_MODULES to get replaced by configure.
Therfore we don't run into the {,un}installpammodules rule if no PAM
module is requested.
Thanks to Björn Jacke for pointing to this issue.
(This used to be commit 07a70f8f861235ba4037aacb9cc835b6d18f51c3)
|
|
Might need to rework prs_dcerpc_status().
Guenther
(This used to be commit 38b18f428ba941f4d9a14fa2de45cb0cd793a754)
|
|
I'll try to add some tests using samba3's smbtorture and smbclient
later.
can someone check if this would be save to run on the build-farm
without leaking child processes...
metze
(This used to be commit 899fd6808ebd04d039caf7199c60d34a4987b43a)
|
|
Nothing happens if PAM_MODULES is empty which is our default.
The default destination dir is "${LIBDIR}/security". It's possible to
overwrite the default with --with-pammodulesdir while calling configure.
(This used to be commit 7163c6860549378fa63907048c4eb34fe81835cc)
|
|
(This used to be commit 160626195bf44b94109ddb7a15da703344d8163f)
|
|
- add configure tests --with-selftest-prefix=/tmp/samba-test
this is needed because the path name of unix socket can only be 108 chars long
- add configure test --with-smbtorture4-path=/home/foo/prefix/samba4/bin/smbtorture
this will be used to run samba4's smbtorture inside samba3's make test later
metze
(This used to be commit d9df1853b947c70f747ea30a353162f2985ef250)
|
|
a AC variable)
(This used to be commit 7d92cff7a3327cc9da5a4723bd62e68e0402acb8)
|
|
(This used to be commit 90eb092083383c2b606e21dc65fb036bb973b032)
|
|
Testing pam_smbpass pam_winbind
dlopen() of "./bin/pam_smbpass.so" succeeded.
dlopen() of "./bin/pam_winbind.so" failed: ././bin/pam_winbind.so:
undefined symbol: secrets_fetch_domain_sid
make: *** [test_pam_modules] Error 1
(This used to be commit 4b545e0ce665fe772095c27fe11ce535477f84ce)
|
|
called as part of the all rule (again only if pam modules are requested
by configure).
Add pam_winbind rule.
Ensure proto_exists before we build the pam modules.
Add test_pam_modules rule to test if the built pam modules have any
unresolved symbols. For test_pam_modules we use script/tests/dlopen.sh
which was written by Nalin Dahyabhai <nalin@redhat.com>. Thanks Nalin!
RedHat and SuSE use this script to test nss and pam modules since
several years.
(This used to be commit 71b2eb55adcd28f3796254ea1ce0bcee6098e712)
|
|
nscd caches so that NSS-calls can deliver accurate information.
Guenther
(This used to be commit a32a423a0e9e0d4dd21282fd528bcd3247fddbd1)
|
|
The intention is to have the resulting binaries at one place. This is
also usefull for upcoming changes to provide a test_pammodules rule.
With these changes I even got aware of
testsuite/nsswitch/pam_winbind_syms.exp But this only covers
pam_winbind.
(This used to be commit 9883957b74ddefb5293e4aef0cc2f53ee4d417ac)
|
|
(This used to be commit a40a7f5ea10cf8651cb4334a6623c07fb3dfc565)
|
|
* add support for %(DomainSID)
* replace standard_sub_XXX() functions with wrappers around their
alloc_sub_XXX() counterparts
* add support for using SIDs in read list, et. al. (anything that
is checked by nt_token_contains_name_in_list())
(This used to be commit 71d960250d2c6d01096a03e98884d3f9c395baa0)
|
|
Ignore script/gen-8bit-gap.sh in branches/SAMBA_3_0/source/script as we
already do in trunk.
(This used to be commit b974b1879c1bded616becb77fa34f071a5f43ecc)
|
|
to substitute rootsbindir in {,un}installbin.sh.in.
Pass $prefix as third arg to installbin/ uninstallbin as rootsbindir by
default is $prefix/sbin.
(This used to be commit 7773b8c9e0ad7bcff1312f28ca9cd17d7677e9bd)
|
|
I suggest to stay with ^BASEDIR= @prefix@$ for at least the next release
to give external projects - like samba-vscan project - time to adopt
this change.
BASEDIR is non of the default autoconf variables. prefix is.
Jerry1: If possible please announce this with the next release. I'll
self reply to technical.
Jerry2: This does not break your makepkg stuff as you set BASEDIR
_not_ from the Makefile.
(This used to be commit 730d5ec22948c579a81137051134657043c34415)
|
|
(This used to be commit fb76390c6ae5928a2a222d61cbadf825611999ef)
|
|
(This used to be commit 426c8fe0bdacbf218d4cf4a10af789afbc0e53f2)
|
|
Guenther
(This used to be commit 7e80d5358eb181c3515acb732a3594e80391261b)
|