Age | Commit message (Collapse) | Author | Files | Lines |
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
|
with smbstatus as to share mode with share modes = No set in samba.
Jeremy.
|
|
If they are not explicitely set in either place both will default to LOCKDIR.
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
it again :-)
|
|
This has been discussed on samba-technical before.
3.3 and newer only!
Karolin
|
|
We don't need to list several combinations of lowercase and uppercase here.
Karolin
|
|
LDAP_SSL_ON is not defined at all. That's why the actual default value
was "" for a long time. Set a more sensible default value without chnging the
default behaviour.
-----8<------------------snip--------------8<--------------
user@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat
include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF,
LDAP_SSL_START_TLS};
param/loadparm.c: Globals.ldap_ssl = LDAP_SSL_ON;
----->8------------------snap-------------->8--------------
It's the same in 3.2 and 3.3 series.
Karolin
|
|
this was introduced by commit 3358a139d2dc77eb4c842d41722b1acc24bd2cb2.
Michael
|
|
and use the abstracted free_one_parameter_common() in old
free_one_parameter_by_snum() as well as in new free_one_parameter()
Michael
|
|
Michael
|
|
Michael
|
|
and use this in lp_local_ptr_by_snum().
Michael
|
|
Michael
|
|
Michael
|
|
|
|
|
|
talloc_autofree_context() instead of NULL.
Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting
to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should
be deleted when their parent context is deleted, so freeing them at some arbitrary point later
will be a double-free.
Jeremy.
|
|
str_list_make(). From Dan Sledz <dan.sledz@isilon.com>:
In samba 3.2 passing NULL or an empty string returned NULL.
In master, it now returns a list of length 1 with the first string set
to NULL (an empty list).
Jeremy.
|
|
|
|
|
|
|
|
Michael
|
|
gfree_loadparm() and TALLOC_FREE(frame) were in the wron order.
Michael
|
|
|
|
|
|
|
|
can cause a client to timeout
(it takes longer than 30 seconds to enumerate them). Make scanning for printers async with a callback
from the main loop. This fixes a bug that was irritating *me* :-).
Jeremy.
|
|
Add new functions free_parameter(), free_parameters() and
free_global_parameters() and use these in the appropriate places,
reducing code duplication.
Also, always TALLOC_FREE data of type P_LIST, thus reducing mem-leaks:
This had not been done in init_globals before.
Michael
|
|
instead of hard coded calculation.
Michael
|
|
Michael
|
|
into new function set_param_opt().
This unifies and clarifies two instances of the code.
Michael
|
|
Michael
|
|
This code was there in three places.
Michael
|
|
There is nothing registry-specific in that function.
Michael
|
|
This is not like testparm, just a simple tool that runs
lp_load_with_registry_shares the requested number of times.
Michael
|
|
Karolin
|
|
The default timeout for connections to CUPS servers is set
to 5 minutes in the CUPS libraries. The smbd hangs on startup
until the timeout is reached if the CUPS server is unreachable.
This parameter makes the timeout configurable. The default value
is set to 30 seconds.
Karolin
|
|
Jeremy
(This used to be commit 4f2de29723bb7e588e6c9440649b57d56d10b587)
|
|
(This used to be commit 60af63675063ad62c0169b9f2094ecfdaa7ca16d)
|
|
Karolin
(This used to be commit fcfab4703628e19902c140a7ad9531d4be0de01d)
|
|
reconnect code to cope with rebooting a DC. This
replaces the code I asked Volker to revert.
The logic is pretty simple. It adds a new parameter,
"winbind reconnect delay", set to 30 seconds by
default, which determines how long to wait between
connection attempts.
To avoid overwhelming the box with DC-probe
forked children, the code now keeps track of
the DC probe child per winbindd_domain struct
and only starts a new one if the existing one
has died.
I also added a little logic to make sure the
dc probe child always sends a message whatever
the reason for exit so we will always reschedule
another connect attempt.
Also added documentation.
Jeremy.
(This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)
|
|
Here is a patch to allow many subsystems to be re-initialized. The only
functional change I made was to remove the null context tracking, as the memory
allocated here is designed to be left for the complete lifetime of the program.
Freeing this early (when all smb contexts are destroyed) could crash other
users of talloc.
Jeremy.
(This used to be commit 8c630efd25cf17aff59448ca05c1b44a41964b16)
|
|
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
|
|
"init logon delays hosts" takes a list of hosts names or addresses
or networks for which the initial SAMLOGON reply should be delayed
(so other DCs get preferred by XP workstations if there are any).
This option takes the same type of list as "hosts allow" does.
"init logon delay" allows one to configure the delay for the hosts
configured for delayed initial samlogon with "init logon delayed hosts".
The value is interpreted as milliseconds. The default value is 100.
This commit only introduces the parameters.
They will be activated in a subsequent commit.
Michael
(This used to be commit f7c1f85438f7e0da2a96e3fc8f774f8c6936370e)
|
|
This one came up while using "csc policy = disabled" instead of
"disable"... ;-)
(This used to be commit d01da44de77abbf724389bce924771f2975867f4)
|
|
It's a bit difficult to explain why
idmap config backend:FOO = rid
should work while
idmap config backend : FOO = rid
should not. And I doubt we will ever see domain names with whitespaces...
(This used to be commit 0207f99d3f02bd8ff5dadc1574fe13b46c3e09a3)
|
|
(This used to be commit 37dba0c192ec7d4105465beae0d6e8598c7dbb7a)
|
|
(This used to be commit 78801431c896f1e2007d652b611c2ce1108e1023)
|