Age | Commit message (Collapse) | Author | Files | Lines |
|
NSS protocols auth, chauthtok, logoff, ccache_ntlm_auth.
That way we ensure winbindd only deals with fully
qualified names internally. The NSS protocols
auth_crap and chng_pswd_auth_crap should be fixed
to do the same thing.
Jeremy.
(This used to be commit dbd2454d3337f64cddbdaf39e9efd6505e6b2590)
|
|
anymore in 3_0. I'm just adding a time(NULL) as value for the
WINBINDD_OFFLINE key.
Guenther
(This used to be commit 2bdf9f140f76d6eb73b34148c47f7d3447e2e563)
|
|
Jeremy.
(This used to be commit 99bebb65273c78d9867254c47438577bb21af4ee)
|
|
Jeremy.
(This used to be commit 42e5481ce4bebc65040d466b49e3c45cd4e79f5d)
|
|
work again. Still under test.
Jeremy.
(This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)
|
|
Guenther
(This used to be commit 44e228ac796fca2db8509915067511ed705032bf)
|
|
the moment) but winbindd isn't run in the build farm
so hopefully won't break anything too badly - I don't
want to lose this.
If winbindd starts offline then it falls back to using
MS-RPC backend. On going online it needs to reset the
backend and try and go to using the AD backend code if
possible, as the MS-RPC sequence number fetch just returns
1 as the sequence number if run against an AD DC.
In addition, the winbindd async child may end up
with the AD backend whilst the main winbindd - which
still contacts the DC for some non-async calls, is
left using MS-RPC. This can cause some trouble (as
you can imagine :-).
Attempt to ensure both main winbindd and async children
us AD backends on going online.
Jeremy.
(This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
|
|
The attached patch cleans up pam_winbind a tiny bit. Instead of making
exceptions for all pam implementations except for Linux' it's better
to make an exception for the only pam implementation which is
different from all the others. This is equivalent to what pam_smb_auth
does already.
-----------------
Jeremy
(This used to be commit 8e5596470822d20740f86585a6cf67240f2face4)
|
|
(This used to be commit c53e2e54750764c9a0eb57a86fd226b4f8711a66)
|
|
(This used to be commit 45628f71cfc770b1ba67abf38aac53ac40773cd0)
|
|
HAVE_KRB5. If WITH_ADS does not imply KRB5, we have to fix that.
Lets see what the build farm thinks about this.
Volker
(This used to be commit 27b063078dff0d8c5eb552dd73825f6858d04e4b)
|
|
move into the domain struct. Allow message to go online
to set this state and cope with removing it.
Jeremy.
(This used to be commit 51f0e60cc3a652b0ff1658d4c07bfc9493fbc51a)
|
|
socket_wrapper defined ioctl swrap_ioctl
metze
(This used to be commit e43d1f6c17c8a44c989a57309b8378c1dd8f591c)
|
|
(the domain is NULL here)
(This used to be commit a36de910d289363a5374fe063099311712d4e57a)
|
|
it in.
(This used to be commit 4e464a2c35984752244f30ce9bb259eb16149e3f)
|
|
Guenther
(This used to be commit 143a48927b0e21d31a9f54cfc720b5d04a4b6751)
|
|
Guenther
(This used to be commit 2a605a0b175dc0ccc65ee2dc68e394bef7c954d1)
|
|
Guenther
(This used to be commit b1cd9d45e9581bec56bfdc21d2a8afb7f094be22)
|
|
cache time = 0".
Guenther
(This used to be commit 9ac6016e32d236e7470919c075df551d1d73498c)
|
|
this hopefully fixes the build on AIX
metze
(This used to be commit ef1001f5a269f3d6a66f40e3fb01eccc807dcd7e)
|
|
metze
(This used to be commit 454d9590de6ff94a1edd7321e26af0f0978a356a)
|
|
Guenther
(This used to be commit 8006cf962b4a33278414fcdf07bf94d739cb4aab)
|
|
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
(This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
|
|
(This used to be commit 8c60e71229cd577f3b17345c5824363dd202eba9)
|
|
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.
metze
(This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
|
|
Doing otherwise means site support doesn't work correctly.
Jeremy.
(This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90)
|
|
Jeremy.
(This used to be commit 03e1078b459531af5a2336b584b3c886c5dd1e29)
|
|
try hard to connect a DC even if we might be offline.
Jeremy.
(This used to be commit a9f115140700487767bafa058db744eea5ee8f77)
|
|
(This used to be commit 763cbe924b78b206985db6552e20cb4830446d35)
|
|
domain when going back online.
Jeremy.
(This used to be commit c7e4c8d0b4d109ec67d4424dd446b74b55246c72)
|
|
Jeremy.
(This used to be commit 9a0066278c30b123eeaed8213294b6d81a339524)
|
|
Guenther
(This used to be commit 20de0b4823abb59518b7ffb495120494e705df7a)
|
|
Guenther
(This used to be commit b04c8d46efc67e013b976e0ba1be558b70a1f899)
|
|
lowercase username. We cache names as keys in this form, and we weren't
always returning this....
Jeremy.
(This used to be commit 205aa2b70d647460ca5a273caad7717312f53aab)
|
|
Jeremy.
(This used to be commit 7644fa70ba4f7c88d887930e23b5ee2e1632473b)
|
|
Jeremy.
(This used to be commit 03b1699fa7d94fd637ff8c3bd2c59358673d2607)
|
|
* as openlog() is non-reentrant and pam_winbind thereby overrides the
syslog settings of the calling application, directly call syslog (or
pam_vsyslog if available)
* support the PAM_SILENT flag to avoid any log messages beeing created
Guenther
(This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
|
|
better - don't just panic - delete them.
Jeremy.
(This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
|
|
immediately if we were waiting on one.
Jeremy.
(This used to be commit 6dc8f9042f057e1f9aff46042a0fe697cb8a912c)
|
|
debug level zero.
Jeremy.
(This used to be commit e23caeb7b57b0b1bbc2f8b6abf34166f271a88fa)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
Guenther
(This used to be commit 576488933b8e04ddd6cb45a7992374efe174a404)
|
|
this at the moment as I'm working on this area. Thanks
a lot Guenther.
Add the capability to get krb5 tickets even if we
log on in the offline state and have to cache
the credentials. Once we go online we should
start getting krb5 tickets again. Currently
this code waits until lp_winbind_cache_time()
seconds (5 minutes by default) before getting
tickets. This is correct in the DC down case,
but not in the global offline -> online case.
I'll later add a trigger to force an immediate refresh
on the offline -> online state transition.
Jeremy.
(This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
|
|
removed immediately in the handler.
Extra debug info tracking down winbindd DC
selection.
Jeremy.
(This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
|
|
it can't talk to it.
Jeremy.
(This used to be commit 7385a076f8fd351472d37d9363304948e88f9f99)
|
|
Jeremy.
(This used to be commit 9c943dfe2d23e2d01df53ac81625278d4f870aa3)
|
|
Jeremy.
(This used to be commit aa62bb6b4ccb46a58bbe8f46d552a062ca06c238)
|
|
Instead of trying to do this in the winbindd_cache
entries, add a timed even handler to probe every
5 mins when disconnected.
Fix events to run all pending events, rather than
only one.
Jeremy.
(This used to be commit 7bfbe1b4fb9a91c6678035f220bbf0b4f5afdcac)
|
|
with timeouts. Also, wait for 5 seconds not 10
on connecting to a DC.
Jeremy.
(This used to be commit 6792460ba6a198646404abae10979489ca03ca5c)
|
|
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
|