Age | Commit message (Collapse) | Author | Files | Lines |
|
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
(This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
|
|
as they're no longer new!
(This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
|
|
(This used to be commit 508106285380b772850238a8ed6b78a2c3334887)
|
|
(and yes, some of these are real bugs)
In particular, the samr code was doing an &foo of various types, to a function
that assumed uint32. If time_t isn't 32 bits long, that broke.
They are assignment compatible however, so use that and an intermediate
variable.
Andrew Bartlett
(This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
(This used to be commit 0784ab67addb3422a2d17363b4c3328d2e4b1008)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
(This used to be commit 539d0cc03035c126e2de82523a07ed91997100b8)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
probably will never actually be genearted, but I like the style in any case.
Also fix a segfault in 'net rpc' when the login failed and a small memory leak
on failure in the auth_info.c code.
Andrew Bartlett
(This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
|
|
join does not have administrator privileges.
(This used to be commit af24b1036c8ceaa37e6b68ac988401846c5c7fe4)
|
|
account already exists.
# net rpc join --user=Administrator%password
It's kind of weird seeing the mix of NET.EXE style of options (net command
subcommand /arg:value) with the GNU-style long options. I think it works.
(This used to be commit 3789c8c707acd9a4078d656c8de9ce1f4be9e388)
|
|
(This used to be commit 784a3f295176dc87c8befd76d5f2dc9ef1e9e383)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
(This used to be commit d00f461f43558c8ef942df305bcc2c89060b4800)
|
|
:)
(This used to be commit cee58f10974b55ead68362166d12285568feeb23)
|
|
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
(This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
|