summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-0/+8
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-2/+2
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07and so it begins....Gerald Carter1-6/+9
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-05This parameter is unused.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 3dd767841666068a1b32c71b03a8e7bc797087be)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-3/+3
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-30Add the 'guest' passdb backend automatically ifVolker Lendecke1-2/+2
guest account != "" Volker (This used to be commit 21d330af107f744af9569b5577afc6e7ba6a269c)
2003-06-30- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)Andrew Tridgell1-1/+6
- changed --enable-developer debug to use -gstabs as it makes the samba binaries about 10x smaller and is still quite functional for samba debugging (This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
2003-06-25large change:Gerald Carter1-3/+0
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-24Move the map acl inherit parameter into the protocol section.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 076d9a3c9bc264d9456a67da9366bd73d3ce69d5)
2003-06-20Missed initial param, typo.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 036a551b10f1cb436ea36acbb40983249de8310d)
2003-06-20Mapping of Windows ACL inheritance and protected bits onto extended attributesJeremy Allison1-0/+3
if available. Adds new parameter "map acl inheritance" (docs coming soon) off by default. Allows W2K acl inheritance dialogs to work correctly on POSIX acls. Jeremy. (This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)
2003-06-10when creating aliased parameters in loadparm.c you *must* place theAndrew Tridgell1-1/+1
alias directly after the main entry, otherwise it isn't treated as an alias. (This used to be commit 0f3d44858f49c3f9f191b2a3b47d58882e899421)
2003-06-08Enforce 'client plaintext auth', 'client lanman auth' and 'client ntlmv2 auth'.Andrew Bartlett1-0/+19
(this now causes things like the LANMAN protocol and contacting servers with 'encrypt passwords = no' set to fail, if configured) 'client ntlmv2 auth' (a BOOL) forces both plaintext and lanman off, and is the most secure setting for compatible hosts. Perhaps we should change this to 'client minimum auth'? Andrew Bartlett (This used to be commit e1fb681e4c921456fde154b87687722a18ed4aac)
2003-06-07add back the winbind uid/gid parameter but mark them as deprecatedGerald Carter1-0/+2
(This used to be commit 61215c68493c200c22ea64edb299d69f46c6ab0a)
2003-06-06support LDAP_EXOP_MODIFY_PASSWORD (not experiemental in OpenLDAP 2.1)Gerald Carter1-6/+4
(This used to be commit 50fdc938222112b5470d05d8cd15386bd0a112df)
2003-06-06* add in David Lee's utmp patch (defaults to on if available)Gerald Carter1-4/+0
* one more try at fixing builds when --with-ldap=no (This used to be commit b516ab7bdef6b6b2b7f0df8966dbd4c329f46a92)
2003-06-06* break out more common code used between pdb_ldap and idmap_ldapGerald Carter1-75/+51
* remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
2003-06-03* set winbind cache time to 5 minutesGerald Carter1-1/+1
* quit obsessing over the sequence number so much * share the updated sequence number between parent and child winbindd processes in dual mode (This used to be commit 6f99cafa95b2a9dc98d8272fe6a54e9d37098340)
2003-06-03Merge change winbindd cache time 15 -> 120 secs.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5acdf6752e187d329c4e59dd167e86549119c670)
2003-05-29Fix bugzilla #117: winbindd looping on 100+char usernameJim McDonough1-20/+10
This modifies lp_string to use alloc_sub_basic to allow any length substitution instead of fixed at 100 chars. (This used to be commit cad9d88a6125369a43f710a8870300b6f40d899c)
2003-05-14*****LDAP schema changes*****Gerald Carter1-1/+1
New objectclass named sambaSamAccount which uses attribute prefaced with the phrase 'samba' to prevent future name clashes. Change in functionality of the 'ldap filter' parameter. This always defaults to "(uid=%u)" now and is and'd with the approriate objectclass depending on whether you are using ldapsam_compat or ldapsam conversion script for migrating from sambaAccount to sambaSamAccount will come next. (This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-35/+54
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12Add NT quota support. Patch from Stefan (metze) MetzemacherAlexander Bokovoy1-0/+6
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab 2. Disabled by default and when requested, will be probed and enabled only on Linux where it works 3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far Documentation to follow (This used to be commit 4bf022ce9e45be85609426762ba2644ac2031326)
2003-05-11Fix VFS layer:Alexander Bokovoy1-13/+6
1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978)
2003-05-09removing total print jobs since it is not used anymoreGerald Carter1-2/+0
