Age | Commit message (Collapse) | Author | Files | Lines |
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
* Remove 'ldap del only sam attr' after asking Lars Mueller from SuSE first.
It is replaced by 'ldap delete dn'
* Fix a typo in docs.
* Document 'set primary group script'. Alexander, could you check the
file in smbdotconf/ please? Thanks.
Volker
(This used to be commit f0a32b9c1bdec504ec285486adc05936547f6dc5)
|
|
for the 'ldap del only sam attr' functionality. So
we are compatiple to the current SuSE patches as well
as to TNG... ;-)
Volker
(This used to be commit 353309e2a3bc27e918bd0a6cf22833d57895fbc8)
|
|
Andrew Bartlett
(This used to be commit fb680f610ceb9a0f350c99456cf7ab1a507543fe)
|
|
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
Andrew Bartlett
(This used to be commit a7eba37aadeb0b04cb1bd89deddb58be8aba825c)
|
|
This patch is heavily based on a patch by SuSE. Thanks
to Guenther Deschner <gd@suse.de> for providing it.
Volker
(This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
|
|
rather than a runtime-parsed string.
Andrew Bartlett
(This used to be commit 3465cd6cd92c39c018979b5a82acbddca0927623)
|
|
(This used to be commit db3ad0dbe0bca729f98ca5d5a698388fe086daf2)
|
|
Matches 2.2
Andrew Bartlett
(This used to be commit f6497fd639c5bb7d61eda0286c4c3c38609933b0)
|
|
Andrew Bartlett
(This used to be commit 4c6a2d8d28d1752d7fee52d253ce2829bd0a0671)
|
|
work...
Andrew Bartlett
(This used to be commit 5c1f1005907bf50b809dfae1f8251c7122103098)
|
|
Comments wellcome.
Simo.
(This used to be commit e1431424e7603d946f63cfe7fe669b0b32ac8095)
|
|
(This used to be commit b32ae2d83fd0b4dd2c313cd0727bd276564cec0c)
|
|
Yes I will add the docs....
Jeremy.
(This used to be commit 4a739d914bb87a3c8d071dfd0f275a9aab1cf90a)
|
|
- Add smb_probe_module()
- Add init_modules()
- Call these functions
(This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
|
|
The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there. If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.
This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code. Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.
This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.
This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames. When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.
Andrew Bartlett
(This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
|
|
section...does this make sense?
(This used to be commit 822083f73e8ba4e096c53ff0f7578f47bc21b7b5)
|
|
This patch adds the architecture for an IDMAP backend system including a new
smb.conf parameter "winbind backend". Right now, the only valid value is "tdb"
but I'm currently working on an LDAP backend.
(This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)
|
|
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 =
yes') and only when 'client use spengo = no'. (A new option to allow the
client and server ends to chose spnego seperatly).
NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet.
Also some parinoia checks in our input parsing.
Andrew Bartlett
(This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
|
|
This checking allows us to connect to Microsoft servers the use SMB signing,
within a few restrictions:
- I've not get the NTLMSSP stuff going - it appears to work, but if you break
the sig - say by writing a zero in it - it still passes...
- We don't currently verfiy the server's reply
- It works against one of my test servers, but not the other...
However, it provides an excellent basis to work from. Enable it with 'client
signing' in your smb.conf.
Doc to come (tomorrow) and this is not for 3.0, till we get it complete.
The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the
standard session key, ie MD4(NT#).
Thanks to jra for the early work on this.
Andrew Bartlett
(This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
|
|
name' and 'netbios scope'. Probably has a similar effect on SWAT.
Also adds '-V' to testparm.
Andrew Bartlett
(This used to be commit 71f4d8efd36351ddb2180103c160a6d737da62b1)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
(This used to be commit 9df93b1ffc9ce98302540cc3d2cbd66787abc4fd)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
Jeremy.
(This used to be commit ac856fbb96e5ed21992972805b27cc8c3f9377df)
|
|
(This used to be commit e6ae8b4eac66637d398406545654bba960d9e6b8)
|
|
(This used to be commit be90650674ce5ebc292fc804e6168c5cc4ed25dd)
|
|
as to what it now does in 3.0. Needs more work, but better than documenting
the old functionality :-).
