Age | Commit message (Collapse) | Author | Files | Lines |
|
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
|
|
in net ads
|
|
This always needs to use machine account credentials.
Kai, please check.
Guenther
|
|
Attention:
The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos
net rpc commands will now prompt for a password if none is given.
As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.
This should fix bug #6357
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Guenther
|
|
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
|
|
Guenther
|
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
Jeremy.
|
|
ads->config.tried_closest_dc was never set.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit dfe5b00db35e1e7c7bb3ba36729fc3f97eb48db3)
|
|
|
|
Guenther
|
|
Since it's a function it just sets the local pointer to NULL and basically
is an equivalent to free().
It also claims it's being used for callbacks but isn't used that way
anywhere.
|
|
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
(This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
|
|
Karolin
(This used to be commit 63c1a5146e25e05678d2bef95286add5c95a5f38)
|
|
Guenther
(cherry picked from commit 1a22e975dd1255f3557c1cd873d877aa35822afc)
(This used to be commit ad8392cf7c817ee29a03bc6f515bf1cc18a29eda)
|
|
Thanks to Karolin for catching this one.
(This used to be commit 7f52998f5461ed7d976faa2254464336dcf73c02)
|
|
(This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07)
|
|
(This used to be commit 64e3dc63966ecf216b354263e4bd5dfd1491abcc)
|
|
Guenther
(This used to be commit 420390ba0ef6b45f18a8fd37974b1fbee0bd1502)
|
|
(This used to be commit f7d0903a58b0b0fc248a613937a101f15baa5311)
|
|
(This used to be commit 3ddd9c09e3b51df01ac34a9a1537e8954d2b1167)
|
|
(This used to be commit 4ca08a5acc90c77d56f8f3e38443f23f43f034e8)
|
|
(This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a)
|
|
Needed fix for the DNS Update option as part of "net ads join"
(This used to be commit aebae0b71b427838fdc6344d69d6dea87a5dd58b)
|
|
(This used to be commit 6c9500c290fe0d6d71d4c33eb265906ce3a1d9f3)
|
|
(This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e)
|
|
Guenther
(This used to be commit 6f9d5e1cc94bc90685b54c04622b8f3357bd2f69)
|
|
Guenther
(This used to be commit 538eefe22ad69540b9f73ffaa613d6be045de199)
|
|
Guenther
(This used to be commit 4cee7b1bd5cd97c414b73d6f39238958480cdcf3)
|
|
Guenther
(This used to be commit 751f3064a508341c0ebae45e8de9f5311d915d70)
|
|
Guenther
(This used to be commit 70b7b331d9e2d915e6209fca5900f41fae4866fd)
|
|
Thanks obnox, now we can net ads join and net ads leave with zero
configuration changes if "config backend = registry".
Guenther
(This used to be commit 9003881773de787a51ceadcdc2cb1e95f6979763)
|
|
Guenther
(This used to be commit 53735edcbb059e73c51ae17d4ff75d2a4dee53e5)
|
|
Guenther
(This used to be commit 8331fbe735e2bec386ab8fc1645dc371d45d3063)
|
|
Guenther
(This used to be commit 9176057986be63c7ebebb56f7daabbc3883802c5)
|
|
Guenther
(This used to be commit 0a6a5d082426ca82accf18fffa7740683a42cac1)
|
|
(This used to be commit 45677e8694f0e383baa65712faec6a565ec0ce5c)
|
|
The gen_ndr needs proper fixing still.
Guenther
(This used to be commit 966d7244d7765d285a7026b97e6093fd1f8d83ce)
|
|
Guenther
(This used to be commit 8cd07c1fa8f435f7ff3dc79c195da9324fb2452f)
|
|
Jerry, I checked this very carefully that nothing got lost. The only thing I need to
re-add still is the normalized DN handling for account precreation in "net ads join".
Guenther
(This used to be commit a5c6347644f2aa138a8e67ffe6c167847df941d0)
|
|
Guenther
(This used to be commit 735235e32bf41a7564ce2d585c1dae187b00bf6b)
|
|
Guenther
(This used to be commit 9a7a2777e4ea1a2b5d7c800af8522b38cf22c511)
|