Age | Commit message (Collapse) | Author | Files | Lines |
|
JHT came up with a nasty (broken) torture case in preparing examples for
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name -> sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)
|
|
(This used to be commit 675707c33e8447b9cb9fc2ae451663a56a14d792)
|
|
>Revision 1.8.2.33
>Fix error return path memory leaks in vampire code for creating users.
>
>Display an error if we can't create a posix account for the user
>(e.g no add user/machine script was specified; bug #323).
>Revision 1.8.2.32:
>Use opt_target_workgroup instead of lp_workgroup() in vampire code so
>we can override the value in smb.conf with the -w option.
>
>Migrating accounts from another domain can now be done like:
>
># bin/net join bdc -w nt4dom -Uadministrator%password
># bin/net rpc vampire -w nt4dom -U administrator%password
(This used to be commit 36f7d88edd15bff1b7dfa78f3908dae272b96215)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
(This used to be commit 21867183e082a4ec7fec64a534677058cba1a598)
|
|
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
|
|
(This used to be commit 26901af91eaa119df0e1192be95b514ecf26c6a6)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing platforms
different from NT4SP6.
Volker
(This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
|
|
downloading stuff.
Volker
(This used to be commit b86ea50fa6dae04adeef750cdbe606a292c1430a)
|
|
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit e0cb325b99e09a5a5cba07f0403ed445814bbf53)
|
|
- Decode all the database names, even if we don't decode their contents
- Update the 'set' code to match rpc_server/srv_samr_nt.c in only recording
the difference between the old and new.
Andrew Bartlett
(This used to be commit 6509397f91a4c218552a48a96df06e595b630898)
|
|
the user a second time now.
Andrew Bartlett
(This used to be commit a1e27a02f52315df0dd05ab8a94ae5a2bf398655)
|
|
that are not configured with an add user script, and have an _nua backend for
storage.
We really need to get the PDB backends out of the IDMAP game...
Andrew Bartlett
(This used to be commit dceb7820d71ce624de60ce8f729d5d3711b64152)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
SAM sync. This copes with both unset passwords from NT4 DCs and the
null passwords you get from w2k domains.
(This used to be commit 20c1cd86aca8040c1fe7497b84bb546526676e48)
|
|
'net rpc vampire'
(This used to be commit 1526b3b19e0be5926977d3eb1e642330bfeba5a2)
|
|
Currently this calls back to mapping.c, but we have the framework
to get the information into LDAP and the passdb.tdb (should we? I
think so..).
This has received moderate testing with net rpc vampire and
usrmgr. I found the add_groupmem segfault in add_aliasmem as
well, but that will be another checkin.
Volker
(This used to be commit f30095852fea19421ac8e25dfe9c5cd4b2206f84)
|
|
somebody with a large domain do a net rpc samdump to verify this?
Without this change, I don't get everything from a NT4 SP1 and SP6
PDC.
Volker
(This used to be commit f6a9180a5ff62932de0d4f890092b0d8281e9d6e)
|
|
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
Volker
(This used to be commit f68825e93371e3d3403167f608d1da0d7ada1a04)
|
|
getsid, then join as a BDC, and then watch net rpc vampire suck out
the good stuff out of a PDC :-). It's not perfect, but it does quite a
bit for me. Watch out for more.
Volker
(This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba)
|
|
When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.
Volker
(This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc)
|
|
Volker
(This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
|
|
positive name for this. It creates users and global groups. More to come.
Volker
(This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
|
|
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch.
pass also the negociation flags all the way.
all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient.
in the future we will be able to call auth_2 or auth_3 as we want.
J.F.
(This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
|
|
I get all the groups at least.
Volker
(This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60)
|
|
(This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c)
|
|
samsync operations (as a BDC)
(This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
|