summaryrefslogtreecommitdiff
path: root/source3/include/ads.h
AgeCommit message (Collapse)AuthorFilesLines
2003-03-15A hack to get us building on a slightly older heimdal kerberos. It appearsAndrew Bartlett1-0/+7
that we don't need this flag - heimdal's internal password change routines don't set it. Andrew Bartlett (This used to be commit 069825bd78f2bf125e8a4e72933da924d393f5a5)
2003-02-24Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett1-0/+5
keys for kerberos authentication. Andrew Bartlett (This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett1-0/+3
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2002-11-18Revert ADS_ERR_OK change. Some compilers didn't like it.Jim McDonough1-1/+1
The problem is that ADS_ERR_OK() run on a function that returns an ADS_STATUS causes the function to be run mulitple times...so you have to return a status, then check it with the macro. (This used to be commit c03d6198f28ab37ba0c3224bd50779357270486d)
2002-11-18Next step of printer publishing.Jim McDonough1-56/+1
net ads printer publish <printername> [servername] Will retreive the DsSpooler and DsDriver info by rpc for a remote server then publish it. Next comes doing it within smbd (This used to be commit 64951938cc5666a757683cbe9bee3a2c20a05323)
2002-09-28Add the beginings of sam_ads to the tree.Andrew Bartlett1-2/+5
This module, primarilly the work of "Stefan (metze) Metzmacher" <metze@metzemix.de>, uses the Active Directory schema to store the user/group/other information. I've been testing it against a real AD server, and it is intended to work with OpenLDAP as well. I've moved a few functions around in our other libads code, which has made it easier to tap into that existing code. Also, I've made some changes to the SAM interface, I hope there are not too many objections... To ensure we don't get silly bugs in the skel module, it is now in the default compile. This way you should not forget to update it :-) Andrew Bartlett (This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
2002-09-25Another patch from metze, towards his work on sam_ads.Andrew Bartlett1-6/+7
See mx-ldap.sf.net for his current progress. (This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+8
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-21/+103
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-08-06Add AD version of samlogon replies for getdc. ATM it will only functionJim McDonough1-0/+22
if you have an ADS DC. (This used to be commit 059a352ebb7c7286d205bc86a92f5fd26ab1ff8e)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-13/+28
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-0/+1
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-04-18fixed the fallback to a BDC for ADS connectionsAndrew Tridgell1-0/+1
(This used to be commit 3e58a1ee83ea0b4347ce24e566445cc6cb67bb3a)
2002-04-10Add ads ldap server controlsJim McDonough1-0/+5
(This used to be commit 9126f008ef542b80f0040f621aa28478be5c80a0)
2002-02-11Add ability to extend ads modification list on the fly. Added ADS_MODLIST type.Jim McDonough1-0/+6
(This used to be commit 3f7ba70615008d74a145a94aa087cae08efab343)
2002-02-02Change ADS_ERROR family of macros - removed semicolon from the end, since ↵Jim McDonough1-4/+4
they were only being used correctly in one location, and all other assumed the semicolon wasn't there. Amazing that none of them mattered syntactically, until today. (This used to be commit 6515c3e8ef546975657e45fce7f147fe4a08e9ca)
2002-02-01Add ads printer informationJim McDonough1-0/+55
(This used to be commit a844d9af21d8047629129c5e842db7acbc059932)
2001-12-19much better ADS error handling systemAndrew Tridgell1-6/+16
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-0/+11
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-0/+2
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-0/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-12-05added timeouts and retries to ldap operationsAndrew Tridgell1-0/+7
(This used to be commit 4f004eb54d66b6f811cb2f4791da6c70d77f87c2)
2001-12-03added another ATYPE_Andrew Tridgell1-1/+2
(This used to be commit 514bc61daa3f6d11dadac1baed5a5bf61313b1f9)
2001-12-03added a basic ADS backend to winbind. More work needed, but atAndrew Tridgell1-0/+3
least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-11-20forgot this fileAndrew Tridgell1-0/+29
(This used to be commit 1dd255b06d4c8669d839a387d4c63ff3475ab1ab)