Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit 6bbe0fde6ebb5c1ea00ea24d3bdbffbf6f246bd6)
|
|
I added an alias in rpcclient's netlogon command table.
Guenther
(This used to be commit 1a900e08e92484407d69661517f08e675a3c352a)
|
|
Guenther
(This used to be commit 227f5755c8844dbff8d66adec3d7fd94b583358f)
|
|
Guenther
(This used to be commit 2caed3f816d29bd7dfa36df3ddd6aeba5bbfa252)
|
|
Guenther
(This used to be commit cb44c901c1bc66da9f3636020401238ce0005105)
|
|
Guenther
(This used to be commit 231a4d051f24af7cf5bf13d7dd613f33dc06f21a)
|
|
Guenther
(This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220df622322857dfe102fa35e108f932dc)
|
|
for fine
grained KDC DNS queries).
Guenther
(This used to be commit 3263cd680fe429430d789b284464fca72ef45719)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Guenther
(This used to be commit 5e75ea7f2b568d76c8ced5f43171741532cc97c2)
|
|
(This used to be commit eccd50abdaed3e4e06cc5da5473ca1beeb3fc49a)
|
|
were using
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
(This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
|
|
netr_DsRGetDCNameEx2) and add new ds request and reply flags, also add some
more WERROR codes.
Guenther
(This used to be commit 37ae7f419702c563bcd0d9c27c02bde7efd34dd7)
|
|
logon parameter as the code was written.
Jeremy.
(This used to be commit 7f1aee96a09d77de76b2cdbe5c2e6f27e6968b09)
|
|
Guenther
(This used to be commit 5d4747fdf2e5874cb5d2238ee62e4fcac1676134)
|
|
Guenther
(This used to be commit 4106a56d3f4edb2e07e876204743a1cb028c950a)
|
|
gives just any DC), also make sure to set timeouts in rpcclient
accordingly so that we actually get the DC's reply.
Guenther
(This used to be commit 6091c8152a3998d2503cb0911a217ee904509633)
|
|
Guenther
(This used to be commit 44e228ac796fca2db8509915067511ed705032bf)
|
|
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
|
|
Guenther
(This used to be commit 52d721b6384cf6f94e1ebb59d21bf09737a539b5)
|
|
Guenther
(This used to be commit c54430a7b5e40d3bdf8afdc813eb722c0a3b861e)
|
|
you the IP
address but also the fqdn of the remote dc and site info.
Volker
(This used to be commit 62d01ce7e6c14971084c208ab61f379cb172cb22)
|
|
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit 2d68fdf06b3b027227ab77372b001b13fd2b494d)
|
|
a DC it trusts.
Volker
(This used to be commit ae6840320ff47827c2817549fe3133a57e3fe77f)
|
|
- When connecting to the NETOGON pipe, we make a call to auth2, in order
to verify our identity. This call was being made with negotiation flags
of 0x1ff. This caused our account to be downgraded. If we instead make
the call with flags > 1ff (such as 0x701ff), then this does not occour.
- This is *not* related to the use of kerberos for the CIFS-level connection
My theory is that Win2k has a test to see if we are sending *exactly* what
NT4 sent - setting any other flags seems to cause us to remain intact.
Also ensure that we only have 'setup schannel' code in a few places, not
scattered around cmd_netlogon too.
Andrew Bartlett
(This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
|
|
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to
all of Samba's clients.
When connecting to an Active Directory DC, you must initiate the CIFS level
session setup with Kerberos, not a guest login. If you don't, your machine
account is demoted to NT4.
Andrew Bartlett
(This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
|
|
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.
Volker
(This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
(This used to be commit 6a1d99d318c2dddc01d8262f31c7afbe9bb1a286)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing against platforms
different from NT4SP6.
Volker
(This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
|
|
(This used to be commit fb91bfa7a28f548dcc549f7e09805e4485c83538)
|
|
(This used to be commit a20aba09996e470425a151271237f2d48a8302af)
|
|
from APP_HEAD
(This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
Ignacio you can update your howto ;-)
samsync: a small patch to try chaning challenges.
J.F.
(This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
|
|
the validation level.
(This used to be commit c79e94ea27aab31423b1bdc34e9cff25688dbe5f)
|
|
there's a bug in the marshalling of net_sam_logon.
(This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
|
|
rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe
opening stuff up one level. Moved rpcclient.h into rpcclient directory and
out of includes/smb.h
(This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit e0bdcbc5994345fdc76f7590dba7bce5f0127d58)
|
|
the build farm
(This used to be commit 5bb7e4f0f65edf1db20245f403cbe81833134240)
|
|
Reverse-engineered the sam replication protocol from staring at hex dumps
for a while. It's pretty similar to the sam sync protocol with a couple of
different delta header types.
I wasn't able to figure out the format of the privilege stuff - needs more
time and a whiteboard. (-:
The impressive bit is that the sam sync stuff from tng basically just
worked thanks mainly to Luke Leighton's efforts in this area.
(This used to be commit 3a60cb44f22d5f3f8c78a56ed8f5ea4794cd7ab3)
|