| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
domain code
(This used to be commit 9eb743584d32cdb67e0512ac915c34565bce1c01)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
lp_load() could not be called multiple times to modify parameter settings based
on reading from multiple configuration settings. Each time, it initialized all
of the settings back to their defaults before reading the specified
configuration file.
This patch adds a parameter to lp_load() specifying whether the settings should
be initialized. It does, however, still force the settings to be initialized
the first time, even if the request was to not initialize them. (Not doing so
could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
|
|
All 'usage' messages are still printed to stdout.
Fix some compiler warnings for system() calls where we didn't used the
return code. Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
|
|
(This used to be commit 9ca8edc26e66887d6333943bc6a9776352c657fc)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Guenther
(This used to be commit bf67a8611491ed748c6975787ce2f0572586a3c6)
|
|
(This used to be commit 1e9a8854b1f3bd640096923dc79991654da7e845)
|
|
modeled after query_displayinfo and should hide the differences between users,
groups and aliases while allowing a cache analog load_sampw_entries:
struct pdb_search *pdb_search_users(uint16 acct_flags);
struct pdb_search *pdb_search_groups(void);
struct pdb_search *pdb_search_aliases(const DOM_SID *sid);
uint32 pdb_search_entries(struct pdb_search *search, uint32 start_idx,
uint32 max_entries,
struct samr_displayentry **result);
void pdb_search_destroy(struct pdb_search *search);
Why this API? Eventually we will need to apply the work gd has started on
enumerating users with paged ldap searches to groups and aliases. Before doing
that I want to clean up the search routines we have.
The sample application (more to follow) is 'net maxrid'.
Volker
(This used to be commit 8b4f67a1e9d459145cde10b1064781d58d62b805)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
Implement 'net afs impersonate', generate a token for a specified user. You
obviously need to be root for this operation.
Volker
(This used to be commit 5818b092e6e50d38238b0520329eb8912125c90a)
|
|
To get all entries use a 0 acb_mask.
Guenther
(This used to be commit bc729f8fd877236a503cc9df64138b2be2e1a91d)
|
|
(This used to be commit f1d59c3a2693fe36b9abe9c1da4b703c5543f938)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
First check to see if we can open secrets.tdb.
(This used to be commit 81e3c78d056c0a7499b8f27dcd37a13e725053ee)
|
|
(usersidlist/allowedusers) to scan a file server's share and list all users
who have permission to connect there.
Volker
(This used to be commit f7f84aa1ded70af3882e4122f34d5c7eed746993)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).
This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.
Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.
Guenther
(This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
|
|
local netbios-alias bound to non-loopback interface as a migration target.
It's now possible to migrate printers|shares|files from Server A to
Server B while running the net-command on client C.
Guenther
(This used to be commit 0cfd2866dfe5e959ede169a77c39480790300de3)
|
|
It's now possible to migrate files preserving dos-attributes and correct
timestamps. Also added some small docu- and syntax-fixes.
Guenther
(This used to be commit 0e990582a0416933a8671ca660d22e980f828402)
|
|
a system
call, and gcc -Wall complains about a shadowed definition.
Volker
(This used to be commit 9a2fd67037769b5cbb10edd024f6d98c610bf875)
|
|
* add IA64 to the architecture table of printer-drivers
* add new "net"-subcommands:
net rpc printer migrate {drivers|printers|forms|security|settings|all}
[printer]
net rpc share migrate {shares|files|all} [share]
this is the first part of the migration suite. this will will (once
feature-complete) allow to do 1:1 server-cloning in the best possible way by
making heavy use of samba's rpc_client-functions. all migration-steps
are implemented as rpc/smb-client-calls; net communicates via rpc/smb
with two servers at the same time (a remote, source server and a
destination server that currently defaults to the local smbd). this
allows e. g. printer-driver migration including driverfiles, recursive
mirroring of file-shares including file-acls, etc. almost any migration
step can be called with a migrate-subcommand to provide more flexibility
during a migration process (at the cost of quite some redundancy :) ).
"net rpc printer migrate settings" is still in a bad condition (many
open questions that hopefully can be adressed soon).
"net rpc share migrate security" as an isolated call to just migrate
share-ACLs will be added later.
Before playing with it, make sure to use a test-server. Migration is a
serious business and this tool-set can perfectly overwrite your
existing file/print-shares.
