Age | Commit message (Collapse) | Author | Files | Lines |
|
to, despite any smb.conf settings.
Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.
Andrew Bartlett
(This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
|
|
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
(This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
|
|
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name->sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
|
|
(This used to be commit f8994483484cab47f0d6a6934979f69402dba894)
|
|
Display an error if we can't create a posix account for the user
(e.g no add user/machine script was specified; bug #323).
(This used to be commit 0c35ba2cd65ff64c5db2b20d5528a0d486cba51e)
|
|
we can override the value in smb.conf with the -w option.
Migrating accounts from another domain can now be done like:
# bin/net join bdc -w nt4dom -Uadministrator%password
# bin/net rpc vampire -w nt4dom -U administrator%password
(This used to be commit d7bd3c1efbd02a7ca01ad9a4b242ea4cc4a63c1f)
|
|
I was storing the mid of the oplock break - I should have been
storing the mid from the open. There are thus 2 types of deferred
packet sequence returns - ones that increment the sequence number
(returns from oplock causing opens) and ones that don't (change notify
returns etc). Running with signing forced on does lead to some
interesting tests :-).
Jeremy.
(This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
|
|
Jeremy.
(This used to be commit cb326c2dbff1fad87d5c72df4a004d5a42d17472)
|
|
Jeremy.
(This used to be commit 0021c83ff645a1923b5a3d3c484d44b20d7813f0)
|
|
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
|
|
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)
removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
|
|
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
|
|
to winbindd. See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
|
|
down failures.
Add a 'auto-add on modify' feature to guestsam
Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.
Make the 'private data' a bit more robust.
Andrew Bartlett
(This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
|
|
- Try better to add the appropriate mapping between UID and SIDs, based
on Get_Pwnam()
- Look for previous users (lookup by SID) and correctly modify the existing
entry in that case
- Map the root user to the Admin SID as a 'well known user'
- Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
call on that user. This means that VL's very nice work on atomic LDAP
updates now really gets used properly!
- This also means that we know the right DN to update, without the extra
round-trips to the server.
Andrew Bartlett
(This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
|
|
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
|
|
E.g if we are pointing at a win2k native mode domain we are returned
an NT_STATUS_NOT_SUPPORTED error.
(This used to be commit 6053c30f26cdf60f2bbfa6fb58ced6f7bcbd2e83)
|
|
the idmap and the SAM.
The basic idea is this: Lookup the user with GetPwnam(), and if they
exist then use that uid. This is what people expect. If the user does
not exist, try and run the right script.
This is also what people expect from previous Samba 3.0 behaviour, where
the Get_Pwnam() was at runtime.
If the idmap entry for this SID isn't valid, or isn't the right value,
modify the idmap to account for this mapping.
Also, the same logic is applied to the primary gid - if it has changed,
update the user's primary unix group.
This patch allows users to be added without a mapping - this is fine for
machine accounts, for example. I've given it a quick test against my
Win2k DC, and I *think* it's sane.
Andrew Bartlett
(This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
|
|
Jump out of sam entry processing loop if the return value from
cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES.
(This used to be commit 47d8ee3679292ece5d86df11bc56c9b4d71f3d11)
|
|
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.
Volker
(This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
|
|
(This used to be commit 2557b94519fbb3110948a3c6a3f412622757d2b0)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
(This used to be commit dfa9412da567d2477ee5b1e6ecdc96b8dea3c21d)
|
|
(This used to be commit 6a5b88c95b3fd17431cda79e9aa2a593fef85100)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing against platforms
different from NT4SP6.
Volker
(This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
|
|
downloading stuff.
Volker
(This used to be commit 702d368a9af98d59775ebc3ed89774507397b7e3)
|
|
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit 5a3f89d3c12c5e4ab89fbe220ca34387c1660511)
|
|
(Decode all database names, and set only changes, not all info from the samsync
record).
Andrew Bartlett
(This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
|
|
- pdb_guest (including change defaults)
- 'default' passdb actions (instead of 'not implemented' stubs in each module)
- net_rpc_samsync no longer assumes pdb_unix
Andrew Bartlett
(This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
|
|
"
Make the vampire code use just pdb calls - allowing better operation on systems
that are not configured with an add user script, and have an _nua backend for
storage.
We really need to get the PDB backends out of the IDMAP game...
Andrew Bartlett
"
(This used to be commit e959a8eb67e78bb90ae017687dca8f8b3b147b09)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
|
|
Janitor for tridge :-).
Jeremy.
(This used to be commit 76cdfbd5107fff0c38f5fc339f1c27b33fec3a91)
|
|
Jeremy.
(This used to be commit 6d98ac2634d17f7f8fb17c43923ddd2b1e723d86)
|
|
The work here includes:
- metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.
- volker's group mapping in passdb patch
- volker's samsync stuff
- volkers SAMR changes.
- mezte's connection caching patch
- my recent changes (fix magic root check, ldap ssl)
Andrew Bartlett
(This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
|
|
from APP_HEAD
(This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
|
|
(i ignored the new SAMBA stuff, but the rest of this looks like it should
have been merged already).
(This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
|
|
getsid, then join as a BDC, and then watch net rpc vampire suck out
the good stuff out of a PDC :-). It's not perfect, but it does quite a
bit for me. Watch out for more.
Volker
(This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba)
|
|
When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.
Volker
(This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc)
|
|
Volker
(This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
|
|
positive name for this. It creates users and global groups. More to come.
Volker
(This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
|
|
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch.
pass also the negociation flags all the way.
all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient.
in the future we will be able to call auth_2 or auth_3 as we want.
J.F.
(This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
|
|
I get all the groups at least.
Volker
(This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60)
|
|
(This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c)
|
|
samsync operations (as a BDC)
(This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
|