summaryrefslogtreecommitdiff
path: root/source3/sam
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8093: Next round. Now it compiles with --enable-socket-wrapper.Volker Lendecke1-2/+2
Volker (This used to be commit 25cbcfba30f534f3fb31627ba43421c42ccd5b0f)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner1-7/+40
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r7992: Adding PADL's idmap_ad plugin (taken from the latestGünther Deschner1-0/+380
xad_oss_plugins-tarball). Guenther (This used to be commit 1d59841c9901b6a3aff72b6da1037495aa75f389)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter3-19/+19
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6450: * fix typo in htlm_auth help messageGerald Carter1-0/+1
* add synonym for idmap_rid in better lining with other idmap backend names * remove old debug messages when idmap {uid|gid} options are not defined (This used to be commit 03ebf3ebfe83897d8c18e57ed378154d1377874b)
2007-10-10r6445: Make us survive the PARANOID_MALLOC_CHECKER. Should we enable that forVolker Lendecke1-6/+8
--enable-developer=yes? Volker (This used to be commit 61d40ac60dd9c8c9bbcf92e4fc57fe1d706bc721)
2007-10-10r6273: Remove some unused code, minor cleanupVolker Lendecke1-103/+0
(This used to be commit b451434e378e52e8ab6b932d7b26657ea9d0353c)
2007-10-10r5708: BUG 2424: patch from Vince Brimhall <vbrimhall@novell.com> to ensure ↵Gerald Carter1-6/+5
that uidNumber and gidNumber use match the rfc2307 schema (This used to be commit c1727dc9e01f960c1eedf023b4de49ad6f418b18)
2007-10-10r5692: Fix compile warningsVolker Lendecke1-3/+3
(This used to be commit 6fad82d3d536fe2f7184377137d062710b40b4f2)
2007-10-10r5571: fix another breakage on gcc 2.96Gerald Carter1-1/+1
(This used to be commit cadd5a44e7f1d532aa4dad7a4233e5ea2c814a10)
2007-10-10r5568: fix more breakage on gcc 2.96Gerald Carter1-1/+1
(This used to be commit 3eeecff05efec9310cf2bed7c6fe9a6d80dd6d0d)
2007-10-10r5428: Apply some const. LDAP attribs should now be declared const char ↵Volker Lendecke1-5/+5
*attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
2007-10-10r5278: BUG 2327: fix compile bug in idmap_rid.cGerald Carter1-1/+2
(This used to be commit dd55ef25d1b24401a743d0367544e535cd17815c)
2007-10-10r5272: BUG 2132, 2134: patch from Jason Mader <jason@ncac.gwu.edu> to remove ↵Gerald Carter1-4/+2
unused variables (This used to be commit 82c4e2f37f1f4c581cd7c792808c9a81ef80db94)
2007-10-10r4870: Make multi-domain-mode in idmap_rid accessible from outside (can beGünther Deschner1-8/+20
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars Mueller <lmuelle-at-suse.de>. Allow to map ID's for a local SAM and add some more debugging-information. Guenther (This used to be commit 4d8e7c9ff00417b2ebae0c5faccfe9c2c9c44f2e)
2007-10-10r4221: when in the multi-mapping mode of idmap_rid:Günther Deschner1-4/+10
allow BUILTIN domain-mapping. Guenther (This used to be commit e3b067ee99e304aa9e165dae5fcb0546cec711e2)
2007-10-10r4216: fix segfault in idmap_ridGünther Deschner1-2/+2
(only ever shows up when the somewhat hidden IDMAP_RID_SUPPORT_TRUSTED_DOMAINS - define is set). Thanks to Stephan Martin <sm@suse.de> for reporting this bug. Guenther (This used to be commit e7b81d679b487734e12a948f30f0ad88240f17f1)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3758: Increase a debug level. This error condition can actually happen in ↵Volker Lendecke1-1/+1
real life if you have several competing winbinds that might get a lag due to replication. Volker (This used to be commit 1c3f194ab7ab63aeb2284d7e5c7e183340740ceb)
2007-10-10r3498: Optimisation of idmap_rid init: Avoid calling a DC for the domain-sidGünther Deschner1-28/+42
when trusted domains are disabled anyway. Guenther (This used to be commit cd30a0b14adf1e58c19bcbfec385a5794d4ca112)
2007-10-10r3221: Remove check for allow-trusted-domains so that this thing does not ↵John Terpstra1-1/+1
throw-up. (This used to be commit 3d8e19468b8dda3bc84f0bc9174944c8275ed024)
2007-10-10r3151: Add the "no warranty"-section in the licence header.Günther Deschner1-0/+10
Guenther (This used to be commit c9a7bc10b7aa5e1cb7d37ba9b1a8ddb9b0b2dd5e)
2007-10-10r3146: Some cleanup for idmap_rid:Günther Deschner1-155/+150
- fix several memleaks found by valgrind - turn off support for trusted domains (can be reenabled with #define IDMAP_RID_SUPPORT_TRUSTED_DOMAINS 1) - improve readability Guenther (This used to be commit 351a1227e80db5d87b71e17cd1443c11ea6ace4e)
2007-10-10r3145: Add experimental idmap_rid-Plugin.Günther Deschner1-0/+513
Written by Sumit Bose <sbose@suse.de> and myself a while ago. idmap_rid does a direct, static mapping between RIDs and UIDs/GIDs using the idmap-range as offset. It does thus allow to have a unified mapping over several winbindd-systems without having the need of a central LDAP-Server (and all related dependencies and problems this solution can bring). Compile: ./configure --with-shared-modules=idmap_rid Usage: idmap backend = idmap_rid idmp_rid does even allow you to have multiple mappings (for trusted domains). This is a rather problemtic feature and will be turned off by default rather soon. The problem is that ranges can quickly overlap when not measured with caution. idmap backend = idmap_rid:"MYDOMAIN=1000-9999 OTHER=10000-19999" Will valgrind idmap_rid later today and fix a couple of things. Guenther (This used to be commit 49a238bd37105bf1a33d4a230ca594c4cf304dd3)
