Age | Commit message (Collapse) | Author | Files | Lines |
|
Re-add the capability to specify an OU in which to create
the machine account. Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
|
|
* replace printf to stderr with DEBUG statements as they get printed in
daemons
* "net ads lookup" return code
Guenther
(This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
|
|
(This used to be commit d19dad88155f985f113c667b6bdad5a1b25eca18)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
we created the profiling shmem segment and don't bogusly
refuse to look at it.
(This used to be commit eb31ef3a0e5e7c3b4029a3c2e124d2df646f10a2)
|
|
prevents a nasty failure condition in winbindd's pam_auth where a tgt
and a service ticket could have been succefully retrieved, but just not
validated.
Guenther
(This used to be commit a75dd80c6210d01aff104a86b0a9d39d65f2c348)
|
|
(This used to be commit f21adc04f745a966dbe6ef0b4ffd9729afa3fa78)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
objectClass which is not indexed on AD) in LDAP queries.
Guenther
(This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
|
|
Guenther
(This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
|
|
stack tracing support. This provides an easy way for users to provide
stack traces (hopefully it will be implemented on something other than
ia64).
(This used to be commit 0b5e07e12daa98095dae27e0a6d53fe8ec3f3700)
|
|
just don't get why "guest ok" is not allowed in usershares.
Added "usershare allow guests" bool parameter that allows
this, reved usershare file version to VERSION#2 which
allows this. Updated user tools.
This should now be (finally) finished and I'll add
the new parameter docs and a HOWTO.
Jeremy.
(This used to be commit cdc3aa9d07d568570f2117bea9f1a4d227b3a35d)
|
|
(How did that get in there ?).
Jeremy
(This used to be commit 780b71d300da71acc8b4f0fe10c1ae78c71e23c4)
|
|
smbpasswd -e should probably for a password
(This used to be commit 3522b53aecb5293747b66250279417f9edf876f1)
|
|
sid"); works in all AD versions I tested. Also add "net ads sid" search
tool.
Guenther
(This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
|
|
Guenther
(This used to be commit e55e1e1e96e1a1e6d2bcc5897a44828ddc2c9f3b)
|
|
Guenther
(This used to be commit ba81b508caa4ab21a04d142f3621e43a55e859cf)
|
|
(This used to be commit bb8c69162f9228343e0b05812e0e5a9ca4eb56bf)
|
|
(This used to be commit f068862e56861d74021d72726248cb738a2ff0fe)
|
|
this is
sufficient to fix bug #3659.
Volker
(This used to be commit 0ef5e4372c45a60d66a902a6dbca58ae98529358)
|
|
(This used to be commit a6e88785e7116c1a88e1bfdfa2afadecd501bfb0)
|
|
Guenther
(This used to be commit 22b687589785051eca16a868e3475f066b647ea7)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
|
|
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03304ff04229e1bfe544ff40e2564fc7)
|
|
Volker
(This used to be commit ba41c62b8b4d0c791035d63fb59496c0f655887f)
|
|
(This used to be commit ffe1a2e23ffb2edf2274c20ece0a66a9c649d50f)
|
|
(This used to be commit 5f4f4cbe6fe069570a921468034005d364f63206)
|
|
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
|
|
Jeremy.
(This used to be commit 75be5c17bc74c86219c7cac749b52b7d43abb780)
|
|
Guenther
(This used to be commit d17712f9761589115e976e2240498396f36838ee)
|
|
in error code path.
Jeremy.
(This used to be commit 9117713c5ee220331106d291425703aec4d7dd2c)
|
|
(This used to be commit 08d201806f53f51fbed4a02a54cb0656f8287b12)
|
|
otherwise append to output file specified.
(This used to be commit b4ec93f5a26442d30ba2b8c91d03f3190975efd0)
|
|
different directory the temp files should be in, or is /tmp ok?
Still have to get rid of the output file hardcoding, but that is to
come, because I need to cleanup stdout.
(This used to be commit 0d4bd93a5ca4025bbdeb507f4a2d6217cfb39c79)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
(This used to be commit 3137fe5068e4b0c1724b92f49ca8e1d254324801)
|
|
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
(This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)
|
|
Jeremy.
(This used to be commit 7fc61f5a63c982cfd0fbe1838979ba7be8f69fca)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
specified once in an ACL, so it can be allocated a second time,
overwriting the first
(This used to be commit 1804a8a01ebf3353574a2c5b26a1746b34715737)
|
|
(This used to be commit 1899d8ea283845141b24d91d230248009744fe1a)
|
|
(This used to be commit 32364d8f01c75bd00ee1bef49c687d6dd3299d1f)
|
|
(This used to be commit 655fb66b289bdd19c4432eea00fac935184f25c9)
|
|
(This used to be commit a197b8c5cb02c8a5fac3882e7b76bcd7abb0279c)
|
|
(This used to be commit dbc0ff5544f2d15b1d1bc41319c76274b79d92b4)
|
|
(This used to be commit cf36f5949f8ac5ea020fcaa796ad92852df25ae7)
|
|
sstring_sub().
(This used to be commit 6ff849f35ae3394d6557f79c73b0fe54fbb86d0f)
|
|
Need to go back and correct the assumption that an "ldap xxx suffix"
parm must have an OU.
(This used to be commit 2d7ba11ffbe17af12257a91638be95d09c0c34c5)
|
|
Guenther
(This used to be commit ade86cc787e266850fee982b008a9caf2c8ed7e7)
|