summaryrefslogtreecommitdiff
path: root/source3/utils/net_ads.c
AgeCommit message (Collapse)AuthorFilesLines
2009-11-06s3-net: better use memory credential cache in net_ads_kerberos_pac().Günther Deschner1-1/+1
Guenther
2009-11-06s3-net: allow to call "net ads kerberos pac <impersonation principal> -P".Günther Deschner1-1/+7
Guenther
2009-07-29s3 net: i18n support for net adsKai Blin1-378/+389
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-1/+1
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-07-27s3: net ads user info should print primary group as well (bug #2658)Kai Blin1-15/+57
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and offering an initial patch.
2009-07-22Revert "net: Use samba default command line arguments."Kai Blin1-42/+41
This reverts commit fb262f79fab00374023e59476e8d05a1015a7041 and related commits c36031778e1983ddb11d3e1fcab35e738dbf94bc 72fd5fa6bb78a054fad5e5ebe19a0c0387a7d45b and 38cd0e086f50ce54d88a19aa5a6803469af90489 This change caused more trouble than it solved. We need to do this differently. Reverting so we don't accidently release this.
2009-07-09Make escape_ldap_string take a talloc contextVolker Lendecke1-5/+5
2009-06-19Don't require "Modify property" perms to unjoin bug #6481)Jim McDonough1-2/+9
"net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well.
2009-06-09net: Only use the in memory ccache when not already using a kerberos ticket ↵Kai Blin1-1/+2
in net ads
2009-06-09s3-net: fix "net ads testjoin".Günther Deschner1-0/+1
This always needs to use machine account credentials. Kai, please check. Guenther
2009-05-25net: Use samba default command line arguments.Kai Blin1-41/+40
Attention: The meaning of the -N flag changed. To get the old meaning for net groupmap set, use the long option --ntname The long option for using kerberos changed from --kerberos to --use-kerberos net rpc commands will now prompt for a password if none is given. As a benefit, net will now accept an authentication file like other samba command line tools. So no need to specify the password on the command line in scripts anymore. This should fix bug #6357 Signed-off-by: Kai Blin <kai@samba.org>
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner1-4/+4
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-8/+8
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-18s3-spoolss: remove custom syntax_spoolss and use the syntax defined in IDL.Günther Deschner1-1/+1
Guenther
2009-02-10S3: Fixes for coverity issues.todd stecher1-1/+9
2009-02-03s3-net: fix warning message for keytab usage.Günther Deschner1-2/+2
Guenther
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-4/+4
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2008-12-31Fix all warnings in source3 with gcc4.3.Jeremy Allison1-7/+28
Jeremy.
2008-12-13s3: correctly detect if the current dc is the closest oneStefan Metzmacher1-1/+1
ads->config.tried_closest_dc was never set. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
2008-10-23Use common error definitions.Jelmer Vernooij1-1/+1
2008-10-20s3-build: no need to duplicate generated ndr_ prototypes.Günther Deschner1-0/+1
Guenther
2008-10-19Remove silly safe_free() function which is a wrapper around SAFE_FREE().Jelmer Vernooij1-2/+2
Since it's a function it just sets the local pointer to NULL and basically is an equivalent to free(). It also claims it's being used for callbacks but isn't used that way anywhere.
