Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 985dbb47d925e79c1195ca219f7ab5d6648b22b8)
|
|
upcoming changes for "unixinfo"-pipe.
Therefor (after speaking with Volker) replace "winbind sfu support" with
the list-parameter "winbind nss info" which defaults to "template". For
SFU-support set it to "winbind nss info = template sfu".
Note that nss_info_use() is just a dummy function at the moment.
Guenther
(This used to be commit 91596330ea3c4ba0fb9ddc52ad9d4a7c8e5b2d3f)
|
|
POSIX
homedirectory and the loginshell from Active Directory's "Services for Unix".
Enable it with:
winbind sfu support = yes
User-Accounts without SFU-Unix-Attributes will be assigned template-based
Shells and Homedirs as before.
Note that it doesn't matter which version of Services for Unix you use (2.0,
2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell,
msSFU30LoginShell, etc.) automatically.
If you also want to share the same uid/gid-space as SFU then also use PADL's
ad-idmap-Plugin:
idmap backend = ad
When using the idmap-plugin only those accounts will appear in Name Service
Switch that have those UNIX-attributes which avoids potential uid/gid-space
clashes between SFU-ids and automatically assigned idmap-ids.
Guenther
(This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
|
|
Jeremy
(This used to be commit 4d5002931056d2a88d49ce060c10bc0fecf4ba50)
|
|
(This used to be commit bb884b0bf96899bf3cf477bfe2220cdfc7aa596d)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
Volker
(This used to be commit 7d1b890fead61551465e2a972e4097d9c1a4d6fd)
|
|
of the
parent winbind not to return winbindd_result. This is to hopefully fix all the
problems where a result has been scheduled for write twice.
The problematic ones have been the functions that might have been delayed as
well as under other circumstances immediately gets answered from the cache.
Now a request needs to be explicitly replied to with a request_error() or
request_ok().
Volker
(This used to be commit 7365c9accf98ec1dd78a59dd7f62462bbb8528d4)
|
|
* make sure to use our domain as the account name in the net_req_auth2()
request when running on a Samba DC
* make sure to lookup the correct domain (not default to ours) when getting an async
getpwnam() call
(This used to be commit c9c3e3c122a6a04847c448d298b6f1adb4f35a60)
|
|
printmig.exe work
* merge the sys_select_signal(char c) change from trunk
in order to keeo the winbind code in sync
(This used to be commit a112c5570a7f8ddddde1af0fa665f40a6067e8cf)
|
|
(This used to be commit e8fde1bd92e8b19c8b5ce22f92cb048de773be1c)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
Volker
(This used to be commit 94acb93f57b963bf137c6ddd644a147f4d0b5175)
|
|
winbind idle connection closing logic is getting invoked under high loads for
clients which may already have commands in the pipe. This race condition
causes clients to fail with NSS_STATUS_UNAVAIL sometimes. We now retry several
times hoping (still not guaranteed, though) it will work.
(This used to be commit 05c04cfd2526b8b9a82916b5dffc18bf27c3f198)
|
|
This is just cosmetic but prevents people from thinking that the
pam_winbind "require_membership_of"-option is not yet implemented :)
Guenther
(This used to be commit ef80a49a858d7d81d427c7bac71fdac4fc0d1bd6)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
(This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19)
|
|
(This used to be commit 8104149e6f490fa1a298e61becc8df01ddd92008)
|
|
getting the SID for a domain
(This used to be commit 2e0941ebc1d6a9a9498cc5a9f072d501293f8933)
|
|
(This used to be commit 8f78ee6abab9c1dd3e8b15ea3d1d96a651ee0426)
|
|
(This used to be commit 6a5a9f17fb3c18e9dd8d447889b527055e5e3bd5)
|
|
* ensure that we set full access on the handle
returned from _samr_create_dom_alias() so that
future set_alias commands succeed
* fix bug when looking for internal domains in winbindd
(caused winbindd_getgrgid() for local groups to fail).
(This used to be commit 4615c96ccb8906af4eb1fbe6d0cbf6bb3bcc3fcf)
|
|
* add synonym for idmap_rid in better lining with
other idmap backend names
* remove old debug messages when idmap {uid|gid} options
are not defined
(This used to be commit 03ebf3ebfe83897d8c18e57ed378154d1377874b)
|
|
(This used to be commit fb561fe26cc61272e24965b81e276fa5420b146d)
|
|
pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
(This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
|
|
(This used to be commit 88c2ed1534d5239273458768b7b3f05102a2af16)
|
|
(This used to be commit b451434e378e52e8ab6b932d7b26657ea9d0353c)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
fixes the
expansion of domain local groups in case the netsamlogon_cache is valid. The
non-samlogon-cache side needs more work, as well as the samlogon cache itself.
Volker
(This used to be commit b6352a3c46f8e67503945eeac33e157ecea01bfb)
|
|
really use
domain local groups ...
Volker
(This used to be commit ed2d76d663a4388acc26a724cf2cdb5c40763def)
|
|
(This used to be commit 91a8e1ac6debffe457624a625e0f407bdbbbcb15)
|
|
Can't do LsaOpenPolicy() over schannel anymore.
This is an interesting find as it could imply that there are
other changes we haven't seen yet in sp1.
Volker, You might want to look at this for trunk.
(This used to be commit 82e3a9d9b526522376ea967c66c67b02f2c68dd8)
|
|
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
|
|
"qualifiers". The
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
|
|
is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.
Volker
(This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
|
|
(This used to be commit 42588ba50cb1b47a00f3e0bed33ca3431eb8af14)
|
|
initialized whenenumerating users and groups
(This used to be commit 105a63c207e8d2b03a30dec2b8b55b92047cba80)
|
|
(This used to be commit 5205949dac4566a815ea443114309c284270ba91)
|
|
(This used to be commit 642a2d5a0aecd507d4f26dc2250de3667af3abbf)
|
|
(This used to be commit c2f710e3219aab647c0ed294d1d3481f5578b930)
|
|
TODO: This needs to be merged to trunk separately, it has changed a little,
but it's friday evening here.
Volker
(This used to be commit 49c3e04632e9fcdf552259412e8ec54d18269516)
|
|
rejects
everything but 1000 here, so there's no point in exposing that to the caller.
Thanks,
Volker
(This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
|
|
*attr[]. This
gives some new warnings in smbldap.c, but a the callers are cleaned up.
Volker
(This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
|
|
netbios = yes'
(This used to be commit 75a223f1188ae0041c9e3c748af107d642f73810)
|
|
Add 'log nt token command' parameter. If set, %s is replaced with the user
sid, and %t takes all the group sids.
Volker
(This used to be commit e7dc9fde45c750013ad07f584599dd51f8eb8a54)
|
|
Volker
(This used to be commit b48a46162d7971be3d44d403a2d62247ef2321f7)
|
|
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
|
|
Volker
(This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)
|
|
the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
(This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)
|