Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Guenther
|
|
|
|
W2K3 DC's can have IPv6 addresses but won't serve
krb5/ldap or cldap on those addresses. Make sure when
we're asking for DC's we prefer IPv4.
If you have an IPv6-only network this prioritizing code
will be a no-op. And if you have a mixed network then you
need to prioritize IPv4 due to W2K3 DC's.
Jeremy.
|
|
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and
offering an initial patch.
|
|
This reverts commit fb262f79fab00374023e59476e8d05a1015a7041
and related commits c36031778e1983ddb11d3e1fcab35e738dbf94bc
72fd5fa6bb78a054fad5e5ebe19a0c0387a7d45b and
38cd0e086f50ce54d88a19aa5a6803469af90489
This change caused more trouble than it solved. We need to do this differently.
Reverting so we don't accidently release this.
|
|
|
|
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
|
|
in net ads
|
|
This always needs to use machine account credentials.
Kai, please check.
Guenther
|
|
Attention:
The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos
net rpc commands will now prompt for a password if none is given.
As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.
This should fix bug #6357
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Guenther
|
|
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
|
|
Guenther
|
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
Jeremy.
|
|
ads->config.tried_closest_dc was never set.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
|
|
|
|
Guenther
|
|
Since it's a function it just sets the local pointer to NULL and basically
is an equivalent to free().
It also claims it's being used for callbacks but isn't used that way
anywhere.
|
|
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
(This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
|
|
Karolin
(This used to be commit 63c1a5146e25e05678d2bef95286add5c95a5f38)
|
|
Guenther
(cherry picked from commit 1a22e975dd1255f3557c1cd873d877aa35822afc)
(This used to be commit ad8392cf7c817ee29a03bc6f515bf1cc18a29eda)
|
|
Thanks to Karolin for catching this one.
(This used to be commit 7f52998f5461ed7d976faa2254464336dcf73c02)
|
|
(This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07)
|
|
(This used to be commit 64e3dc63966ecf216b354263e4bd5dfd1491abcc)
|
|
Guenther
(This used to be commit 420390ba0ef6b45f18a8fd37974b1fbee0bd1502)
|
|
(This used to be commit f7d0903a58b0b0fc248a613937a101f15baa5311)
|
|
(This used to be commit 3ddd9c09e3b51df01ac34a9a1537e8954d2b1167)
|
|
(This used to be commit 4ca08a5acc90c77d56f8f3e38443f23f43f034e8)
|
|
(This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a)
|
|
Needed fix for the DNS Update option as part of "net ads join"
(This used to be commit aebae0b71b427838fdc6344d69d6dea87a5dd58b)
|
|
(This used to be commit 6c9500c290fe0d6d71d4c33eb265906ce3a1d9f3)
|
|
(This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e)
|
|
Guenther
(This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
|
|
Guenther
(This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
|
|
Guenther
(This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
|
|
Guenther
(This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
|
|
Guenther
(This used to be commit 70b7b331d9e2d915e6209fca5900f41fae4866fd)
|
|
Thanks obnox, now we can net ads join and net ads leave with zero
configuration changes if "config backend = registry".
Guenther
(This used to be commit 9003881773de787a51ceadcdc2cb1e95f6979763)
|
|
Guenther
(This used to be commit 53735edcbb059e73c51ae17d4ff75d2a4dee53e5)
|
|
Guenther
(This used to be commit 8331fbe735e2bec386ab8fc1645dc371d45d3063)
|
|
Guenther
(This used to be commit 9176057986be63c7ebebb56f7daabbc3883802c5)
|