Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
|
|
These are in nbt.idl and netlogon.idl as well, no need to have them
here under different names, especially when the comments are wrong
|
|
Guenther
|
|
Guenther
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
ads->config.tried_closest_dc was never set.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
|
|
user object in AD to be the username alias.
For example:
$ net ads search "(uid=coffeedude)"
distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
sAMAccountName: gcarter
memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
uid: coffeedude
uidNumber: 10000
gidNumber: 10000
unixHomeDirectory: /home/gcarter
loginShell: /bin/bash
$ ssh coffeedude@192.168.56.91
Password:
coffeedude@orville:~$ id
uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)
$ getent passwd PINK\\gcarter
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent passwd coffeedude
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent group PINK\\Unixusers
PINK\unixusers:x:10000:coffeedude
|
|
Guenther
(This used to be commit 7d7ba8397743af52a74d00fd717bdeb5e3e12a28)
|
|
Guenther
(This used to be commit be846d5383ef31136cca6b11eb6181736fb2e29d)
|
|
Guenther
(This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
|
|
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389. Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
|
|
Guenther
(This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
|
|
Guenther
(This used to be commit 0a012c12d643e627ea1bad2a2ad6214f78918fa7)
|
|
Guenther
(This used to be commit 2605c6758ebb2f53c0c91f99d766e3db548e07ce)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
in the
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.
Guenther
(This used to be commit f5b3de4d3069eaa750240e3422bac5cb169b6c0a)
|
|
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation
is independed from the req_flags and ret_flags
- verify the server supports the wrapping type we want
- better handling on negotiated buffer sizes
metze
(This used to be commit d0ec7323870ca16b28d458ff5f7dacce278b7d54)
|
|
metze
(This used to be commit 05fce8815f2f08f71522ba326224185dcecd62ae)
|
|
NOTE: windows servers are broken with sign only...
metze
(This used to be commit 408bb2e6e2171196a2bd314db181d9b124e931a1)
|
|
metze
(This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)
|
|
metze
(This used to be commit 65ce6fa21adec704b3cde30c57001e5620f048e4)
|
|
metze
(This used to be commit 7d8518ebd9470062b499b7074a940e14520e99f2)
|
|
metze
(This used to be commit 873eaff8febb50f00f9dac64c57b2a22c16f4f9b)
|
|
metze
(This used to be commit d5512da62a6ae38321709611b04f419cc6c3b190)
|
|
they're not used yet...
metze
(This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965)
|
|
substructure.
metze
(This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
|
|
Guenther
(This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
|
|
for the
extended apply group policy right.
Guenther
(This used to be commit d832014a6fef657f484412372b5d09047552b183)
|
|
Guenther
(This used to be commit 964acb2716e230172e716d8d24ee2f888930130d)
|
|
Guenther
(This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
|
|
Guenther
(This used to be commit 52fdbbda53df79461322b9d21aba998f19181df8)
|
|
(This used to be commit 1351207626ee0f99aef93326ef96bf69651bf472)
|
|
search with
the SD_FLAGS control.
Guenther
(This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
|
|
NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
This allows a provider to supply the homedirectory, etc...
attributes for a user without requiring support in core
winbindd code. The idmap_ad.c module has been modified
to provide the idmap 'ad' library as well as the rfc2307 and sfu
"winbind nss info" support.
The SID/id mapping is working in idmap_ad but the nss_info
still has a few quirks that I'm in the process of resolving.
(This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
|
|
Remove all reference to "Default-First-Site-Name" and
treat it like any other site.
Jeremy.
(This used to be commit 5ae3564d6844f44a6943b2028917bd457371af1e)
|
|
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
(This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
|