summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2004-01-07Machines are people too!Andrew Bartlett1-2/+2
While machine accounts cannot use an NTLM login (NT4 style), they are otherwise full and valid members of the domain, and expect to be able to use kerberos to connect to CIFS servers. This means that the LocalSystem account, used by various services, can perform things like backups, without the admin needing to enter further passwords. This particular issue (bug 722) has started to come up a lot on the lists. I have only enabled it for winbindd-based systems, as the macros use use to call the 'add user script' will strip the $ from the username for security reasons. Andrew Bartlett (This used to be commit 6a9bbd1da3bb961d24e74348fa0b68574022855f)
2003-12-25ldap rebind sleep -> ldap replication sleepAndrew Bartlett1-4/+4
While writing documentation for metze's patch, it became clear that this is a better name. Andrew Bartlett (This used to be commit 6f828ff3d3622c56ee732b976e7ab90b7897a8d3)
2003-12-25This is metze's LDAP rebind sleep patch:Volker Lendecke1-0/+4
When smb.conf tells us to write to a read-only LDAP replica and we are redirected by the LDAP server, the replication might take some seconds, especially over slow links. This patch delays the next read after a rebind for 'ldap rebind sleep' milliseconds. Metze, thanks for your patience. Volker (This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc)
2003-12-25abartlet pointed me at the fact that the order and flags in loadparm.c areVolker Lendecke1-1/+1
actually used.... 'afs username map' should not show up in the swat basic view. :-) Maybe I should use swat from time to time.... Volker (This used to be commit d4e071d14b8ae622c1edbb33bb5677713df1f961)
2003-11-26Fixing barfed idmap entries and adding not on use of FLAG_HIDE.John Terpstra1-2/+8
(This used to be commit 25aa5df5c79070d0f1273a71617e64fba7831742)
2003-11-24Added "passwd chat timeout" parameter. Docs to follow.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 16097f2072085432f4c669d9e008023f36f7afbb)
2003-11-22Ensure that items in a list of strings containing whitespaceGerald Carter1-3/+7
are written out surrounded by single quotes. This means that both double and single quotes are now used to surround strings in smb.conf. This is a slight change from the previous behavior but needed or else things like printer admin = +ntadmin, 'VALE\Domain, Admin' get written to smb.conf by SWAT. (This used to be commit 5bf91c79d620e34ac71d72c80f74e47754d49dcb)
2003-11-21Fix Jerry's no-proto bug :-).Jeremy Allison1-4/+4
Jeremy. (This used to be commit 48153f7a07cc04b849a79778fdc3e76af6c6eb13)
2003-11-21make sure we don't append the ldap suffix when writing out the ldap XXX ↵Gerald Carter1-53/+46
suffix values in SWAT; based on tpot's original patch; bug 328 (This used to be commit 12a06dd9807ea3a10f8220d6e7c33b4b79ae25b4)
2003-11-17* make sure we only enumerate group mapping entriesGerald Carter1-3/+0
(not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
2003-11-06Fix bug #471. (const needed in lp_set_name_resolve_order).Jeremy Allison1-2/+2
Jeremy. (This used to be commit 3c19ac5f1c9e393780e57028808871dfdc77b170)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-1/+1
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-03Moving towards better i18n support in SWAT. This commit contains aTim Potter1-16/+16
bunch of updates to bug 413 from Monyo: 1) pick up proper strings to call msg strings for example to add strings in wizard menu in web/swat.c, web/statuspage.c and param/loadparm.c. 2) define N_() macro in include/intl.h to pick up some strings in param/loadparm.c 3) quote all name and value tag with '"' For example in swat.c:720 the "Edit Parameter Values" string is displayd only as "Edit" because value tag is not quoted like: value=Edit Parameter Values These tags should be quoted though it sometimes works well without quotation. 4) modify the msg strings not to contain HTML tags or other non-message strings. For example dprintf(_("test\n")); is modified to dprintf("%s\n", _("test")); (This used to be commit 351d16956d8125bc689ca84adcb71e0a57d6b7cc)
2003-10-01mark 'mangled map' as depcreated and remove 'mangled stack'Gerald Carter1-4/+1
(This used to be commit cd06472e420ba0647a73c6e04d180c088acdb626)
2003-09-24Don't #ifdef an AFS option with WITH_ADS. Thanks, jerry!Volker Lendecke1-1/+1
Volker (This used to be commit a6c54cbe205a6882d49fc77c04ed21b4f1de4396)
2003-09-23This only touches the fake kaserver support. It adds two parameters:Volker Lendecke1-0/+7
afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
2003-09-10remove references to 'strip dot'Gerald Carter1-4/+0
(This used to be commit 5c0c9d68b44f867bf6c2b24b9fd9ba2408b9f83c)
2003-09-06address bug #359. Andrew B's patch for implementing clientGerald Carter1-1/+2
portion of NTLMv2 key exchange. Also revert the default for 'client ntlmv2 auth' to no. This caused no ends of grief in different cases. And based on abartlet's mail.... > All I care about at this point is that we use NTLMv2 > in our client code when connecting to a server that > supports it. There is *no* way to tell this. The server can't tell us, because it doesn't know what it's DC supports. The DC can't tell us, because it doesn't know what the trusted DC supports. One DC might be Win2k, and the PDC could be an older NT4. (This used to be commit fe585d49cc3df0d71314ff43d3271d276d7d4503)
