| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- gss error code patch from a.bokovoy@sam-solutions.net
- better sid dumping in ads_dump
- fixed help in wbinfo
(This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
|
|
Jeremy
(This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
|
|
(This used to be commit f1231c2b54cac9d4fda7fa9d45fd329f1fd7b779)
|
|
(This used to be commit c26623671e2b0b2e80c6d6383a99880c4f439f04)
|
|
join does not have administrator privileges.
(This used to be commit af24b1036c8ceaa37e6b68ac988401846c5c7fe4)
|
|
(This used to be commit 60eb4dc7b1114275f035d27a890e0301a65e0e42)
|
|
(This used to be commit 882e5e3bb815e02407ecf6f689ffe5bb618845e8)
|
|
account already exists.
# net rpc join --user=Administrator%password
It's kind of weird seeing the mix of NET.EXE style of options (net command
subcommand /arg:value) with the GNU-style long options. I think it works.
(This used to be commit 3789c8c707acd9a4078d656c8de9ce1f4be9e388)
|
|
cleanup. Printq function cannot exactly mimic windows output using d_printf...oh well. Add some more command-specific options back into help.
(This used to be commit e135320e0547581c7d38126647a91b874d152622)
|
|
(This used to be commit 3c927e39e7354d2f65b3ff7148fc325b41552310)
|
|
(This used to be commit 0839cf03a92673b38f1afa103271c708fa7162a2)
|
|
Ignacio you can update your howto ;-)
samsync: a small patch to try chaning challenges.
J.F.
(This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
|
|
(This used to be commit b107ecef7097e4b3b870f51fa6628b870703b4de)
|
|
(This used to be commit 4405a87fb754cece3a5428246ea6ecb9abba1996)
|
|
(This used to be commit 4e2691b1c13a7db4770effa6eddeb19adb47f8ae)
|
|
(This used to be commit 784a3f295176dc87c8befd76d5f2dc9ef1e9e383)
|
|
(This used to be commit 3628a978d1881aa2a0939594b1c752475468965e)
|
|
(This used to be commit 75621d528433a9c1af3eada0b748dfbcfdb8ad62)
|
|
(This used to be commit 2183c1f3b09db5c078327050279130ac825c71f8)
|
|
a SMB server
particularly useful for ADS is:
net time set -S DOMAIN#1B
this makes kerberos clock skew problems go away :)
(This used to be commit b3ba2293d0e4eac3b6408c3abc3dcacfa3f67fe4)
|
|
(This used to be commit c87d1ad32114200d3e678f8de88874c737f8e571)
|
|
protocol switch mechanism in place
(This used to be commit d20c3717dd58745da082d1b4df7698c6d6c38e6c)
|
|
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
|
|
(This used to be commit 5a96391c75fd13b2fc385aa571244b82bc4736d0)
|
|
function.
(This used to be commit 61b0f5f4f9788784b0806a9a15cbc6bf1005aa68)
|
|
(This used to be commit b2443f6fca5840584926b7481acf1975507c445e)
|
|
(This used to be commit d00f461f43558c8ef942df305bcc2c89060b4800)
|
|
(This used to be commit ea76a687fc2614912fd6b0458622495f9920749e)
|
|
'net' command.
This also gets us 'net rpc user add'.
Andrew Bartlett
(This used to be commit 1197689bc56f4b2ca6ffea3b2601b8f6f9f52207)
|
|
not the privileges. Usually we don't need them, so the memory is free
early.
lib/util_sid.c: added some helper functions to check an SID.
passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !
rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.
J.F.
(This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
|
|
:)
(This used to be commit cee58f10974b55ead68362166d12285568feeb23)
|
|
(This used to be commit e908f304a26b9f1100e301610151a9334bf117b0)
|
|
(This used to be commit 660238adcad8abb3f9a1e67eb81419618db77f3d)
|
|
However this looks like the best spot to init the account policy db...
(fix segfaults on all local smbpasswd ops)
Andrew Bartlett
(This used to be commit 3f3bb62ba63373c3cdf2495f97c7461ed5b373ef)
|
|
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
(This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
|
|
PDC, as well as changes for correctness as per tridge.
Andrew Bartlett
(This used to be commit 16d302c5cc0da93a58e0ce10843f9c8d8062c689)
|
|
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
(This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
|
|
'net' untility.
This should make it easier to port rpcclient code across to net.
It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse
it kills off the early destruction of the clear-text password.
Andrew Bartlett
(This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
|
|
Andrew Bartlett
(This used to be commit 8dbd9702d829eaefcdab8e3f8a4750befa884234)
|
|
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett
(This used to be commit 8739d426caabe3794a018dd28ab139b08f88b603)
|
|
(This used to be commit 97627e424a1de3df0a6f7a9bfaaf3ece4dd2036d)
|
|
definitions.
(This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
|
|
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
|
|
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
(This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
|
|
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
|
|
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
|
|
conflicts with nmbd's definition.
(This used to be commit 70e9c2efaada4be609ff053d216d554cb036df4e)
|
|
(This used to be commit 8227f6909cca67fcc1a8455f4b386df7778ef2e7)
|
