summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2003-04-04This is a merge of the NETLOGON schannel server code from SambaVolker Lendecke1-0/+4
TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG as I found out later :-) It adds a new parameter: server schannel = yes/auto/no defaulting to auto. What does this mean to the user: No requireSignOrSeal registry patch for XP anymore. Many thanks for this code to Luke Leighton, Elrond and anybody else I forgot to mention. My next thing will be to see if this applies cleanly to 3_0. Please test and comment! Volker (This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b)
2003-04-02THE Idmap patch :-)Simo Sorce1-32/+38
includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo. (This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
2003-03-313 things:Volker Lendecke1-1/+0
* Remove 'ldap del only sam attr' after asking Lars Mueller from SuSE first. It is replaced by 'ldap delete dn' * Fix a typo in docs. * Document 'set primary group script'. Alexander, could you check the file in smbdotconf/ please? Thanks. Volker (This used to be commit f0a32b9c1bdec504ec285486adc05936547f6dc5)
2003-03-23This adds 'ldap delete dn' as the recommended parameterVolker Lendecke1-4/+5
for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 353309e2a3bc27e918bd0a6cf22833d57895fbc8)
2003-03-22Valgrind found a few memory leaks!Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit fb680f610ceb9a0f350c99456cf7ab1a507543fe)
2003-03-22Small clenaup patches:Andrew Bartlett1-0/+3
- safe_string.h - don't assume that __FUNCTION__ is available - process.c - use new workaround from safe_string.h for the same - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc() - gencache.c - Keep valgrind quiet by always null terminating. - clistr.c - Add copyright - srvstr.h - move srvstr_push into a .c file again, as a real function. - srvstr.c - revive, with 'safe' checked srvstr_push - loadparm.c - set a default for the display charset. Andrew Bartlett (This used to be commit a7eba37aadeb0b04cb1bd89deddb58be8aba825c)
2003-03-19Add paramter 'ldap del only sam attr'.Volker Lendecke1-0/+4
This patch is heavily based on a patch by SuSE. Thanks to Guenther Deschner <gd@suse.de> for providing it. Volker (This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
2003-03-15Clean up the VFS module loading logic by making the parameter an P_LIST,Andrew Bartlett1-19/+2
rather than a runtime-parsed string. Andrew Bartlett (This used to be commit 3465cd6cd92c39c018979b5a82acbddca0927623)
2003-03-12fixed a strcat noticed by metzeAndrew Tridgell1-1/+1
(This used to be commit db3ad0dbe0bca729f98ca5d5a698388fe086daf2)
2003-03-11security=domain and domain logons = yes should be a BDC (of sorts).Andrew Bartlett1-2/+5
Matches 2.2 Andrew Bartlett (This used to be commit f6497fd639c5bb7d61eda0286c4c3c38609933b0)
2003-03-11Some further tought on the server role issue - try not to break it compeatly.Andrew Bartlett1-3/+6
Andrew Bartlett (This used to be commit 4c6a2d8d28d1752d7fee52d253ce2829bd0a0671)
2003-03-11After 'consultation' with idra, this is how I think the server roles should ↵Andrew Bartlett1-4/+9
work... Andrew Bartlett (This used to be commit 5c1f1005907bf50b809dfae1f8251c7122103098)
2003-03-11This is how combination of domain logons and security parameter best combine.Simo Sorce1-3/+3
Comments wellcome. Simo. (This used to be commit e1431424e7603d946f63cfe7fe669b0b32ac8095)
2003-03-05lp_string: Add note about dodgy StrnCpy use.Martin Pool1-0/+3
(This used to be commit b32ae2d83fd0b4dd2c313cd0727bd276564cec0c)
2003-03-01Added limit to number of jobs enumerated. Set to 0 (means no limit).Jeremy Allison1-0/+4
Yes I will add the docs.... Jeremy. (This used to be commit 4a739d914bb87a3c8d071dfd0f275a9aab1cf90a)
2003-02-27- Rename 'modules = ' to 'preload modules = 'Jelmer Vernooij1-3/+3