(This used to be commit b87be0dddfcace95527b9a05f8f81cd6d2e86d39)
2003-05-02Now that multi-pdu schannel works and a but in the negotiator has beenVolker Lendecke1-2/+2
fixed I would like to see this tested a bit more. Default the schannel stuff to auto which means 'offer, but do not enforce'. Volker (This used to be commit 7a1b8409bed13d0e7742cbcd3b0fa79b0c671404)
2003-04-29removing printing = SOFTQ since no one knows what it isGerald Carter1-12/+0
(This used to be commit 283953472229952f7f2613a207515580cd0919c3)
2003-04-28A new pdb_ldap!Andrew Bartlett1-40/+2
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
2003-04-24Patch from Stephan Metzmacher to add default arguments to lp_parm() smb.confJelmer Vernooij1-88/+362
parameters. Does not break binary compatibility with older modules. (This used to be commit 147c4d56d873a20a49194c5b036a3694299b1b48)
2003-04-23Updated FLAGs - Affects only SWAT.John Terpstra1-7/+8
(This used to be commit 80f2790eb9c1382c91e5e2668f3b8d82c220ce51)
2003-04-23Merge the 'safe' parts of my StrnCpy patch - many of the users really wantedAndrew Bartlett1-2/+5
a pstrcpy/fstrcpy or at most a safe_strcpy(). These have the advantage of being compiler-verifiable. Get these out of the way, along with a rewrite of 'get_short_archi' in the spoolss client and server. (This pushes around const string pointers, rather than copied strings). Andrew Bartlett (This used to be commit 32fb801ddc035e8971e9911ed4b6e51892e9d1cc)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-0/+5
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-23Try to keep existing behaviour for our printing code - never returnAndrew Bartlett1-17/+6
global_myname(), always either the name the client called us, or if they didn't call us anything useful, our IP address. Jerry, can you check this? Andrew Bartlett (This used to be commit 599e70bffbae9930b949c9b82cbc8dfc7c966d78)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-0/+1
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-18'vfs object' is a list not a string (we have cascaded VFS modules in 3_0 asJelmer Vernooij1-20/+3
well now) (This used to be commit 6220068d48f1fc5c85ff68a791e4e34e92cb4a0a)
2003-04-17Remove SamBackend variable (is already gone in HEAD)Jelmer Vernooij1-1/+0
(This used to be commit 3a99e5a2dbc88a2234ca08ca1e7b50f14ff9bce9)
2003-04-14Add some more functions for the modules (backport from HEAD):Jelmer Vernooij1-0/+4
- init_modules() - smb_probe_module() (This used to be commit b3328dab2fa069af300b4076695bf6c359501111)
2003-04-11Set the default schannel parameters to False until we know more.Volker Lendecke1-2/+2
Volker (This used to be commit eef7db25ec786d4448915b08487b14b69b88ce64)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+4
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-04-06Merge the TNG netlogon schannel from HEAD.Volker Lendecke1-0/+4
No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)
2003-03-313 things:Volker Lendecke1-1/+0
* Remove 'ldap del only sam attr' after asking Lars Mueller from SuSE first. It is replaced by 'ldap delete dn' * Fix a typo in docs. * Document 'set primary group script'. Volker (This used to be commit 0be502a9c09ff319c87394bb36665be9731c23bb)
2003-03-23Merge from HEAD:Volker Lendecke1-4/+5
This adds 'ldap delete dn' as the recommended parameter for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
2003-03-22(merge from HEAD) Valgrind found some memory leaks!Andrew Bartlett1-0/+1
(This used to be commit 8315b9c3119dde62aeb72ad5e20f63aee89abd0b)
2003-03-22(merge from HEAD)Andrew Bartlett1-0/+3
Small clenaup patches: - safe_string.h - don't assume that __FUNCTION__ is available - process.c - use new workaround from safe_string.h for the same - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc() - gencache.c - Keep valgrind quiet by always null terminating. - clistr.c - Add copyright - srvstr.h - move srvstr_push into a .c file again, as a real function. - srvstr.c - revive, with 'safe' checked srvstr_push - loadparm.c - set a default for the display charset. - connection.c - use safe_strcpy() Andrew Bartlett (This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett1-2/+2
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
2003-03-19Merge from HEAD.Volker Lendecke1-0/+4
Volker (This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
2003-03-18const warning fix.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 478a5c654a6d2765b726e9a8ef64af7716cb56c0)
2003-03-12fixed a strcat noticed by metzeAndrew Tridgell1-1/+1
(This used to be commit 533fe94db95fbb819b35251d9832c925584b7eca)
2003-03-01Added limit to number of jobs enumerated. Set to 0 (means no limit).Jeremy Allison1-0/+4
Yes I will add the docs.... Jeremy. (This used to be commit e1b0001c8df9e9823b42a372ca675188570b252a)
2003-02-24Merge paramaters for client-side-auth updates.Andrew Bartlett1-0/+11
(This used to be commit 68d34711279aa5959778974018df77726b915858)