Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit cc4599fdc1fb9aa51f6a4487cb1aa78a5556757a)
|
|
(This used to be commit f1f4758e2c40a470c19b4b738f79ec5807522909)
|
|
error propagation.
Michael
(This used to be commit 5a16da2185f07d1f48fabd93a7a6b8f2d6b91089)
|
|
s/net_use_upn_machine_account/net_use_krb_machine_account/
rafal
(This used to be commit 86af9fedad71697f22cc739518340f7753b8f9da)
|
|
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
(This used to be commit 30d99d8ac3379caadc5bdb353977149d1ee16403)
|
|
Guenther
(This used to be commit e70bf0ecc3ec6d3ba8ba384024bbdf9a783072ea)
|
|
(This used to be commit 6e6eea64a5f770a585487734b1d0c28746bf5550)
|
|
renew,
pac).
Guenther
(This used to be commit 4cada7c1485c9957e553d6e75cb6f30f4338489f)
|
|
Guenther
(This used to be commit 7e2fb14d6e4f58fe6645b7e7468f925c21cb4c9d)
|
|
substructure.
metze
(This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
|
|
callback in
libads.
Guenther
(This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
net ads keytab list /path/to/krb5.keytab
Guenther
(This used to be commit a2befee3f240543ea02ea99cebad886b54ae64eb)
|
|
(This used to be commit 9b8df24107ffe3016031e5257c5680689f061886)
|
|
patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
|
|
from Dnailo A.)
(This used to be commit 3f588e0b65433176f8f80312c1456836717cf6de)
|
|
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e593e6659a618de66f659f579e71c07f7)
|
|
Guenther
(This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
|
|
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
(This used to be commit 5035778ae4b3a5e445faa535c5caf00bc8d220d8)
|
|
Patch from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
(This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
|
|
Coverity finds them :-)
Jeremy.
(This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
|
|
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
|
|
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
|
|
(This used to be commit ff8f27108d247aa9e46176f2b29fc8d2da103906)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
* Fix DNS updates for multi-homed hosts
* Child domains often don't have an NS record in
DNS so we have to fall back to looking up the the NS
records for the forest root.
* Fix compile warning caused by mismatched 'struct in_addr'
and 'in_addr_t' parameters called to DoDNSUpdate()
(This used to be commit 3486acd3c3ebefae8f98dcc72d1c3d6b06fffcc7)
|
|
and properly use backslashes in "net ads join computername="
(This used to be commit cc26e2f9a155529b8ac2122bd2bec401bb516264)
|
|
Volker
(This used to be commit 55dc4741cfead0f21deb7ea2d28afb240505686b)
|
|
(http://www.centeris.com/) under my copyright.
* Rework error reporting to use DNS_ERROR instead
of int32
* Convert memory allocation to use talloc()
* Generalize the DNS request/response packet marshalling
* Fix the secure update requests
(This used to be commit c78798333616c3f823514df0f58da2eb3a30a988)
|
|
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
|
|
Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
|
|
along with some memleaks.
Guenther
(This used to be commit 4bad52c5b3a983418d4216a2c3f5e04926e37e94)
|
|
Guenther
(This used to be commit 08db3d3b04d91238b739e88e817bd3f800b768ee)
|
|
Guenther
(This used to be commit 94ed3e9de8671d677451d2a16977caeeb7e744d1)
|
|
Guenther
(This used to be commit a20e7c0315f9a06ce2139f99d035b409b066d722)
|
|
we can't find a domain controller at all.
Guenther
(This used to be commit e691ae7da3620a7d4c0e0b1217aaae44db0b8db3)
|
|
his patch fit SAMBA_3_0. (This is guenthers code). Make
site support work correctly in net ads join.
Jeremy.
(This used to be commit 47352b5398e67eb8f4f383dafce31c922626ae99)
|
|
does not exist.
Guenther
(This used to be commit 359315021df3a4dbfe5142e529e3efdbc49e405c)
|
|
For those who are interested, try
net ads gpo refresh mybox$
to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache.
Detailed information about GPOs is currently only printed when setting a
higher debuglevel then 0.
Guenther
(This used to be commit d086babf9d2592f041cc35db3d60b4452ea953f5)
|
|
Guenther
(This used to be commit 927cda5d31e9cb02105df3cfc06f5cb273233747)
|
|
disabled. Cope with both - print appropriate messages.
Jeremy.
(This used to be commit 2c003a4463ff59c477fa2558f869444cfa75e3a8)
|
|
a non-fatal error path if the 'disable machine
account' code succeeded.
Jeremy.
(This used to be commit f47bffa21ec1caf5ec3a6ec77af801df0b63d83a)
|
|
in AD.
Guenther
(This used to be commit 1bb29acb3bf40afdb5bc196ab7dbc642e2fdd680)
|
|
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.
Volker
(This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
|
|
Jeremy.
(This used to be commit b8cedcac933fef9370bd42d1ff7c35c5c27103d1)
|
|
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
|
|
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.
It's still got some warts, but non-secure updates do
currently work. There are at least four things left to
really clean up.
1. Change the memory management to use talloc() rather than
malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
(and under the LGPL).
A few notes:
* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
issues.
(This used to be commit 36f04674aeefd93c5a0408b8967dcd48b86fdbc1)
|
|
Thanks to Michael Adam <ma@sernet.de>
hop, hop, hop... ;-)
Volker
(This used to be commit 47facab798bdc6e20b2620972f1b8f2338fac239)
|
|
net_ads_join.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 27cca861507afa9caf694ef89e543c86de01c2cd)
|