* along with the migration functions had to make I the following
changes:
- implement setprinter level 3 client-side
- implement net_add_share level 502 client-side
- allow security descriptor to be set in setprinterdata level 2
serverside
guenther
(This used to be commit 8f1716a29b7e85baf738bc14df7dabf03762f723)
|
|
delete'.
Volker
(This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
|
|
and honours the 'netbios name' in the smb.conf.
(This used to be commit 591047c20a06cd94540b3781459c0f1b6f5baa9f)
|
|
net rpc did not inform you if no smbd is running.
I never liked the error message (!) Success! when we established a trust.
Volker
(This used to be commit 4191a434d48065a75f38752c4aa27219f36d602b)
|
|
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect. I'd like to have some feedback on the usability
of this.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
(This used to be commit eb4d4faff8c14e999f414ca5b6e8c25a558859c8)
|
|
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit 191b43159e7358541be9a3deac8c447885145442)
|
|
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
|
|
see a reason why we have so many special cases and not simply use
nt_errstr(nt_status).
Comments?
Volker
(This used to be commit ea1a5fb30357f4fe70139ff5583d09cef9fdaa62)
|
|
tells me that this should not be expanded, so I implemented
net status [sessions|shares] [parseable]
Volker
(This used to be commit 63d877c6b4786dcddf5f389842f798857be282c0)
|
|
Based on work by Ken Cross (kcross@nssolutions.com).
(This used to be commit 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a)
|
|
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
|
|
afs share -- this is an AFS share, do AFS magic things
afs username map -- We need a way to specify the cell and possibly
weird username codings for several windows domains
in the afs cell
Volker
(This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
|
|
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
|
|
Jeremy.
(This used to be commit 86ebf990431903b12ec24a4d9af00d665e828145)
|
|
Include patch to manually set the machine trust account
password (on request from jht) to mimic 2.2. behavior.
last changes before RC2 (not counting syncing the docs).
(This used to be commit ce090371449097d4e5010e1219d449db8b0ccac5)
|
|
- Make winbindd try to use kerberos for connections to DCs, so that it can
access RA=2 servers, particularly for netlogon.
- Make rpcclient follow the new flags for the NETLOGON pipe
- Make all the code that uses schannel use the centralised functions for doing so.
Andrew Bartlett
(This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf)
|
|
connections. Overrides smb.conf parameter if set.
Jeremy.
(This used to be commit 879309671df6b530e0bff69559422a417da4a307)
|
|
(This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
|
|
ability to change it by command line instead of turn-off cmdline switch
for debug messages.
It's a bit more comfortable to use now.
(This used to be commit b65fe75bec8170ad48d1ad0a9017ccc4de651eba)
|
|
(This used to be commit f005f1cf12b839f3985ab00315da63c584ce803e)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
groupmap'. The correct way to implement this stuff is via a function
table, as exampled in all the other parts of 'net'.
This also moves the idmap code into a new file. Volker, is this your
code? You might want to put your name on it.
Andrew Bartlett
(This used to be commit 477f2d9e390bb18d4f08d1cac9c981b73d628c4f)
|
|
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
|
|
from the output of 'net idmap dump'.
'net idmap dump' now also prints the USER/GROUP HWM.
Volker
(This used to be commit c0575be936572bb091a77c58361bd3a4fe9549ff)
|
|
the idmap and the SAM.
The basic idea is this: Lookup the user with GetPwnam(), and if they
exist then use that uid. This is what people expect. If the user does
not exist, try and run the right script.
This is also what people expect from previous Samba 3.0 behaviour, where
the Get_Pwnam() was at runtime.
If the idmap entry for this SID isn't valid, or isn't the right value,
modify the idmap to account for this mapping.
Also, the same logic is applied to the primary gid - if it has changed,
update the user's primary unix group.
This patch allows users to be added without a mapping - this is fine for
machine accounts, for example. I've given it a quick test against my
Win2k DC, and I *think* it's sane.
Andrew Bartlett
(This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
|
|
(This used to be commit 18f3a5efea7c60d764d5ed82f3a83e1608f8c34e)
|
|
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
|
|
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
|
|
(This used to be commit 4c7efe25c3f2336938050086ffe5f4cfe462e6f6)
|