- Add smb_probe_module() - Add init_modules() - Call these functions (This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
2003-02-22Remove 'unixsam' from the default passdb backends.Andrew Bartlett1-2/+2
The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett (This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
2003-02-21rename 'winbind backend' to 'idmap backend'. Put paramter in security ↵Jim McDonough1-4/+4
section...does this make sense? (This used to be commit 822083f73e8ba4e096c53ff0f7578f47bc21b7b5)
2003-02-20From aliguori@us.ibm.com:Jim McDonough1-0/+6
This patch adds the architecture for an IDMAP backend system including a new smb.conf parameter "winbind backend". Right now, the only valid value is "tdb" but I'm currently working on an LDAP backend. (This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-1/+13
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett1-4/+7
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2003-01-13Patch from metze to to make testparm show values for 'workgroup', 'netbiosAndrew Bartlett1-7/+29
name' and 'netbios scope'. Probably has a similar effect on SWAT. Also adds '-V' to testparm. Andrew Bartlett (This used to be commit 71f4d8efd36351ddb2180103c160a6d737da62b1)
2003-01-02BIG patch...Andrew Bartlett2-65/+65
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-29Add msdfs proxy functionality to HEAD.Shirish Kalele1-0/+4
(This used to be commit 9df93b1ffc9ce98302540cc3d2cbd66787abc4fd)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-12Added "kernel change notify" boolean to allow easier valgrind testing.Jeremy Allison1-0/+4
Jeremy. (This used to be commit ac856fbb96e5ed21992972805b27cc8c3f9377df)
2002-12-09finnally put in Alexander parametric pacthSimo Sorce1-75/+298
(This used to be commit e6ae8b4eac66637d398406545654bba960d9e6b8)
2002-11-25Make lp_winbind_separator a const string.Tim Potter1-1/+1
(This used to be commit be90650674ce5ebc292fc804e6168c5cc4ed25dd)
2002-11-22Add support for 'restrict anonymous=2' and make the doco give a slight hintAndrew Bartlett1-1/+3
as to what it now does in 3.0. Needs more work, but better than documenting the old functionality :-). As the security benifits of this are nullified by a setting of 'guest ok' on any share, we might want to put some documentation there too. Andrew Bartlett (This used to be commit ab812ada56b740ac986de8e1f4ca36641ec61c01)
2002-11-13add lp_modules()Jelmer Vernooij1-0/+3
(This used to be commit 344d8e521f951e7f59b8378fee80bb553670a3be)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-316/+220
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-02Add a 'ldap trust ids' option that lets pdb_ldap check for posixAccountAndrew Bartlett1-0/+3
attributes rather than calling getpwnam() on the user. This should help fix some of metze's performance issues - particularly on enumerations. There is a consequential change to the operation of 'non unix account's in LDAP - they are no longer restricted to being 'within' the NUA range, but will always be added to that range. Finally, there is the doco for this and the previous LDAP SSL changes. (This used to be commit 18abaeffda300074a507561d8372d5bfddc8fe50)
2002-11-02Fixes for pdb_ldap:Andrew Bartlett1-0/+2
- Default is now for start-tls, on the ldap (not ldaps) port - We check for 'I am currently root' in the right place now, and don't accidentily use a cached connection. - We don't loop on failure to be root, or some other errors. - A bit cleaner error reporting for add/modify. - Both the OpenLDAP and manual URI parsing tested. Andrew Bartlett (This used to be commit cfa1e459d727764feddcfdd8c9c0404282e2d0e8)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-1/+20
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit a81d700ae9c82d4b7ea631ab7862162a2ed3d512)
2002-10-21merge from samba_3_0Gerald Carter1-19/+0
removed the following parameters * postscript * printer driver * printer driver location * printer driver file also removed the get_a_printer_driver_9x_compatible() function (This used to be commit e7dd8cf903144393b1362719d75430a2ee7e5f27)
