Age | Commit message (Collapse) | Author | Files | Lines |
|
(adapt to the new UPN/SPN scheme).
Guenther
(This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
|
|
Guenther
(This used to be commit 741602e03ad2404d4e38e55b9e5fd20b85fd205d)
|
|
(since removal implies greater permissions that Windows clients require)
(This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)
|
|
the machine creds (just like WinXP)
(This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5)
|
|
flags on the setuserinfo(), not the createuser info call
(This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)
|
|
(This used to be commit 00c795e3660a65419e707706abf48916dcd7f850)
|
|
Re-add the capability to specify an OU in which to create
the machine account. Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
|
|
* replace printf to stderr with DEBUG statements as they get printed in
daemons
* "net ads lookup" return code
Guenther
(This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
(This used to be commit f21adc04f745a966dbe6ef0b4ffd9729afa3fa78)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
objectClass which is not indexed on AD) in LDAP queries.
Guenther
(This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
|
|
(How did that get in there ?).
Jeremy
(This used to be commit 780b71d300da71acc8b4f0fe10c1ae78c71e23c4)
|
|
sid"); works in all AD versions I tested. Also add "net ads sid" search
tool.
Guenther
(This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
|
|
Guenther
(This used to be commit ba81b508caa4ab21a04d142f3621e43a55e859cf)
|
|
this is
sufficient to fix bug #3659.
Volker
(This used to be commit 0ef5e4372c45a60d66a902a6dbca58ae98529358)
|
|
(This used to be commit a6e88785e7116c1a88e1bfdfa2afadecd501bfb0)
|
|
Guenther
(This used to be commit 22b687589785051eca16a868e3475f066b647ea7)
|
|
Jeremy.
(This used to be commit 75be5c17bc74c86219c7cac749b52b7d43abb780)
|
|
Guenther
(This used to be commit d17712f9761589115e976e2240498396f36838ee)
|
|
(This used to be commit db00570535c03360bb2833f070878a33e94306b0)
|
|
All 'usage' messages are still printed to stdout.
Fix some compiler warnings for system() calls where we didn't used the
return code. Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Guenther
(This used to be commit afa8ae831a8d9cde8c6474c5fc807a9ca8155273)
|
|
version to 3.0.20pre1
(This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
|
|
(This used to be commit 81c1ac255ebf0adf3bdb96b077a34dcfab1812cf)
|
|
Volker
(This used to be commit 913c06ad3e752f2b185faa411d90a2f7aaf42291)
|
|
guard for disp_fields[0].
Jeremy.
(This used to be commit ee45f4b17e4131a9e0779046c49b24d1e35256d8)
|
|
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
|
|
"qualifiers". The
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
|
|
'disable netbios = yes'
(This used to be commit 77734120d30c64941e2046574c81653c5bca4220)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
Jeremy.
(This used to be commit b356a8fdc5a1ac45f2f7f56a0836e794bdecddc6)
|
|
Jeremy.
(This used to be commit 0f3f7b035b37bfc51d3a59d0472003c3d4ac1511)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).
This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.
Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.
Guenther
(This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
|
|
Guenther
(This used to be commit 4886d6663d7479978e2c395602392accb5939fa0)
|
|
contacting an ADS server fails. This allows net ads lookup to work with clapd (very useful for testing).
from aliguori@us.ibm.com
(This used to be commit edb4e940b45cbb06a93004b15fc45a7a45a42498)
|
|
in libadskerberos_keyatb.c
(This used to be commit 837f56ec8bc171497fb84d332002776313c26305)
|
|
Jeremy.
(This used to be commit 464d2e90480c676688a851a141aabddf992e0b0e)
|
|
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
|
|
<dperry@pppl.gov>,
fixed valgrind detected mem corruption in libads/kerberos_keytab.c.
Jeremy.
(This used to be commit 286f4c809cb1532b3f8ae7ddf92349c68cc8ce31)
|
|
(This used to be commit cc9765ce97b65bb7a6cd44e847a690d3fbe9d032)
|
|
(This used to be commit d7b6298b9e4e7f83deaa2c6f3d711c390ff9cefd)
|
|
This adds the ability to specify the new user password for 'net ads password'
on the command line. As this needs the admin password on the command line, the
information leak is minimally more.
Patch from gd@suse.de
Volker
(This used to be commit e6b4b956f68bfea69b2de3608b4c829250d24a7a)
|
|
Volker
(This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62)
|
|
Based on work by Ken Cross (kcross@nssolutions.com).
(This used to be commit 8ef7ac22ef1a60dca0a2d01dc6ff4ba14bc1549a)
|
|
smb.conf
Fixes to ensure we work with disable netbios = yes
(This used to be commit 3913e43724870c62a0d77ec3e73cbe9480cb6247)
|
|
Also make sure thet ads_startup uses lp_realm instead of
just relying on the workgroup name. Fixes bug in net ads join
when the workgroup defaults to "WORKGROUP" and we ignore the
realm name.
(This used to be commit b1763ace4e85f41574894e3807cabb5196fec661)
|
|
- Make winbindd try to use kerberos for connections to DCs, so that it can
access RA=2 servers, particularly for netlogon.
- Make rpcclient follow the new flags for the NETLOGON pipe
- Make all the code that uses schannel use the centralised functions for doing so.
Andrew Bartlett
(This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf)
|