Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Also check that the connection to ads worked.
|
|
struct.
Guenther
|
|
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
|
|
|
|
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
Michael
|
|
|
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
|
Guenther
|
|
attribute warn_unused_result. Start to fix these.
Jeremy.
|
|
metze
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Samba 4.
|
|
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
|
|
Michael
(This used to be commit 81cc1af1e699e454fbb1d12636d002f845231006)
|
|
Michael
(This used to be commit 96d1c780bf9524b929e6026776602a5288aea73d)
|
|
Guenther
(This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
|
|
Guenther
(This used to be commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75)
|
|
Previously this was done at token creation time if the Administrators and Users
builtins hadn't been created yet. A major drawback to this approach is that if
a customer is joined to a domain and decides they want to join a different
domain, the domain groups from this new domain will not be added to the
builtins.
It would be ideal if these groups could be added exclusively at domain join
time, but we can't rely solely on that because there are cases where winbindd
must be running to allocate new gids for the builtins. In the future if there
is a way to allocate gids for builtins without running winbindd, this code
can be removed from create_local_nt_token.
- Made create_builtin_users and create_builtin_administrators non-static so
they can be called from libnet
- Added a new function to libnet_join that will make a best effort to add
domain administrators and domain users to BUILTIN\Administrators and
BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be
running to allocate new gids, but if the builtins already exist, the domain
groups will be added even if winbindd is not running. In the case of a
failure the error will be logged, but the join will not be failed.
- Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing.
(This used to be commit e92faf5996cadac480deb60a4f6232eea90b00f6)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1)
|
|
(This used to be commit a0793cc853d3bd43df2fc49df193a5fead6b01ab)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
|
|
Guenther
(This used to be commit f1cc39e3759357344cb7abcb6bfa9d3e3f4969e6)
|
|
Thanks to Atte Peltomäki.
Guenther
(This used to be commit 144d374ad9dd981430a82369ceaa2783e6dae90a)
|
|
Guenther
(This used to be commit ebf31203e7cf22e32b986c536279688b17a65d22)
|
|
This is required now if the join verify failed and we already
modified the local configuration.
Guenther
(This used to be commit 2870fe50af5163e30330f5a3ef21d0b7eea85ee5)
|
|
Jerry, this fixes the issues while joining with "config backend = registry".
Guenther
(This used to be commit b3d47f099286778252c6df6bf2c1fee0c4e26560)
|
|
Guenther
(This used to be commit f9e5450c9492b0f35bd90040739007963e765ab1)
|
|
Guenther
(This used to be commit 6dbed6e7b7300962e11fdce1a713e6f3ea2cb619)
|
|
Guenther
(This used to be commit d7ba98cc3f2d037ec01e079220a66da508b104b0)
|
|
Guenther
(This used to be commit 452a9ea4af19d3aebc35929edaf4e5adf8c1fd11)
|
|
Guenther
(This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477)
|
|
Guenther
(This used to be commit 7889516a384c155a9045aad4409c041fddd0d98d)
|
|
Guenther
(This used to be commit 82cbb3269b2e764c9c2a2fbcbe9c29feae07fb62)
|
|
This finally enables joining AD using workgroup or realm name.
Guenther
(This used to be commit 0cf16e6b47f5978bdcb84ac8a29ef13ff2b5cca8)
|
|
(This used to be commit 99fc3283c4ecc791f5a242bd1983b4352ce3e6cf)
|