2003-09-05More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison1-3/+3
as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-09-05revert the change from r1.414 in HEAD that removed theGerald Carter1-7/+2
ability to use variables in paths for the [homes] service. (This used to be commit 8fd13b63103b3c144bdd170edcb3b642dfd9bb54)
2003-09-04More hand-tuning of the fastpath. Don't do strlen() when we're doingJeremy Allison1-2/+4
to walk to the end anyway. Jeremy. (This used to be commit 467cafdb1f7ddfb4278824f385b732975246a4f5)
2003-08-28revert a change to r1.397.2.91 because to operate like the docs; browseable ↵Gerald Carter1-0/+7
for new home directories should be inheritied from the global defaults, not [homes] (This used to be commit ea54bfc211f874c23b79572d8fb89bac73ec21a3)
2003-08-27remove 'ldap trust ids' since there was no way for it to work nowGerald Carter1-3/+0
(This used to be commit 3724063f1518c25e33ba6b65cd3bb1e36cec51fa)
2003-08-27Fix the character set handling properly in nmbd. Also fix bug whereJeremy Allison1-4/+11
iconv wasn't re-initialised on reading of "charset" parameters. This caused workgroup name to be set incorrectly if it contained an extended character. Jeremy. (This used to be commit 84ae44678a6c59c999bc1023fdd9b7ad87f4ec18)
2003-08-22fix compile problem (stray character)Gerald Carter1-1/+1
(This used to be commit 9554a661c2400e9148f7572e4de20064faea5f2a)
2003-08-22ensure that 'available = no' works for [homes]; reported by Walter HaidingerGerald Carter1-3/+1
(This used to be commit 1278d2496162c6427729a795dd940b9863261a6d)
2003-08-21Turn UNIX extensions on by default. Yes I will change the docs :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 17b09eed96fa2793a5947fa811e8543a1b263d6f)
2003-08-20metze's autogenerate patch for version.hGerald Carter1-1/+1
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
2003-08-19- Update 'preload modules' documention (bug #304)Jelmer Vernooij1-2/+1
- Fix WINS Server List in SWAT (bug #197) - Don't segfault SWAT when adding shares (bug #254) (This used to be commit dd43a29504fe2b6f9d13cdb9431347927548fc10)
2003-08-15Fix charset detection code in configure.Alexander Bokovoy1-3/+3
Now we are: 1. Try to find correct name for default character sets for the platform 2. Use DEFAULT_{DOS|DISPLAY|UNIX}_CHARSET defines set during configure phase as defaults This should fix CP850 problem on Solaris (at least) because it actually has IBM850 which is the same but under different name (This used to be commit 836b9fffa0eadc818019ba36ed764e97d4f9a801)
2003-08-11Make client signing auto.Jeremy Allison1-0/+4
Jeremy. (This used to be commit e66bfe212db1cec751f4024f631600fa2a3eb07c)
2003-08-11Fix typos.Volker Lendecke1-1/+1
Volker (This used to be commit d07f173767678187237c9fc767c0a05f0b8c7d32)
2003-08-08Turn on client ntlmv2 by default.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 729b468f7e0e5522dfdede481947826851842483)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+1
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-28Cleanup of loadparm and swat to correctly display all parameters as required.John Terpstra1-409/+413
No change to what is displayed has been made at this time. I do intend to change the display order before 3.0.0 ships. (This used to be commit de7d3063d9e07255da2cc4e67afa50c1e2ddf321)
2003-07-18Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison1-1/+1
I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-17Putting the framework for server signing in place. Ensure we don't useJeremy Allison1-1/+10
sendfile when signing (I need to add this for readbraw/writebraw too...). Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
2003-07-16Refactor signing code to remove most dependencies on 'struct cli'.Jeremy Allison1-6/+11
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-2/+21
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-0/+8
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-2/+2
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07and so it begins....Gerald Carter1-6/+9
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-05This parameter is unused.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 3dd767841666068a1b32c71b03a8e7bc797087be)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-3/+3
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-30Add the 'guest' passdb backend automatically ifVolker Lendecke1-2/+2
guest account != "" Volker (This used to be commit 21d330af107f744af9569b5577afc6e7ba6a269c)
2003-06-30- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)Andrew Tridgell1-1/+6
- changed --enable-developer debug to use -gstabs as it makes the samba binaries about 10x smaller and is still quite functional for samba debugging (This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
2003-06-25large change:Gerald Carter1-3/+0
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-24Move the map acl inherit parameter into the protocol section.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 076d9a3c9bc264d9456a67da9366bd73d3ce69d5)
2003-06-20Missed initial param, typo.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 036a551b10f1cb436ea36acbb40983249de8310d)