| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit af4c3734b5d617352597b1b964745f5b0d334b2d)
|
|
password
(This used to be commit a5807d5784dc903f1ea38a9825240a505688b7be)
|
|
(This used to be commit fc15b56d29b4474032f4d9136313afee60e70cbf)
|
|
ads_process_results function. Also made sure net rap user and net ads
user display the same thing, to make auto-transport-detection smoother.
(This used to be commit 4cf42c07ec5deb14921fabfbd52a8a3345a730c9)
|
|
have to add the server side now.
J.F.
(This used to be commit b83f87d6811dbad2c254cd5add4bbedb3196c629)
|
|
(This used to be commit 15df51e8def01009f2ec1e2d08c3129ac39dabdf)
|
|
(This used to be commit 0784ab67addb3422a2d17363b4c3328d2e4b1008)
|
|
cases for rename and unlink. Had to add desired_access into the share mode record.
Jeremy.
(This used to be commit 3b1b8ac43535fb0839c5474fa55bf7150f6cde31)
|
|
need to when we are a BDC or a PDC doing a self-join.
Andrew Bartlett
(This used to be commit 996cd3a0979a92b087003982bc61796a8090a787)
|
|
(This used to be commit 57645fd85b7789d7807a5ffb5b2572c6d5f9e3de)
|
|
(This used to be commit 98769f08e723c616a98a2f0c427e9b0e22b28be9)
|
|
we still need to free gid<->rid mapping and few other stuff
(This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
|
|
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
(This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
(This used to be commit 7ba235c0fb4755092605743d575357602fd1ce05)
|
|
(This used to be commit 936df31df5bad9d457d3775d11b4e96a58093282)
|
|
(This used to be commit 539d0cc03035c126e2de82523a07ed91997100b8)
|
|
subcommand \n\t3) try oldstyle first, then more secure method\n to allow for autodetect between ads and rpc on net join
(This used to be commit c8a4a09b5648af2f1669a5a30acdf0a088077af9)
|
|
(This used to be commit 87ee4832312c9c65377500efd617bac086164834)
|
|
(This used to be commit 951006374e48d80a5128d870bdc255bf8c22cb6a)
|
|
nicely, and make 'net help rap user' the same as 'net rap user help'...stuff like that
(This used to be commit 17775dae28c724b11cc73f2aeac5f07f9656046c)
|
|
(This used to be commit 775404fe46f72925fb302e149b6f96fab0dbfcb8)
|
|
(This used to be commit a21ba95897531e7964c9e80a81cd5faa7394db77)
|
|
allowing more than 1000 (or whatever the query limit is on the server) objects to be returned. Printers will come next.
(This used to be commit 9c447920dfbae2e2d2343600401c1d860dad863b)
|
|
(This used to be commit a3cea5e9ae3b53ecbc45e61a39cbce0ca1b916aa)
|
|
(This used to be commit 19546bdd5541785dc8430f8ffa2afcdb42015b96)
|
|
(This used to be commit 00d3a064f16101fecebaeaaabaf841f0a5c91523)
|
|
(This used to be commit 2a42e91397d7871d326abed0e99af297e71dd77e)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
Jeremy.
(This used to be commit 28d4e7a3e2bd8f15ef807b821e4300a72bbc6904)
|
|
(This used to be commit 0511589088dc3e990f7b1a38a06489814c49ec1b)
|
|
(This used to be commit 84c811ca57f7e1b7d9ee498d95b3b21bea47eb5e)
|
|
[PATCH] net ads error
Date:
Fri, 15 Feb 2002 20:03:32 +0200
From:
Alexander Bokovoy <a.bokovoy@sam-solutions.net>
To:
samba-technical@samba.org
Greetings!
Attached patch fixes a problem with non-working 'net ads -Uuser%pass'
in CVS HEAD.
(This used to be commit a21a951ff9493a6e33e4ff8388a95facdeacf7b4)
|
|
We now have error messages for most of the failure cases, and the
'sid' arguments for delete and change can now take the nt group name
as a string.
Also fix up all the internal functions to be static, keeping the
namespace clean.
Andrew Bartlett
(This used to be commit f1687587010a2390b65bd5efa37cc199b67587f8)
|
|
in the directory. Only publishes required fields right now.
(This used to be commit 1d326f8b7e68bcad6c35488f77b05c598ebaad5d)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
Andrew Bartlett
(This used to be commit f3f375dc6b7175d4dd4ce401815e5dfdd9747083)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
init_group_mapping() a static function and don't call it from any client
programs.
Not sure whether I've made a bigger mess here or not...
(This used to be commit 3c887d9021269aaa9fc0bc771af8589077e6208e)
|
|
much saner :-).
Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.
Andrew Bartlett
(This used to be commit e40a0a7f27950bd0484fe7d6b67dce45cd75d25c)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
lp_load().
Andrew Bartlett
(This used to be commit 168c712bf3b8be19e6e72b7bf4563ed3ae87c176)
|
|
Andrew Bartlett
(This used to be commit 6650b21ceabefab037cfd3b135039914fb75e3a9)
|
|
a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa834c0161460bde8a2f0d4824c0a0d1fe)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
|
|
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
|
