Age | Commit message (Collapse) | Author | Files | Lines |
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(dwatson@us.ibm.com). Yes,
that's my copyright...that's just how we have to do things at big blue.
Adds subcommand to vampire to allow data to be put into an ldif file instead
of actually writing to the passdb. See "net rpc help vampire" for usage
info. This should be added to docs as well.
(This used to be commit cb5634a305256a70daa2fcbd85d9a5459b4aeaa3)
|
|
Jeremy.
(This used to be commit a667d9e474302e888a0cc009a342da471318928c)
|
|
much straither.
copy_top_level_perms() is jra's work.
I modified the copy_top_level_perms() function to use the copy_clistate.
And I don't forget trunk.
Lars
(This used to be commit 2c68568e5232c057d4f76f4bb044c54d18272602)
|
|
dir of a share. Till now we excluded '.' and '..' in general. For the
fix the information about top or lower level dir is stored in the
copy_clistate. src and dst share are now also part of this struct and
we only pass a pointer to the struct to the functions.
This bug was found by Bill Calero of Novell. Thanks Bill!
With this checkin no new functionality was added. But the copy_clistate
already knows about a mode. Later beside the migrate an additional
report mode will be added.
This changes are coordinated with Günther <gd>.
Lars
(This used to be commit 506aaefa3716c7683eef9afe0d1bb5b6e2533c4b)
|
|
(This used to be commit 164f94e52929330bd638f19bcf3bfce50303269e)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
local netbios-alias bound to non-loopback interface as a migration target.
It's now possible to migrate printers|shares|files from Server A to
Server B while running the net-command on client C.
Guenther
(This used to be commit 0cfd2866dfe5e959ede169a77c39480790300de3)
|
|
It's now possible to migrate files preserving dos-attributes and correct
timestamps. Also added some small docu- and syntax-fixes.
Guenther
(This used to be commit 0e990582a0416933a8671ca660d22e980f828402)
|
|
* add IA64 to the architecture table of printer-drivers
* add new "net"-subcommands:
net rpc printer migrate {drivers|printers|forms|security|settings|all}
[printer]
net rpc share migrate {shares|files|all} [share]
this is the first part of the migration suite. this will will (once
feature-complete) allow to do 1:1 server-cloning in the best possible way by
making heavy use of samba's rpc_client-functions. all migration-steps
are implemented as rpc/smb-client-calls; net communicates via rpc/smb
with two servers at the same time (a remote, source server and a
destination server that currently defaults to the local smbd). this
allows e. g. printer-driver migration including driverfiles, recursive
mirroring of file-shares including file-acls, etc. almost any migration
step can be called with a migrate-subcommand to provide more flexibility
during a migration process (at the cost of quite some redundancy :) ).
"net rpc printer migrate settings" is still in a bad condition (many
open questions that hopefully can be adressed soon).
"net rpc share migrate security" as an isolated call to just migrate
share-ACLs will be added later.
Before playing with it, make sure to use a test-server. Migration is a
serious business and this tool-set can perfectly overwrite your
existing file/print-shares.
* along with the migration functions had to make I the following
changes:
- implement setprinter level 3 client-side
- implement net_add_share level 502 client-side
- allow security descriptor to be set in setprinterdata level 2
serverside
guenther
(This used to be commit 8f1716a29b7e85baf738bc14df7dabf03762f723)
|
|
delete'.
Volker
(This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
|
|
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect. I'd like to have some feedback on the usability
of this.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
(This used to be commit eb4d4faff8c14e999f414ca5b6e8c25a558859c8)
|
|
to, despite any smb.conf settings.
Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.
Andrew Bartlett
(This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
|
|
Based on work by Ken Cross (kcross@nssolutions.com).
(This used to be commit 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
* removed unused variable from rpcclient code
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 25a9681ddda47a41fac8fdc97ca50b7f4c579eaf)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit 4e3265c3c94583ac7ee48017d195ad98ecdfbc47)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
(This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
(This used to be commit 5a96391c75fd13b2fc385aa571244b82bc4736d0)
|
|
PDC, as well as changes for correctness as per tridge.
Andrew Bartlett
(This used to be commit 16d302c5cc0da93a58e0ce10843f9c8d8062c689)
|
|
Andrew Bartlett
(This used to be commit 8dbd9702d829eaefcdab8e3f8a4750befa884234)
|