summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2003-10-01mark 'mangled map' as depcreated and remove 'mangled stack'Gerald Carter1-4/+1
(This used to be commit cd06472e420ba0647a73c6e04d180c088acdb626)
2003-09-24Don't #ifdef an AFS option with WITH_ADS. Thanks, jerry!Volker Lendecke1-1/+1
Volker (This used to be commit a6c54cbe205a6882d49fc77c04ed21b4f1de4396)
2003-09-23This only touches the fake kaserver support. It adds two parameters:Volker Lendecke1-0/+7
afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
2003-09-10remove references to 'strip dot'Gerald Carter1-4/+0
(This used to be commit 5c0c9d68b44f867bf6c2b24b9fd9ba2408b9f83c)
2003-09-06address bug #359. Andrew B's patch for implementing clientGerald Carter1-1/+2
portion of NTLMv2 key exchange. Also revert the default for 'client ntlmv2 auth' to no. This caused no ends of grief in different cases. And based on abartlet's mail.... > All I care about at this point is that we use NTLMv2 > in our client code when connecting to a server that > supports it. There is *no* way to tell this. The server can't tell us, because it doesn't know what it's DC supports. The DC can't tell us, because it doesn't know what the trusted DC supports. One DC might be Win2k, and the PDC could be an older NT4. (This used to be commit fe585d49cc3df0d71314ff43d3271d276d7d4503)
2003-09-05More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison1-3/+3
as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-09-05revert the change from r1.414 in HEAD that removed theGerald Carter1-7/+2
ability to use variables in paths for the [homes] service. (This used to be commit 8fd13b63103b3c144bdd170edcb3b642dfd9bb54)
2003-09-04More hand-tuning of the fastpath. Don't do strlen() when we're doingJeremy Allison1-2/+4
to walk to the end anyway. Jeremy. (This used to be commit 467cafdb1f7ddfb4278824f385b732975246a4f5)
2003-08-28revert a change to r1.397.2.91 because to operate like the docs; browseable ↵Gerald Carter1-0/+7
for new home directories should be inheritied from the global defaults, not [homes] (This used to be commit ea54bfc211f874c23b79572d8fb89bac73ec21a3)
2003-08-27remove 'ldap trust ids' since there was no way for it to work nowGerald Carter1-3/+0
(This used to be commit 3724063f1518c25e33ba6b65cd3bb1e36cec51fa)
2003-08-27Fix the character set handling properly in nmbd. Also fix bug whereJeremy Allison1-4/+11
iconv wasn't re-initialised on reading of "charset" parameters. This caused workgroup name to be set incorrectly if it contained an extended character. Jeremy. (This used to be commit 84ae44678a6c59c999bc1023fdd9b7ad87f4ec18)
2003-08-22fix compile problem (stray character)Gerald Carter1-1/+1
(This used to be commit 9554a661c2400e9148f7572e4de20064faea5f2a)
2003-08-22ensure that 'available = no' works for [homes]; reported by Walter HaidingerGerald Carter1-3/+1
(This used to be commit 1278d2496162c6427729a795dd940b9863261a6d)
2003-08-21Turn UNIX extensions on by default. Yes I will change the docs :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 17b09eed96fa2793a5947fa811e8543a1b263d6f)
2003-08-20metze's autogenerate patch for version.hGerald Carter1-1/+1
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
2003-08-19- Update 'preload modules' documention (bug #304)Jelmer Vernooij1-2/+1
- Fix WINS Server List in SWAT (bug #197) - Don't segfault SWAT when adding shares (bug #254) (This used to be commit dd43a29504fe2b6f9d13cdb9431347927548fc10)
2003-08-15Fix charset detection code in configure.Alexander Bokovoy1-3/+3
Now we are: 1. Try to find correct name for default character sets for the platform 2. Use DEFAULT_{DOS|DISPLAY|UNIX}_CHARSET defines set during configure phase as defaults This should fix CP850 problem on Solaris (at least) because it actually has IBM850 which is the same but under different name (This used to be commit 836b9fffa0eadc818019ba36ed764e97d4f9a801)
2003-08-11Make client signing auto.Jeremy Allison1-0/+4
Jeremy. (This used to be commit e66bfe212db1cec751f4024f631600fa2a3eb07c)
2003-08-11Fix typos.Volker Lendecke1-1/+1
Volker (This used to be commit d07f173767678187237c9fc767c0a05f0b8c7d32)
2003-08-08Turn on client ntlmv2 by default.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 729b468f7e0e5522dfdede481947826851842483)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough1-1/+1
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough1-1/+1
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-28Cleanup of loadparm and swat to correctly display all parameters as required.John Terpstra1-409/+413
No change to what is displayed has been made at this time. I do intend to change the display order before 3.0.0 ships. (This used to be commit de7d3063d9e07255da2cc4e67afa50c1e2ddf321)
2003-07-18Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison1-1/+1
I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-17Putting the framework for server signing in place. Ensure we don't useJeremy Allison1-1/+10