2008-10-14Use GUID_string rather than smb_uuid_string().Jelmer Vernooij1-1/+1
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-1/+2
2008-09-25s3-nbt: remove double nbt netlogon opcodes.Günther Deschner1-4/+4
Guenther
2008-09-24s3-nbt: use the new generated nbt.Günther Deschner1-4/+4
Guenther
2008-08-11libnetjoin: support kerberized joining/unjoing (fix #5416).Günther Deschner1-2/+8
Guenther (This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-2/+2
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-06-24net ads: Fix typos.Karolin Seeger1-2/+2
Karolin (This used to be commit 63c1a5146e25e05678d2bef95286add5c95a5f38)
2008-06-13net: Fix bug #5542 (samsync contains empty passwords).Günther Deschner1-2/+0
Guenther (cherry picked from commit 1a22e975dd1255f3557c1cd873d877aa35822afc) (This used to be commit ad8392cf7c817ee29a03bc6f515bf1cc18a29eda)
2008-06-12net: Fix net_ads.c build for the HAVE_ADS == 0 case.Kai Blin1-1/+1
Thanks to Karolin for catching this one. (This used to be commit 7f52998f5461ed7d976faa2254464336dcf73c02)
2008-06-10net: Rename functable3 to functable, get rid of old functablesKai Blin1-14/+14
(This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07)
2008-06-10net: Make "net ads" use functable3Kai Blin1-214/+512
(This used to be commit 64e3dc63966ecf216b354263e4bd5dfd1491abcc)
2008-06-04net: print NBT_SERVER_X_SECRET_DOMAIN_6 flags in "net ads lookup".Günther Deschner1-2/+7
Guenther (This used to be commit 420390ba0ef6b45f18a8fd37974b1fbee0bd1502)
2008-05-20net: The top level help function for net cmd is always net_cmd_usageKai Blin1-4/+4
(This used to be commit f7d0903a58b0b0fc248a613937a101f15baa5311)
2008-05-20net: Split out "net group"Kai Blin1-1/+1
(This used to be commit 3ddd9c09e3b51df01ac34a9a1537e8954d2b1167)
2008-05-20net: Split out "net user"Kai Blin1-1/+1
(This used to be commit 4ca08a5acc90c77d56f8f3e38443f23f43f034e8)
2008-05-20net: Use true/false instead of True/False.Kai Blin1-13/+13
(This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a)
2008-05-12net ads: Upper case he realm name when calling kinit() using machine creds.coffeedude1-0/+1
Needed fix for the DNS Update option as part of "net ads join" (This used to be commit aebae0b71b427838fdc6344d69d6dea87a5dd58b)
2008-05-10Fix the build with DNS_UPDATESVolker Lendecke1-1/+1
(This used to be commit 6c9500c290fe0d6d71d4c33eb265906ce3a1d9f3)
2008-05-10net: Remove globalsKai Blin1-175/+176
(This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e)
2008-05-09cldap: let ads_cldap_netlogon() return all possible cldap replies.Günther Deschner1-2/+2
Guenther (This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
2008-04-21cldap: avoid duplicate definitions so remove ads_cldap.h.Günther Deschner1-10/+10
Guenther (This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
2008-04-21cldap: add talloc context to ads_cldap_netlogon().Günther Deschner1-2/+2
Guenther (This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
2008-04-21libads: Use libnbt for CLDAP reply parsing.Günther Deschner1-24/+21
Guenther (This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
2008-04-17net: Be more tolerant while joining.Günther Deschner1-4/+9
Guenther (This used to be commit 70b7b331d9e2d915e6209fca5900f41fae4866fd)
2008-04-14libnetjoin/net: Fix lp_config_backend_is_registry() handling.Günther Deschner1-6/+12
Thanks obnox, now we can net ads join and net ads leave with zero configuration changes if "config backend = registry". Guenther (This used to be commit 9003881773de787a51ceadcdc2cb1e95f6979763)
2008-04-14net: abort when lp_realm is not set in net_ads_leave().Günther Deschner1-0/+5
Guenther (This used to be commit 53735edcbb059e73c51ae17d4ff75d2a4dee53e5)
2008-04-14net: exit early in net_ads_join() if the domain is not set.Günther Deschner1-0/+6
Guenther (This used to be commit 8331fbe735e2bec386ab8fc1645dc371d45d3063)
2008-04-14net: use WERROR for check_ads_config().Günther Deschner1-9/+7
Guenther (This used to be commit 9176057986be63c7ebebb56f7daabbc3883802c5)