Age | Commit message (Collapse) | Author | Files | Lines |
|
bad time locally, updating the directory only for hitting the policy limit
or resetting.
This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit. It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.
The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends. tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
|
|
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring. There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
|
|
A windows DC does not reply to DCNAME\\Administrator, only to
DOMAIN\\Administrator. Fix that.
Without winbind we are wrong as domain members, we should forward the request
DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that
nicely.
Volker
(This used to be commit 7ed61edbbedbdee25f750aa30c13479764aa1af2)
|
|
(This used to be commit f6bb3304fc5ef298a921b9ee5ad2f6444b0e72bc)
|
|
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit 191b43159e7358541be9a3deac8c447885145442)
|
|
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
|
|
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.
For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.
Andrew Bartlett
(This used to be commit 9ffc490fce215dcaed8ebfc1db85f5017a692ca4)
|
|
(This used to be commit 84fe24e64ee405bb25878c1e5fdf50592eb75f73)
|
|
(This used to be commit 9a79f9fbcb43085e419dbccd670a54256d01cb4b)
|
|
(This used to be commit 600fcd534b6e101b6a12774946b0e9814c6f54a8)
|
|
(This used to be commit 557f598c63f64c1c5b982a9057c0eea2a2ff2ee5)
|
|
(This used to be commit 730c07cac2166812f4a2da5cfba7152d168b2bdd)
|
|
Jelmer, can you look at the sql and xml backends please to verify?
(This used to be commit b7706f7e258516d83646aca8c367508bc1c8f0dd)
|
|
(This used to be commit cfe80f0df7ecfa6c689b03b9bed80ea80701a4c1)
|
|
(This used to be commit ee8f142b874a5bd365e59f68fb48ff3fec82fcda)
|
|
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes.
(This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
|
|
the prototype at the beginning, and change some comments so diffs to HEAD
aren't filled with useless info.
(This used to be commit 7b40f6c464ecbd40ab3fdf32b53da1e61475d2e7)
|
|
more testing tomorrow but initial results seem ok
(This used to be commit daee8d7feee4a08d6c204e2de3f346b6d10640e6)
|
|
Jeremy.
(This used to be commit e914230a2d1a7b515bd7859d655d6555b7d3e67e)
|
|
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
|
|
Volker
(This used to be commit 6c78a096a5c4a8ae21e846505f6ac2df826d5cbd)
|
|
Volker
(This used to be commit 38c9b775ce029e1d480d89d4adb0d1bd45a28fe6)
|
|
This should ensure that the value it returns is always consistant.
Andrew Bartlett
(This used to be commit a4392ede33019b7584bf6a2d8445adb5191e640f)
|
|
in pdb_encode_acct_ctrl() (All current callers are fine)
Andrew Bartlett
(This used to be commit 01be89eb438567cfe0a002a247fe2d314b01f9da)
|
|
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
(This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
|
|
wrappers
(This used to be commit e62ef2ba2d73f492d879af4d06b223f8e739dc6c)
|
|
(This used to be commit 7a36cc4ac0ff4d9c42eb9ddaf41bf33b4e8cd7c6)
|
|
rather than writing XXXXX
Andrew Bartlett
(This used to be commit ab7dd748a98361ac9c1c3ca52e9a97aee3f93e6f)
|
|
ACB_PWNOTREQ bit set
(This used to be commit 52bf070b10ca99be7e4b9d1b5e32f69d2667d8f4)
|
|
(This used to be commit 9e590d603547ef1e8388bea66eb5d44e4dfd6412)
|
|
(This used to be commit 54fd3992c385fd6208c061131b2c98e448baf2c2)
|
|
rafal
(This used to be commit 5d7f81eea2f3d9ba59eb549a45de030b0a277263)
|
|
just use one function for both places.
Andrew Bartlett
(This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
|
|
(This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a)
|
|
- Add pgSQL backend (based on patch by Hamish Friedlander)
- Use query generate functions from pdb_mysql and pdb_pgsql
- Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change
(This used to be commit 65ad2c02fd2bf36d535c279ad290ab81e39f6816)
|
|
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name->sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
|
|
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)
Andrew Bartlett
(This used to be commit 9080c30de8aa96ed3b9b121ca111f1632572754e)
|
|
(For 'ldap password sync = yes')
Andrew Bartlett
(This used to be commit 5b682aef678cc9ee135852d7ee6b8c159902fab7)
|
|
(This used to be commit 33a1a374ebb44c839d995d11e1229767fc679678)
|
|
group.
Jeremy.
(This used to be commit 72252fb0b207205d41a2ec50f6d364bf0bb21747)
|
|
<appro@fy.chalmers.se>
(This used to be commit ac7a60abf2c465b518a3eb7502fa8eee767c8b22)
|
|
(This used to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)
|
|
(This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
|
|
(This used to be commit 464b410734c46bc55f2427e99ecf61bad7e3b244)
|
|
(This used to be commit 4bc58129e073973620aed1bfb161ee83c1863f81)
|
|
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
|
|
(not /etc/group) even when doing local aliases
* remove "hide local users" parameter; we have this
behavior built into 3.0
(This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
|
|
(This used to be commit e079c8842a24ff4f50483bea8ca6b11db4b2dc99)
|
|
* revert the change that prevent the guest
account from being added to a passdb backend
since it broke the build farm.
* apply patch from Alex Deiter to fix the
"smbldap_open: cannot access when not root
error" messages when looking up group
information (bug 281)
(This used to be commit 9b8bf6a950186bd95abe952af4a7d35829b34ff8)
|
|
UNIX entity foo to DOMAIN\foo instead of SERVER\foo
on members of a Samba domain when all UNIX accounts
are shared via NIS, et. al.
* allow winbindd to match local accounts to domain SID
when 'winbind trusted domains only = yes'
* remove code in idmap_ldap that searches the user
suffix and group suffix. It's not needed and
provides inconsistent functionality from the tdb backend.
This has been tested. I'm still waiting on some more feedback
but This needs to be in 3.0.1pre2 for widespread use.
(This used to be commit ee272414e9965d7d550ba91d4e83997134dd51e6)
|