| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
(This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
|
|
if it returned -1 (treat as undefined). Ensure we obey
this.
Jeremy.
(This used to be commit 256ae3a16bcafe70cc1a00496681c709380e4fc3)
|
|
swapped to disc using mlock(). (patch was reviewed by Jeremy).
Guenther
(This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
|
|
Guenther
(This used to be commit 181fa02497e353a36e311f94f5bec2e9cfd1b56e)
|
|
(This used to be commit 3762effca5e1e2bbb2d1d9dd8504c502485eca7d)
|
|
pam_winbind.
Guenther
(This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
we have a reason to do so.
Guenther
(This used to be commit 4da79bd10c17277171aad26ee0278f8e5b64abdb)
|
|
directly in winbindd.
Jeremy.
(This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632)
|
|
non-critical and fallback to only parse the argv options in that case.
Guenther
(This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
|
|
Guenther
(This used to be commit 3546187bb4a74b14071e2c23561e70e57ad13e86)
|
|
prevents a nasty failure condition in winbindd's pam_auth where a tgt
and a service ticket could have been succefully retrieved, but just not
validated.
Guenther
(This used to be commit a75dd80c6210d01aff104a86b0a9d39d65f2c348)
|
|
(This used to be commit ac79bba1a118635ed18d23cf84bdf15923b354c0)
|
|
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
|
|
objectClass which is not indexed on AD) in LDAP queries.
Guenther
(This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
|
|
Guenther
(This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
|
|
of long group lists.
(This used to be commit d348d796c16679297e1f0304b8b2ba0f42010733)
|
|
Guenther
(This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
|
|
Guenther
(This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
|
|
Guenther
(This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
|
|
too early.
Guenther
(This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
|
|
Guenther
(This used to be commit 7420b095077689fee4b5c9fb76cdb6533be1d465)
|
|
are not valid locally.
Guenther
(This used to be commit 177da7754b53348d8754d46098dbd11300234bb5)
|
|
query the samlogon cache first as well.
Guenther
(This used to be commit aa52b11dd450ca3ec1f156e17822b1c4971ef915)
|
|
sid"); works in all AD versions I tested. Also add "net ads sid" search
tool.
Guenther
(This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
|
|
Guenther
(This used to be commit 01787bd45b4186d3e997f750b08c50df9d3cbbe1)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
that the DC is not available.
Guenther
(This used to be commit 77407c021997db1b2a86ca26a5d125fa6b782949)
|
|
cache.
Guenther
(This used to be commit e85558f4a457609f3661446dad8134e80f10bbe6)
|
|
Volker
(This used to be commit 74511aed221d7f9856fed7532f24c789c49c8175)
|
|
Volker
(This used to be commit c4cdb8086a3aa8a2e1f724e70616143adfea6e87)
|
|
hadn't).
Jeremy.
(This used to be commit dcbece8254e5de861d04b691d733616fc25cd585)
|
|
Guenther
(This used to be commit 37d03695c6fb4aa02522c1739b9783c5dc7bf735)
|
|
(This used to be commit 97d2c20b0b37ac07b6e37e9614ff41ab7e131c98)
|
|
convert the default timeout to milliseconds twice.
(This used to be commit 853ebd6e84cf52a309945f39cdf188ca346da8eb)
|
|
Jeremy.
(This used to be commit 634e0dc3c73968da8f1f50186ca15f8873f380ce)
|
|
Jeremy.
(This used to be commit 23dcff4d50d1d35b7ddee0d0cb79c16a312f179c)
|
|
clients and aservers. Strange compiler-fu on 64-bit
SLES9 says sizeof(time_t) == 4 but the memory alignment
is on 8 bytes. Change time_t to uint32 to fix alignment.
Remove 'char **gr_mem' from struct winbindd_gr since
it was not being used.
(This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
|
|
(This used to be commit 066f69fe88b360b856f3dc49089f8c21b721cce9)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
/etc/security/pam_winbind.conf as config file for the PAM module by
default.
Guenther
(This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
|
|
PAM_SUCCESS. Günther, could you take a look?
Thanks,
Volker
(This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
|
|
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
|
|
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms)
(This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
|
|
has the linear posix locking issue which causes
CLEAR_IF_FIRST to cause performance problems.
As we know we're in a daemon architecture with
long-lived parent we can avoid this in the Samba
case. Add a comment explaining this.
Jeremy.
(This used to be commit 3cd5c3df0d1b98dfa90663973ab13b5d3dbf737e)
|
|
Guenther
(This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
|
|
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
|
|
(This used to be commit cc1bdbbc41bd6626ee53abf3f2ab35c454e036b7)
|
|
(This used to be commit 62d60a04cd85dc521e7d63726b856f38287466ad)
|
|
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
...
Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee)
|