sendfile when signing (I need to add this for readbraw/writebraw too...). Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
2003-07-16Refactor signing code to remove most dependencies on 'struct cli'.Jeremy Allison1-6/+11
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-2/+21
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-0/+8
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-2/+2
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07and so it begins....Gerald Carter1-6/+9
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-05This parameter is unused.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 3dd767841666068a1b32c71b03a8e7bc797087be)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-3/+3
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-30Add the 'guest' passdb backend automatically ifVolker Lendecke1-2/+2
guest account != "" Volker (This used to be commit 21d330af107f744af9569b5577afc6e7ba6a269c)
2003-06-30- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)Andrew Tridgell1-1/+6
- changed --enable-developer debug to use -gstabs as it makes the samba binaries about 10x smaller and is still quite functional for samba debugging (This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
2003-06-25large change:Gerald Carter1-3/+0
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-24Move the map acl inherit parameter into the protocol section.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 076d9a3c9bc264d9456a67da9366bd73d3ce69d5)
2003-06-20Missed initial param, typo.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 036a551b10f1cb436ea36acbb40983249de8310d)
2003-06-20Mapping of Windows ACL inheritance and protected bits onto extended attributesJeremy Allison1-0/+3
if available. Adds new parameter "map acl inheritance" (docs coming soon) off by default. Allows W2K acl inheritance dialogs to work correctly on POSIX acls. Jeremy. (This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)
2003-06-10when creating aliased parameters in loadparm.c you *must* place theAndrew Tridgell1-1/+1
alias directly after the main entry, otherwise it isn't treated as an alias. (This used to be commit 0f3d44858f49c3f9f191b2a3b47d58882e899421)
2003-06-08Enforce 'client plaintext auth', 'client lanman auth' and 'client ntlmv2 auth'.Andrew Bartlett1-0/+19
(this now causes things like the LANMAN protocol and contacting servers with 'encrypt passwords = no' set to fail, if configured) 'client ntlmv2 auth' (a BOOL) forces both plaintext and lanman off, and is the most secure setting for compatible hosts. Perhaps we should change this to 'client minimum auth'? Andrew Bartlett (This used to be commit e1fb681e4c921456fde154b87687722a18ed4aac)
2003-06-07add back the winbind uid/gid parameter but mark them as deprecatedGerald Carter1-0/+2
(This used to be commit 61215c68493c200c22ea64edb299d69f46c6ab0a)
2003-06-06support LDAP_EXOP_MODIFY_PASSWORD (not experiemental in OpenLDAP 2.1)Gerald Carter1-6/+4
(This used to be commit 50fdc938222112b5470d05d8cd15386bd0a112df)
2003-06-06* add in David Lee's utmp patch (defaults to on if available)Gerald Carter1-4/+0
* one more try at fixing builds when --with-ldap=no (This used to be commit b516ab7bdef6b6b2b7f0df8966dbd4c329f46a92)
2003-06-06* break out more common code used between pdb_ldap and idmap_ldapGerald Carter1-75/+51
* remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
2003-06-03* set winbind cache time to 5 minutesGerald Carter1-1/+1
* quit obsessing over the sequence number so much * share the updated sequence number between parent and child winbindd processes in dual mode (This used to be commit 6f99cafa95b2a9dc98d8272fe6a54e9d37098340)
2003-06-03Merge change winbindd cache time 15 -> 120 secs.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5acdf6752e187d329c4e59dd167e86549119c670)
2003-05-29Fix bugzilla #117: winbindd looping on 100+char usernameJim McDonough1-20/+10
This modifies lp_string to use alloc_sub_basic to allow any length substitution instead of fixed at 100 chars. (This used to be commit cad9d88a6125369a43f710a8870300b6f40d899c)
2003-05-14*****LDAP schema changes*****Gerald Carter1-1/+1
New objectclass named sambaSamAccount which uses attribute prefaced with the phrase 'samba' to prevent future name clashes. Change in functionality of the 'ldap filter' parameter. This always defaults to "(uid=%u)" now and is and'd with the approriate objectclass depending on whether you are using ldapsam_compat or ldapsam conversion script for migrating from sambaAccount to sambaSamAccount will come next. (This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-35/+54
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12Add NT quota support. Patch from Stefan (metze) MetzemacherAlexander Bokovoy1-0/+6
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab 2. Disabled by default and when requested, will be probed and enabled only on Linux where it works 3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far Documentation to follow (This used to be commit 4bf022ce9e45be85609426762ba2644ac2031326)