summaryrefslogtreecommitdiff
path: root/source3/utils/net_ads.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r16115: Make "net ads changetrustpw" work again.Günther Deschner1-4/+4
(adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
2007-10-10r15703: Fix d_printf call.Günther Deschner1-1/+1
Guenther (This used to be commit 741602e03ad2404d4e38e55b9e5fd20b85fd205d)
2007-10-10r15701: change 'net ads leave' to disable the machine account in the domain ↵Gerald Carter1-212/+55
(since removal implies greater permissions that Windows clients require) (This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)
2007-10-10r15680: use the user creds when calling net_set_machine_spn() rather than ↵Gerald Carter1-64/+15
the machine creds (just like WinXP) (This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5)
2007-10-10r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb ↵Gerald Carter1-7/+9
flags on the setuserinfo(), not the createuser info call (This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)
2007-10-10r15561: Should re-fix older systems without RC4-HMAC supportGerald Carter1-15/+6
(This used to be commit 00c795e3660a65419e707706abf48916dcd7f850)
2007-10-10r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....Gerald Carter1-5/+71
Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. (This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
2007-10-10r15559: Smaller fixes for the new cldap code:Günther Deschner1-2/+1
* replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-119/+550
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r15471: Clarify error messageVolker Lendecke1-2/+2
(This used to be commit f21adc04f745a966dbe6ef0b4ffd9729afa3fa78)
2007-10-10r15462: replace the use of OpenLDAP's ldap_domain2hostlist() forGerald Carter1-1/+5
locating AD DC's with out own DNS SRV queries. Testing on Linux and Solaris. (This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
2007-10-10r15460: Prefer to use the indexed objectCategory attribute (instead ofGünther Deschner1-2/+2
objectClass which is not indexed on AD) in LDAP queries. Guenther (This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
2007-10-10r15336: Unknown escape sequence: '\305' - should have been '\n'.Jeremy Allison1-1/+1
(How did that get in there ?). Jeremy (This used to be commit 780b71d300da71acc8b4f0fe10c1ae78c71e23c4)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-0/+68
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett.Günther Deschner1-3/+2
Guenther (This used to be commit ba81b508caa4ab21a04d142f3621e43a55e859cf)
2007-10-10r15137: Refuse to join if our netbios name is longer than 15 chars. I think ↵Volker Lendecke1-0/+6
this is sufficient to fix bug #3659. Volker (This used to be commit 0ef5e4372c45a60d66a902a6dbca58ae98529358)
2007-10-10r15136: Fix join consistency checkVolker Lendecke1-1/+1
(This used to be commit a6e88785e7116c1a88e1bfdfa2afadecd501bfb0)
2007-10-10r15123: Don't even try to join with an inproper configuration.Günther Deschner1-0/+7
Guenther (This used to be commit 22b687589785051eca16a868e3475f066b647ea7)
2007-10-10r14831: Fix possible null deref. Coverity #279.Jeremy Allison1-0/+7
Jeremy. (This used to be commit 75be5c17bc74c86219c7cac749b52b7d43abb780)
2007-10-10r14757: Make sure we only send out a CLDAP request to an connected AD server.Günther Deschner1-4/+6
Guenther (This used to be commit d17712f9761589115e976e2240498396f36838ee)
2007-10-10r14099: Fix Coverity # 113Volker Lendecke1-6/+8
(This used to be commit db00570535c03360bb2833f070878a33e94306b0)
2007-10-10r12986: Use d_fprintf(stderr, ...) for any error message in net.Lars Müller1-44/+44
All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-3/+6
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8675: fix some compile warnings.Günther Deschner1-1/+1
Guenther (This used to be commit afa8ae831a8d9cde8c6474c5fc807a9ca8155273)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-5/+5
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6940: fixing debug messagesGerald Carter1-3/+3
(This used to be commit 81c1ac255ebf0adf3bdb96b077a34dcfab1812cf)
2007-10-10r6900: Fix bug 2725. Thanks, John, for finding it.Volker Lendecke1-1/+3
Volker (This used to be commit 913c06ad3e752f2b185faa411d90a2f7aaf42291)
2007-10-10r6834: Fix bug #2703, found by John Antonishek <ant@nist.gov>. Add NULLJeremy Allison1-6/+8
guard for disp_fields[0]. Jeremy. (This used to be commit ee45f4b17e4131a9e0779046c49b24d1e35256d8)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-2/+2
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r6127: Eliminated all compiler warnings pertaining to mismatched ↵Derrell Lipman1-1/+1