As the security benifits of this are nullified by a setting of 'guest ok' on
any share, we might want to put some documentation there too.
Andrew Bartlett
(This used to be commit ab812ada56b740ac986de8e1f4ca36641ec61c01)
|
|
(This used to be commit 344d8e521f951e7f59b8378fee80bb553670a3be)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
attributes rather than calling getpwnam() on the user.
This should help fix some of metze's performance issues - particularly on
enumerations.
There is a consequential change to the operation of 'non unix account's in LDAP
- they are no longer restricted to being 'within' the NUA range, but will
always be added to that range.
Finally, there is the doco for this and the previous LDAP SSL changes.
(This used to be commit 18abaeffda300074a507561d8372d5bfddc8fe50)
|
|
- Default is now for start-tls, on the ldap (not ldaps) port
- We check for 'I am currently root' in the right place now, and don't
accidentily use a cached connection.
- We don't loop on failure to be root, or some other errors.
- A bit cleaner error reporting for add/modify.
- Both the OpenLDAP and manual URI parsing tested.
Andrew Bartlett
(This used to be commit cfa1e459d727764feddcfdd8c9c0404282e2d0e8)
|
|
This is not 100% the same as what SuSE shipped in their Samba, there is
a crash bug fix, a race condition fix, and a few logic changes I'd like to
discuss with Andreas. Added Andreas to (C) notices for posix_acls.c
Jeremy.
(This used to be commit a81d700ae9c82d4b7ea631ab7862162a2ed3d512)
|
|
removed the following parameters
* postscript
* printer driver
* printer driver location
* printer driver file
also removed the get_a_printer_driver_9x_compatible() function
(This used to be commit e7dd8cf903144393b1362719d75430a2ee7e5f27)
|
|
characters used in the prefix for 8.3 names in the hash2
algorithm. The longer the prefix the more readable the 8.3 names will
be, but the weaker the hash.
this was added because of someone complaining that the new hashing
algorithm was unreadable but the old one was broken :)
(This used to be commit 3ca3cc838e5b957c7244b21947daddc4ee4c3099)
|
|
Jeremy.
(This used to be commit e5fbfbcc9dc995b23eb0b46c6f59b03cfe9c02b5)
|
|
(This used to be commit 07c7048aa4ef37f1b7af228ede391ab16503d9a1)
|
|
Jeremy.
(This used to be commit 6a9d0c9bdd57c135c4565da829b2fa4f44874a6d)
|
|
MAX_PRINT_JOBS in a queue.
Jeremy.
(This used to be commit bb58a08af459b4abae9d53ab98c15f40638ce52b)
|
|
(This used to be commit 074de699a20a1f8d8f45e576c50b94bb5aeb634e)
|
|
off his laptop :-)
Andrew Bartlett
(This used to be commit df8f0338fae01e5edc176708c2b798c67c2e8c36)
|
|
This is to allow painless upgrades from 2.2, and so people don't get a shock
when they follow old docs.
If ldap has been detected on the system, ldapsam is always available, just not
the default.
Andrew Bartlett
(This used to be commit 0a6a0c88d0972fcea4aead7115929f96c0d23cbc)
|
|
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
(This used to be commit 36c2a3820faa1d90cd331881720be0e61ab93460)
|
|
default) from working.
Andrew Bartlett
(This used to be commit 25950dbb3272949a235bed936c7d7b1d23f15fac)
|
|
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
(This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
|
|
Jeremy.
(This used to be commit cfd1bf250b417f3ba3ad21ff681ab282311bb7eb)
|
|
in via deltas, we need a way to set a user's primary group.
Volker
(This used to be commit 9f7a16acf1b1f3b100b85339aad8268254512e68)
|
|
Jeremy.
(This used to be commit 28466ff42c3328e49d46f7cddfc4bb2fe462d871)
|
|
(This used to be commit bd9dbf5c79bf2bfecdf008fe93eba87ea9993a3c)
|
|
(This used to be commit 8a1c136494de47bae74627b07edea6f72eab37cf)
|