2007-10-10r3137: Do not simply ignore failing idmap-module init for remotemaps.Günther Deschner1-1/+4
(in preparation of adding idmap_rid) Guenther (This used to be commit e7691f4862da141f530a8e8b1364b9c02e8dc732)
2007-10-10r2691: Increase a debug level for a quite frequent operation.Volker Lendecke1-0/+27
Optimization for 'idmap backend = ldap': When asking sid2id for the wrong type, don't ask ldap when we have the opposite mapping in the local tdb. Volker (This used to be commit c91cff3bd38c1a8e23628b032f09829f9abf792d)
2007-10-10r1430: Although prepared for only one remote backend, make the 'idmap backend'Volker Lendecke1-3/+4
parameter a list instead of a string. This makes idmap backend = ldap:"ldap://localhost/ ldap://fallback/" possible. Volker (This used to be commit ea718347937ec0e5640b29e0e9edf6eda2b45e34)
2007-10-10r1297: Yes, it does survive valgrind for my tests :-)Volker Lendecke1-0/+29
Check in the 'winbind proxy only' mode -- no new parameter required :-) If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it will only proxy the netlogon request and thus speed up the authentication of domain users. Volker (This used to be commit 29235f0c69035376ad7ac27b08a59069fa151102)
2007-10-10r916: Memory leak fix from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-2/+6
Jeremy. (This used to be commit c336ccf4e8a6340f8d786219fbc7e4e5a7877e4e)
2004-03-11Get MungedDial actually working with full TS strings in it for pdb_ldap.Jim McDonough1-8/+8
I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
2004-02-23Janitor for tpot...bugzilla #1098, msleep already exists on aixJim McDonough1-1/+1
(This used to be commit 4319df7fdc2d878c509381923cc1db4d731620ba)
2004-01-06isolate ldap debug messages to the common smbldap_XXX() functionsGerald Carter1-5/+0
(This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a)
2003-11-14fix more memory leaks in the LDAP backend code; patches from metzeGerald Carter1-4/+14
(This used to be commit e079c8842a24ff4f50483bea8ca6b11db4b2dc99)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter1-355/+129
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit ee272414e9965d7d550ba91d4e83997134dd51e6)
2003-09-10Ensure we consistantly translate to/from utf8 for talking to LDAP.Jeremy Allison1-33/+31
Jeremy. (This used to be commit b5d953bc26de5c4e0e1a15f70ae56ea2dd2843f2)
2003-08-15get rid of more compiler warningsHerb Lewis2-4/+4
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-08-132 fixesGerald Carter3-168/+168
* bug #280 (my fault) - initialize sambaNextUserRid and sambaNextGroupRid * Unix users shared vis LDAP or NIS between a samba domain member of a Samba domain are not seen as domain users on the member servers. not as local users. (This used to be commit a030fa373aefde8628def54ca8152f237a0467dc)
2003-08-06rework winbindd_accountdb_init() to reduce error messages in the logGerald Carter1-14/+21
(This used to be commit d98a68e0ebaf2fbd360b826f5df472bc3f94285b)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough2-2/+2
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
2003-08-01Fix copyright statements for various pieces of Anthony Liguori's work.Jim McDonough3-3/+3
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
2003-07-24Some more [ug]id_t printf fixes.Tim Potter1-4/+4
(This used to be commit 165d1ae55622ca1e89c94fc5e40bdf5cddbcab45)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter1-26/+19
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter4-31/+46
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-11moving more code around.Gerald Carter4-3/+450
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter3-1/+32
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-07fix some compile problems. Can't get IDMAP_OBJ our of proto.hGerald Carter1-1/+2
just yet. ` (This used to be commit 6f0b5d474a051db512db2f73a8097c80964ec513)
2003-07-07Cleaning up linking issues. sam/idmap*.c only links inGerald Carter2-279/+1
winbindd now. Also removing an unused file. (This used to be commit 688369c23c604e9b6654fcf07190d2e27c1138cf)
2003-07-07and so it begins....Gerald Carter1-110/+27
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-06This changes our Unix primary GID behaviour back to what most people expect:Andrew Bartlett1-3/+4
Samba will now use the user's UNIX primary group, as the primary group when dealing with the filesystem. The NT primary group is ignored in unix. For the NT_TOKEN, the primary group is the NT priamry group, and the unix primary group is added to the NT_TOKEN as a supplementary group. This should fix bug #109, but will need to be revisited when we get a full NT group database. Also in this commit: - Fix debug statements in service.c - Make idmap_ldap show if it's adding, or modifying an existing DN - Make idmap_ldap show both the error message and error string (This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-2/+4
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)