Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit dfa9412da567d2477ee5b1e6ecdc96b8dea3c21d)
|
|
(This used to be commit 6a5b88c95b3fd17431cda79e9aa2a593fef85100)
|
|
(This used to be commit ab64a0b1e7666b6612659b5720eda451c0ab4857)
|
|
(This used to be commit 30ac37efec0698998ada135655eac8933bd3647f)
|
|
- Jelmer's latest popt changes
(This used to be commit 6a54d9a0a77c71664dc6cdbed1adf492c28c0cce)
|
|
(This used to be commit 98e84b3e83d2a365c818ea64f9418edb29d690f2)
|
|
used to be commit 381649916ecbaddefbb6ee0e6137b7cc73eb54b1)
|
|
(This used to be commit 74fab8f0d24004b1dfd5ce0fd7402895652f941f)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing against platforms
different from NT4SP6.
Volker
(This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing platforms
different from NT4SP6.
Volker
(This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
|
|
(This used to be commit 49926d706f9d24dbdd7a878e2362a27667175a5c)
|
|
(This used to be commit 890cc17c41b3940dcb7d4c2a52ab292bca7d18be)
|
|
nicer to use and more hackable.
- converted to popt
- text message destinations (except for broadcast smbd) are resolved
using files in piddir so the string 'winbindd' is now a destination
- added --timeout option to specify timeout value
- deleted complicated handling of debug args as separate command line
arguments: use shell quoting instead
- deleted interactive mode as punishment for using strtok() (-:
- much improved command line argument checking
Some of this stuff was broken before I started (print notify,
profiling) but the basics still work (ping, pool-usage, debug,
debuglevel).
(This used to be commit 269f838dee257ee9badcae190f2c70b898676bc5)
|
|
Andrew Bartlett
(This used to be commit d711a1c95c92f5a89b43bf29bba8460b870d3b3a)
|
|
same functionality exists as "pool-usage".
Move initialisation of this and dmalloc messages inside message_init().
(This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
|
|
(This used to be commit 41b320ffc560117c0184999e30cc69723f40acbe)
|
|
domain name. We were passing in an already initialised string which was
causing the warning.
(This used to be commit 18685d137e2db6e4e93c655f1c4a97116a36c02c)
|
|
(This used to be commit 38d03f4f1a23963fbbb9046ac9f5ccfa5e3ee7b7)
|
|
(This used to be commit 55d9ef08a7585f69466cd4c0b30ce33841d52b33)
|
|
information into it re the privilaged pipe.
Also clean up some bugs in winbindd_pam.c
Andrew Bartlett
(This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
|
|
patch by Stephan Kulow <coolo@kde.org>)
(This used to be commit 5c0e4b4dc630bd304f53c37f2340f954190b7aef)
|
|
(This used to be commit ce197eae8d254114a295142b522cc028c375ae88)
|
|
the returned session key is the one that we expect to get for that each
of login.
Andrew Bartlett
(This used to be commit fa47e44b9caba98e0b85782f3057e6cb8a5763ff)
|
|
(This used to be commit 861b2a464fed3a16f050972feed1900298fb0bcb)
|
|
downloading stuff.
Volker
(This used to be commit 702d368a9af98d59775ebc3ed89774507397b7e3)
|
|
downloading stuff.
Volker
(This used to be commit b86ea50fa6dae04adeef750cdbe606a292c1430a)
|
|
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit e0cb325b99e09a5a5cba07f0403ed445814bbf53)
|
|
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit 5a3f89d3c12c5e4ab89fbe220ca34387c1660511)
|
|
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
|
|
(This used to be commit 0c12a206bb6610d79deb89868cac9293604b7c08)
|
|
please remember to *test* your changes before committing them. This is
especially the case when you receive patches from outside the team -
before you commit you must make sure that the patch actually works.
(This used to be commit 1d3c7e7fb628a528978f345f83289cc7f2521c35)
|
|
(This used to be commit 6ab41e50fd0a36ebd9969064aa46235dc687dfba)
|
|
(This used to be commit 094eed2c6222fe167ee9f596f4b849a4dea234bf)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 80d2578108da14f60133df3a308b867beb27e920)
|
|
(This used to be commit 691c63ad6b522ae7984017ebadffb5c7c13f6992)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit a1576694a6f23e1c70d7d81ac4feedd4f29c5400)
|
|
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 09a3db0ffcbbe578788d3dd5ee7540d27cc7c09a)
|
|
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 6d3faeaef6c77e389d39b6d4660ffea13e7f25f2)
|
|
(Decode all database names, and set only changes, not all info from the samsync
record).
Andrew Bartlett
(This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
|
|
- Decode all the database names, even if we don't decode their contents
- Update the 'set' code to match rpc_server/srv_samr_nt.c in only recording
the difference between the old and new.
Andrew Bartlett
(This used to be commit 6509397f91a4c218552a48a96df06e595b630898)
|
|
(This used to be commit b46581ef153296a0a04f773115cb2ddad4d44686)
|
|
(This used to be commit 5f12b246b03aef93165059f632012b6fc4706c70)
|
|
(This used to be commit e7ed8bfc24d94b0b6e70a03eaae927fe1daa7d56)
|
|
(This used to be commit 633b3eb7812dc0a58785536a1e7d28329d488b43)
|
|
(This used to be commit 99de90adc98b8d5354c769dcd25cc1f34d3769e9)
|