Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Guenther
|
|
Guenther
|
|
(This used to be commit 85db87c451dacf80e9575c04e9e08c625b3f1199)
|
|
Reduce dependency on "cli" member of rpc_pipe_client struct
(This used to be commit 2e4c1ba38963cffe4c3f25ab24bc28975f2fc291)
|
|
This reduces the dependency on cli_state
(This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
|
|
Guenther
(This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)
|
|
Guenther
(This used to be commit 042173b00e023b4d4e7739524e24baa8803850bd)
|
|
Guenther
(This used to be commit 72ad42fee30242eb57ae0db825127fdb8f9375fd)
|
|
Guenther
(This used to be commit 2ab1167e156e989f4b60fcb4dbc7d7eefc64bed0)
|
|
Guenther
(This used to be commit c58be24cd43092e5ebf7aa84f167a5cc8344edfc)
|
|
Guenther
(This used to be commit d54456f3c42f123af5516c6f75c87b279fdc775f)
|
|
Guenther
(This used to be commit 4f3e97cbae3df8e12db37b8a8a0eaee947fa723a)
|
|
Guenther
(This used to be commit 609c40fdd9b4c94cdf5b25cd6ac39a2a57432e0d)
|
|
Guenther
(This used to be commit 8abeea9922ac09e7307730ee7695453718356873)
|
|
Guenther
(This used to be commit 6bbe0fde6ebb5c1ea00ea24d3bdbffbf6f246bd6)
|
|
I added an alias in rpcclient's netlogon command table.
Guenther
(This used to be commit 1a900e08e92484407d69661517f08e675a3c352a)
|
|
Guenther
(This used to be commit 227f5755c8844dbff8d66adec3d7fd94b583358f)
|
|
Guenther
(This used to be commit 2caed3f816d29bd7dfa36df3ddd6aeba5bbfa252)
|
|
Guenther
(This used to be commit cb44c901c1bc66da9f3636020401238ce0005105)
|
|
Guenther
(This used to be commit 231a4d051f24af7cf5bf13d7dd613f33dc06f21a)
|
|
Guenther
(This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220df622322857dfe102fa35e108f932dc)
|
|
for fine
grained KDC DNS queries).
Guenther
(This used to be commit 3263cd680fe429430d789b284464fca72ef45719)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Guenther
(This used to be commit 5e75ea7f2b568d76c8ced5f43171741532cc97c2)
|
|
(This used to be commit eccd50abdaed3e4e06cc5da5473ca1beeb3fc49a)
|
|
were using
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
(This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
|
|
netr_DsRGetDCNameEx2) and add new ds request and reply flags, also add some
more WERROR codes.
Guenther
(This used to be commit 37ae7f419702c563bcd0d9c27c02bde7efd34dd7)
|
|
logon parameter as the code was written.
Jeremy.
(This used to be commit 7f1aee96a09d77de76b2cdbe5c2e6f27e6968b09)
|
|
Guenther
(This used to be commit 5d4747fdf2e5874cb5d2238ee62e4fcac1676134)
|
|
Guenther
(This used to be commit 4106a56d3f4edb2e07e876204743a1cb028c950a)
|
|
gives just any DC), also make sure to set timeouts in rpcclient
accordingly so that we actually get the DC's reply.
Guenther
(This used to be commit 6091c8152a3998d2503cb0911a217ee904509633)
|
|
Guenther
(This used to be commit 44e228ac796fca2db8509915067511ed705032bf)
|
|
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
|
|
Guenther
(This used to be commit 52d721b6384cf6f94e1ebb59d21bf09737a539b5)
|
|
Guenther
(This used to be commit c54430a7b5e40d3bdf8afdc813eb722c0a3b861e)
|
|
you the IP
address but also the fqdn of the remote dc and site info.
Volker
(This used to be commit 62d01ce7e6c14971084c208ab61f379cb172cb22)
|
|
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit 2d68fdf06b3b027227ab77372b001b13fd2b494d)
|
|
a DC it trusts.
Volker
(This used to be commit ae6840320ff47827c2817549fe3133a57e3fe77f)
|
|
- When connecting to the NETOGON pipe, we make a call to auth2, in order
to verify our identity. This call was being made with negotiation flags
of 0x1ff. This caused our account to be downgraded. If we instead make
the call with flags > 1ff (such as 0x701ff), then this does not occour.
- This is *not* related to the use of kerberos for the CIFS-level connection
My theory is that Win2k has a test to see if we are sending *exactly* what
NT4 sent - setting any other flags seems to cause us to remain intact.
Also ensure that we only have 'setup schannel' code in a few places, not
scattered around cmd_netlogon too.
Andrew Bartlett
(This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
|
|
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to
all of Samba's clients.
When connecting to an Active Directory DC, you must initiate the CIFS level
session setup with Kerberos, not a guest login. If you don't, your machine
account is demoted to NT4.
Andrew Bartlett
(This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
|
|
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.
Volker
(This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
(This used to be commit 6a1d99d318c2dddc01d8262f31c7afbe9bb1a286)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing against platforms
different from NT4SP6.
Volker
(This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
|