Age | Commit message (Collapse) | Author | Files | Lines |
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
the method used for checking if a domain is a trusted domain is very
crude, we should really call a backend fn of some sort. For now I'm
using winbindd to do the dirty work.
(This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
|
|
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
name is a "principal", not a principle. English majors will complain :-).
Jeremy.
(This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
|
|
(This used to be commit 44bdb8b12b3d6a7bf3148c2ac651a79f10776db6)
|
|
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
|
|
(This used to be commit fd3a3daef3b8f7140e7006d30d23d739ac3aad2f)
|
|
it should give something for others to hack on and possibly find what
I'm doing wrong.
(This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
|
|
(This used to be commit 888183a17cfb12c0cbf7d1ed515064d6f1716114)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
(This used to be commit 8b692d8326a1548a7dbbd2cecee9ece6aa60473a)
|
|
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.
it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
(This used to be commit 395cfeea94febb5280ea57027e8a8a3c7c3f9291)
|
|
(This used to be commit 919734c1a6fd8b3bd0e12e96d878f47b6d6ff5e0)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|