2002-10-21add a 'mangle prefix' option to allow people to tune the number ofAndrew Tridgell1-1/+5
characters used in the prefix for 8.3 names in the hash2 algorithm. The longer the prefix the more readable the 8.3 names will be, but the weaker the hash. this was added because of someone complaining that the new hashing algorithm was unreadable but the old one was broken :) (This used to be commit 3ca3cc838e5b957c7244b21947daddc4ee4c3099)
2002-10-15Change default of max_xmit to match W2K. Ensure NT negprot uses it.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e5fbfbcc9dc995b23eb0b46c6f59b03cfe9c02b5)
2002-10-09removed stat() call in lp_add_home()Gerald Carter1-7/+0
(This used to be commit 07c7048aa4ef37f1b7af228ede391ab16503d9a1)
2002-10-05Turn on sendfile detection by default in HEAD and 3.0.Jeremy Allison1-8/+0
Jeremy. (This used to be commit 6a9d0c9bdd57c135c4565da829b2fa4f44874a6d)
2002-10-04Add a timeout to tdb_lock_bystring(). Ensure we never have more thanJeremy Allison1-1/+13
MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit bb58a08af459b4abae9d53ab98c15f40638ce52b)
2002-10-03make the default printed values for boolean the same for all parameters.Herb Lewis1-2/+2
(This used to be commit 074de699a20a1f8d8f45e576c50b94bb5aeb634e)
2002-09-27Vance picked up a pile of typos etc at the CIFS confernce, and finally got themAndrew Bartlett1-2/+2
off his laptop :-) Andrew Bartlett (This used to be commit df8f0338fae01e5edc176708c2b798c67c2e8c36)
2002-09-27When compiled --with-ldapsam, make ldapsam the default passdb backend.Andrew Bartlett1-1/+3
This is to allow painless upgrades from 2.2, and so people don't get a shock when they follow old docs. If ldap has been detected on the system, ldapsam is always available, just not the default. Andrew Bartlett (This used to be commit 0a6a0c88d0972fcea4aead7115929f96c0d23cbc)
2002-09-27Readd the 2.2 --with-ldapsam paramaters so as to allow a smooth upgrade path toAndrew Bartlett1-0/+18
a 3.0 based PDC. Change defaults to use SSL, so that this also matches. Andrew Bartlett (This used to be commit 36c2a3820faa1d90cd331881720be0e61ab93460)
2002-09-25Fix the circular dependency that was preventing 'domain master = auto' (theAndrew Bartlett1-1/+1
default) from working. Andrew Bartlett (This used to be commit 25950dbb3272949a235bed936c7d7b1d23f15fac)
2002-09-25This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans upAndrew Bartlett1-4/+23
pdb_ldap and adds a 'ldap passwd sync' option. The idea with this option is to do allow an ldap backend to do all the fancy password hashing etc - and to tell smbd no to try and double-up. Using 'ldap passwd sync = only' will do this, but is not recommended unless such a backend is in place... Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd sync = yes' and having both PAM and pam_ldap correctly configured for 'magic root' behaviour, but only using ldap connection, and one set of credentials. This also gets us closer to allowing ldap to say 'password too short' etc, which might assist in maintaining a consistant password policy. Andrew Bartlett (This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
2002-09-25Merge of "profile acls" code.Jeremy Allison1-0/+6
Jeremy. (This used to be commit cfd1bf250b417f3ba3ad21ff681ab282311bb7eb)
2002-09-21Sorry for the new parameter, but I think to really reflect what's comingVolker Lendecke1-0/+3
in via deltas, we need a way to set a user's primary group. Volker (This used to be commit 9f7a16acf1b1f3b100b85339aad8268254512e68)
2002-09-18Added "use sendfile" per share option.Jeremy Allison1-1/+12
Jeremy. (This used to be commit 28466ff42c3328e49d46f7cddfc4bb2fe462d871)
2002-09-16Update to add DEVELOPER option to more parameters.John Terpstra1-182/+182
(This used to be commit bd9dbf5c79bf2bfecdf008fe93eba87ea9993a3c)