Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 99fc3283c4ecc791f5a242bd1983b4352ce3e6cf)
|
|
This reduces the dependency on cli_state
(This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
|
|
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.
Guenther
(This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
|
|
Guenther
(This used to be commit e12721f73db72b99aa0e4be35c51aa8636eb3f59)
|
|
Guenther
(This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)
|
|
Guenther
(This used to be commit f4581e9f4482566fba9436d5ae058b8d840fa394)
|
|
Guenther
(This used to be commit 1b48b9d73d971ef18b8a2ea240e48902b703b74b)
|
|
rpccli_samr_SetUserInfo (see the opcode mixup in rpc_samr.h).
Guenther
(This used to be commit bdc49185036060ebb9c727767dce52e4b01bd8b4)
|
|
Guenther
(This used to be commit a513ae630c9dc0b81215e5513c19f45f18cbc1f1)
|
|
Guenther
(This used to be commit ce22abcea3446e4ad42e8e04654b9855b173c5a1)
|
|
Guenther
(This used to be commit bdf8d562621e1a09bf83e2009dec24966e7fdf22)
|
|
Guenther
(This used to be commit 701af69118c9634c7dc0d5c10152ce776787694d)
|
|
Guenther
(This used to be commit da90eb7653554d242da83ed98adae35ced3a2938)
|
|
Guenther
(This used to be commit e4e9d72724d547e1405b2ed4cec509d50ec88c8d)
|
|
Guenther
(This used to be commit 64f0889401855ab76953bfae5db4fe4df19ad8a5)
|
|
them with different
names. Matt, Jeremy, please check.
Guenther
(This used to be commit d4a9e46edf7336f673c001c559af96eb0ecf9f6f)
|
|
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
(This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
|
|
patch for adding acct_flags to rpccli_samr_create_dom_user().
Jerry please test.
Jeremy.
(This used to be commit 7d94f97947b7edfcf3ec52f0125e4593d6d54c05)
|
|
rpccli_lsa_query_info_policy2().
Guenther
(This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
|
|
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba7346597425307e260e88647e49081f68)
|
|
error propagation.
Michael
(This used to be commit 5a16da2185f07d1f48fabd93a7a6b8f2d6b91089)
|
|
return NTSTATUS to allow for better error propagation.
Michael
(This used to be commit 46093004a788dae83a4ddb888ca5d72f555c236c)
|
|
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
(This used to be commit 30d99d8ac3379caadc5bdb353977149d1ee16403)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Volker
(This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
|
|
Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
|
|
(This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74)
|
|
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749
in net_rpc_audit.c: 754 755 756
in net_rpc_join.c: 757
in net_rpc_registry: 766 767
in net_rpc_samsync.c: 771 773
in net_sam.c: 797 798
Volker
(This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
Jeremy.
(This used to be commit 88dd4ab48127bb08fdeb0b5c236020e0b910f0d8)
|
|
(This used to be commit d8e69c18e0d34c99525080b3afaf2778be3a5ec2)
|
|
not to, cope with a server that doesn't offer schannel also.
Jeremy
(This used to be commit 68005f6bdb70883eace0d9067c76c3360a803023)
|
|
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.
(This used to be commit 7de1ee18619bf99c5db45692e085d0646e52378f)
|
|
All 'usage' messages are still printed to stdout.
Fix some compiler warnings for system() calls where we didn't used the
return code. Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
|
|
and client_name when doing netlogon credential setup.
Jeremy.
(This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
using USER_INFO_XX structs and functions where XX was sometimes
in hex and sometimes in decimal. Now it's all in decimal (should
be no functionality change).
Jeremy.
(This used to be commit 84651aca04cbcbf50ab2e78333cc9d9e49dd92f5)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
(This used to be commit 68b1c1f533e5c91634f5da21659c8e5793cb77f7)
|
|
add domain trusts
(This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
|
|
supported pipe. Netlogon is still special, as we open that twice, one to do
the auth2, the other one with schannel.
The client interface is completely unchanged for those who only use a single
pie. cli->pipe_idx is used as the index for everything except the "real"
client rpc calls, which have been explicitly converted in my last commit. Next
step is to get winbind to just use a single smb connection for multiple pipes.
Volker
(This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
(This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
|
|
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
|
|
the parms to cli_lsa_query_info_policy without changing them here...
(This used to be commit a885df7635a9230bc6cca88e7e8fb1420c74c7fb)
|
|
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
(server-side support to follow shortly)
Andrew Bartlett
(This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
|