Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit 02d08ca0be8c374e30c3c0e665853fa9e57f043a)
|
|
Guenther
(This used to be commit af3779a51624977088c322ac98f52c02e9291b54)
|
|
Guenther
(This used to be commit 1fe4724f57f4f25ed486240cb1e741da60f0c997)
|
|
Guenther
(This used to be commit 714ea3ceab714e23e97eb3e4d7261456a18abbac)
|
|
server in winbindd when it's down and listed
in the -ve connection cache. Fix memory leak,
reduce timeout for cldap calls - minimum 3 secs.
Jeremy.
(This used to be commit 10b32cb6de234fa17fdd691bb294864d4d40f782)
|
|
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
|
|
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
|
|
Jerry, please check.
Thanks,
Volker
(This used to be commit b87c4952216b6302b0e1f22689b5a36b6aa65349)
|
|
Guenther
(This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742)
|
|
Guenther
(This used to be commit 479dec68459df606ff566ac86eb3b4bbbd2ca77a)
|
|
* replace printf to stderr with DEBUG statements as they get printed in
daemons
* "net ads lookup" return code
Guenther
(This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
|
|
unavailable; use "ldap timeout" handling.
Jerry, please check.
Guenther
(This used to be commit 821bbb4566c4b3f9798054ed3bf772db0c9ae3f2)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|