Age | Commit message (Collapse) | Author | Files | Lines |
|
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Fri May 11 13:04:03 CEST 2012 on sn-devel-104
|
|
All callers had that fallback
|
|
as discussed on samba-technical, turn kernel oplocks off by default
to not leave users without the benefits of Level II oplocks
|
|
This matches the behaviour of lib/param.
Andrew Bartlett
|
|
|
|
This will make it easier to share the parameter tables between this
and lib/param.
Andrew Bartlett
|
|
This will make a merge with the lib/param param code easier, as we can then paste lp_ to the front of
all parameters unconditionally.
Andrew Bartlett
|
|
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 7 22:41:21 CET 2012 on sn-devel-104
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
This adds an alisas to ensure that both our loadparm systems know all
the names.
I would like to move to the 'server ..' name as canonical, and this
will be raised on the list.
Andrew Bartlett
|
|
This is not honoured by the common SPNEGO code.
This matches mondern windows versions which do not send this value, as
it would be insecure for a client to rely on it. (See also the
depricated client use spnego principal directive).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
This is intead of the inline, manual spnego code currently
in use.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jan 17 18:55:01 CET 2012 on sn-devel-104
|
|
|
|
this fixes a problem with "max xmit = 32K" resulting in a maximum SMB
transmit size of 32 bytes, which makes for some very interesting
network traces!
This is what was causing smbtorture to consume gigabytes of memory in
the rpc.schannel test
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sat Dec 17 04:19:40 CET 2011 on sn-devel-104
|
|
This uses the same logic as lp_killunused().
metze
|
|
Guenther
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
This #include hack is required as it is not possible to declare a
compile-time sized array in a header file.
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.
This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
This makes the code internally consistant.
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
|
This will help extracting server role processing code in common
library.
|
|
This makes parsing of config files with s3 loadparm code and s4 loadparm
code consistent.
|
|
This should not change the bahavior.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 3 18:33:34 CET 2011 on sn-devel-104
|
|
metze
|
|
So remove the special case for 'Auto'.
metze
|
|
metze
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 21 21:51:18 CEST 2011 on sn-devel-104
|
|
|
|
dbwrap_fetch_bystring_upper() to NTSTATUS
|
|
|
|
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
|
|
metze
|
|
This code is very old, and has some code styles that we have not used
in Samba for a very long time. This fixes up a the extra braces around
return values.
Andrew Bartlett
|
|
|
|
|