Age | Commit message (Collapse) | Author | Files | Lines |
|
It's now possible to migrate files preserving dos-attributes and correct
timestamps. Also added some small docu- and syntax-fixes.
Guenther
(This used to be commit 0e990582a0416933a8671ca660d22e980f828402)
|
|
* add IA64 to the architecture table of printer-drivers
* add new "net"-subcommands:
net rpc printer migrate {drivers|printers|forms|security|settings|all}
[printer]
net rpc share migrate {shares|files|all} [share]
this is the first part of the migration suite. this will will (once
feature-complete) allow to do 1:1 server-cloning in the best possible way by
making heavy use of samba's rpc_client-functions. all migration-steps
are implemented as rpc/smb-client-calls; net communicates via rpc/smb
with two servers at the same time (a remote, source server and a
destination server that currently defaults to the local smbd). this
allows e. g. printer-driver migration including driverfiles, recursive
mirroring of file-shares including file-acls, etc. almost any migration
step can be called with a migrate-subcommand to provide more flexibility
during a migration process (at the cost of quite some redundancy :) ).
"net rpc printer migrate settings" is still in a bad condition (many
open questions that hopefully can be adressed soon).
"net rpc share migrate security" as an isolated call to just migrate
share-ACLs will be added later.
Before playing with it, make sure to use a test-server. Migration is a
serious business and this tool-set can perfectly overwrite your
existing file/print-shares.
* along with the migration functions had to make I the following
changes:
- implement setprinter level 3 client-side
- implement net_add_share level 502 client-side
- allow security descriptor to be set in setprinterdata level 2
serverside
guenther
(This used to be commit 8f1716a29b7e85baf738bc14df7dabf03762f723)
|
|
Volker
(This used to be commit 9ceff803278bdbc09cb5ab678a108cea24ab49a9)
|
|
account_control
field with indiviual bits what to retrieve. Set this to 0xffff as NT4
usrmgr.exe does to get everything. I'm too lazy (sorry) to get this through to
rpc_parse/ etc.
Volker
(This used to be commit d7239c2611a62873cc9eff296c84e91198a5c552)
|
|
delete'.
Volker
(This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
|
|
net rpc did not inform you if no smbd is running.
I never liked the error message (!) Success! when we established a trust.
Volker
(This used to be commit 4191a434d48065a75f38752c4aa27219f36d602b)
|
|
(This used to be commit 3e39d157cb94928a036f0497a9e255f6dbad1771)
|
|
Volker
(This used to be commit 8ba5bdc330114efbc86c851b71c58ac91ada7f31)
|
|
srv_samr_nt.c: Correctly report that a user is not member of an alias.
Volker
(This used to be commit 540f625036871e7facd094fce49d7317f65f4ffd)
|
|
something not a group.
Volker
(This used to be commit 73f26de5c0b6a6b9b78c22016986f3106bce7bfa)
|
|
Volker
(This used to be commit e597420421e085b17dcdc062c5900518d0d4e685)
|
|
set of groups.
Volker
(This used to be commit e77fe4a77a6b0b8d92014edb073b36d01a1a5169)
|
|
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
|
|
Volker
(This used to be commit d713e76a24583acaffa0be67838e7629b980ff29)
|
|
Volker
(This used to be commit 99f03a641e4fd75c3bafb8bd153687743317a3dc)
|
|
fixes for 'net share'
(This used to be commit 44db163b3001d8dc50b64bac7fd12be1147e14b7)
|
|
Volker
(This used to be commit 90fabe6ec004ab95739100b6cd5b7cbd87e67e24)
|
|
to, despite any smb.conf settings.
Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.
Andrew Bartlett
(This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
|
|
Andrew Bartlett
(This used to be commit 4c7d6b9be393f1f5697afe0671f15651ac6282f3)
|
|
This adds the very simple 'admin set password' capability to 'net rpc',
much as we have it for 'net ads'.
Andrew Bartlett
(This used to be commit ced7fb55276f3d21d69b85b40d3f64c5e790bcc9)
|
|
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
|
|
(This used to be commit 413ed77142377351a0ed1c6cf800a14809e56e9c)
|
|
initialized.
Also split out the oldstyle join into a new fn, allowing us to call it
with no failure message from net rpc join, but displaying a failure message
when used with net rpc oldjoin.
(This used to be commit 07d6ed4343d7a2575dc974bfbc498b14784b2dc1)
|
|
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
(This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
|
|
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name->sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
|
|
Volker
(This used to be commit 5d0b8280f6c4990ee3a26c310efebfa859ee21be)
|
|
the respective user databases.
Volker
(This used to be commit 39e4ee0c5be9f8d5a26b03ae17865b8e576b0b62)
|
|
Volker
(This used to be commit d5775b7106dc5d6326db89f7369d2ffd61646426)
|
|
human-readable format.
Volker
(This used to be commit 4e3a2eb8e04c3a669d94e38d81e994606fa6ef9d)
|
|
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
(server-side support to follow shortly)
Andrew Bartlett
(This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
|
|
winreg pipe if it doesn't work. Fixes bug #534.
I will go back and add the same logic for the shutdown itself, even though
that works so far against win2k (haven't tested all win clients).
(This used to be commit e660b04e8f2446bb8a6590e9afcb5ab49f90a701)
|
|
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
|
|
asking for password without a piece of error message or explanation.
rafal
(This used to be commit d46793b33577f7e77b7632b016918e3ce175c238)
|
|
rafal
(This used to be commit 836746beabda583f7d86bb7e6faa855f172a888d)
|
|
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
|
|
(This used to be commit 6ec683e24e220a40b02b203b918a0008d90264f0)
|
|
rafal
(This used to be commit 033ee6e68708f687ccd053eab4a7dac16937354b)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
Volker
(This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
|
|
Volker
(This used to be commit ec1a58d09e08583288b18747a0c82e5cf8139b63)
|
|
(This used to be commit ca2e453c7838b6d0ed2d0a45124d162073bbbf99)
|
|
PDCs running NT4SP1, NT4SP6 and Samba 3.0.
Volker
(This used to be commit 2143446043b2c29027cf69554caddf41274df709)
|
|
this world than 'status more entires'...
Also move all the cases to 'NT_STATUS_EQUAL()' to test it.
Andrew Bartlett
(This used to be commit b4645bf0661dadcd077b21bb6f6452ed8b2eb726)
|
|
debug msg while establishing trust and listing relations of Samba PDC.
Rafal
(This used to be commit 8681cbae0d142a1f9ac537cb22e611a6f5262b54)
|
|
Andrew Bartlett
(This used to be commit 542a8b1817d3930e03e08e16e9711cacceb6df61)
|
|
Net.exe on windows won't allow more than 50 characters to be entered, but
through AD you can have much more than this.
(This used to be commit ca2886c9385361ea401e3e0b47c26cb39adcadbc)
|
|
(This used to be commit ee78196bcfe52dfdda0b7fd44a6701e2cf5f7d5a)
|
|
>When calling cli_samr_enum_{dom,als}_groups in a while loop, the
>terminating condition should be result != STATUS_MORE_ENTRIES, not
>result == NT_STATUS_OK otherwise we get stuck in an infinite loop
>when there's any sign of trouble.
(This used to be commit 4998a72cf8e3a2b254dc409a36b9bbd118bdc4fd)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|