"qualifiers". The whole of samba comiles warning-free with the default compiler flags. Temporarily defined -Wall to locate other potential problems. Found an unused static function (#ifdefed out rather than deleted, in case it's needed for something in progress). There are also a number of uses of undeclared functions, mostly krb5_*. Files with these problems need to have appropriate header files included, but they are not fixed in this update. oplock_linux.c.c has undefined functions capget() and capset(), which need to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>, but that could potentially have other side effects, so that remains uncorrected as well. The flag -Wall should be added permanently to CFLAGS, and all warnings then generated should be eliminated. (This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
2007-10-10r5955: BUG 2517: use the realm from smb.conf for 'net ads info' when ↵Gerald Carter1-1/+6
'disable netbios = yes' (This used to be commit 77734120d30c64941e2046574c81653c5bca4220)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3492: Fixes from testing kerberos salted principal fix.Jeremy Allison1-0/+14
Jeremy. (This used to be commit b356a8fdc5a1ac45f2f7f56a0836e794bdecddc6)
2007-10-10r3273: Ensure we're consistent in the use of strchr_m for '@'.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 0f3f7b035b37bfc51d3a59d0472003c3d4ac1511)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter1-1/+1
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2007-10-10r2832: Readd WKGUID-binding to match the correct default-locations of newGünther Deschner1-2/+10
User-, Group- and Machine-Accounts in Active Directory (this got lost during the last trunk-merge). This way we match e.g. default containers moved by redircmp.exe and redirusr.exe in Windows 2003 and don't blindly default to cn=Users or cn=Computers. Further wkguids can be examied via "net ads search wellknownobjects=*". This should still keep a samba3-client joining a samba4 dc. Fixes Bugzilla #1343. Guenther (This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
2007-10-10r2746: Fix typos in net's usage-output.Günther Deschner1-1/+1
Guenther (This used to be commit 4886d6663d7479978e2c395602392accb5939fa0)
2007-10-10r1750: This patch allows net ads lookup to rely on command line arguments if ↵Jim McDonough1-1/+4
contacting an ADS server fails. This allows net ads lookup to work with clapd (very useful for testing). from aliguori@us.ibm.com (This used to be commit edb4e940b45cbb06a93004b15fc45a7a45a42498)
2007-10-10r1399: applying heimdal krb5 fixes from Guenther and fixing compile warnings ↵Gerald Carter1-5/+5
in libadskerberos_keyatb.c (This used to be commit 837f56ec8bc171497fb84d332002776313c26305)
2007-10-10r1240: Ensure we don't shadow Heimdal globals.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 464d2e90480c676688a851a141aabddf992e0b0e)
2007-10-10r1222: Valgrind memory leak fixes. Still tracking down a strange one...Jeremy Allison1-41/+123
Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
2007-10-10r1221: Added the last of the system keytab patch from "Dan Perry" ↵Jeremy Allison1-93/+194
<dperry@pppl.gov>, fixed valgrind detected mem corruption in libads/kerberos_keytab.c. Jeremy. (This used to be commit 286f4c809cb1532b3f8ae7ddf92349c68cc8ce31)
2004-03-14Use possessive in message asking for user's password.Tim Potter1-1/+1
(This used to be commit cc9765ce97b65bb7a6cd44e847a690d3fbe9d032)
2004-01-12fixing compile problems due to my recent ads.h changesGerald Carter1-1/+1
(This used to be commit d7b6298b9e4e7f83deaa2c6f3d711c390ff9cefd)
2003-12-26Collecting some minor patches...Volker Lendecke1-8/+10
This adds the ability to specify the new user password for 'net ads password' on the command line. As this needs the admin password on the command line, the information leak is minimally more. Patch from gd@suse.de Volker (This used to be commit e6b4b956f68bfea69b2de3608b4c829250d24a7a)
2003-11-26Get rid of a const warningVolker Lendecke1-2/+2
Volker (This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62)
2003-10-23Fix bug 451. Stop net -P from prompting for machine account password.Jim McDonough1-1/+1
Based on work by Ken Cross (kcross@nssolutions.com). (This used to be commit 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a)
2003-09-05fixes for ads domain membership when only the realm is defined inGerald Carter1-2/+41
smb.conf Fixes to ensure we work with disable netbios = yes (This used to be commit 3913e43724870c62a0d77ec3e73cbe9480cb6247)
2003-09-04Check in Andrew's fix for bug #305 (always use lp_realm() )Gerald Carter1-2/+7
Also make sure thet ads_startup uses lp_realm instead of just relying on the workgroup name. Fixes bug in net ads join when the workgroup defaults to "WORKGROUP" and we ignore the realm name. (This used to be commit b1763ace4e85f41574894e3807cabb5196fec661)
2003-08-19 - Make 'net' use a single funciton for setting the 'use machine account' code.Andrew Bartlett1-16/+23
- Make winbindd try to use kerberos for connections to DCs, so that it can access RA=2 servers, particularly for netlogon. - Make rpcclient follow the new flags for the NETLOGON pipe - Make all the code that uses schannel use the centralised functions for doing so. Andrew Bartlett (This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf)