Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 861b2a464fed3a16f050972feed1900298fb0bcb)
|
|
downloading stuff.
Volker
(This used to be commit b86ea50fa6dae04adeef750cdbe606a292c1430a)
|
|
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit e0cb325b99e09a5a5cba07f0403ed445814bbf53)
|
|
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
|
|
(This used to be commit 0c12a206bb6610d79deb89868cac9293604b7c08)
|
|
please remember to *test* your changes before committing them. This is
especially the case when you receive patches from outside the team -
before you commit you must make sure that the patch actually works.
(This used to be commit 1d3c7e7fb628a528978f345f83289cc7f2521c35)
|
|
(This used to be commit 6ab41e50fd0a36ebd9969064aa46235dc687dfba)
|
|
(This used to be commit 094eed2c6222fe167ee9f596f4b849a4dea234bf)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 80d2578108da14f60133df3a308b867beb27e920)
|
|
(This used to be commit 691c63ad6b522ae7984017ebadffb5c7c13f6992)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit a1576694a6f23e1c70d7d81ac4feedd4f29c5400)
|
|
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 6d3faeaef6c77e389d39b6d4660ffea13e7f25f2)
|
|
- Decode all the database names, even if we don't decode their contents
- Update the 'set' code to match rpc_server/srv_samr_nt.c in only recording
the difference between the old and new.
Andrew Bartlett
(This used to be commit 6509397f91a4c218552a48a96df06e595b630898)
|
|
(This used to be commit b46581ef153296a0a04f773115cb2ddad4d44686)
|
|
(This used to be commit 5f12b246b03aef93165059f632012b6fc4706c70)
|
|
(This used to be commit e7ed8bfc24d94b0b6e70a03eaae927fe1daa7d56)
|
|
(This used to be commit 633b3eb7812dc0a58785536a1e7d28329d488b43)
|
|
(This used to be commit 99de90adc98b8d5354c769dcd25cc1f34d3769e9)
|
|
(This used to be commit 8f285878b30bad7388f69075538c628a7e18ac8a)
|
|
(This used to be commit 05b1681b03688c0d4e57e8dfb881b111f947e6c6)
|
|
(This used to be commit 3bad73ca870bb43324bdb5dfc6bb02e0fa1fb1e0)
|
|
(This used to be commit 44e9bf88cc2bbb2aa34711354258c3abb319cb9b)
|
|
(This used to be commit 45e5374e89730e7ad497edf9e344fbd1b8992589)
|
|
have some of the labels 'duplicated' (ie, the defines double-up).
Also, to an ads_connect() to try and find our KDC. (So we don't segfualt
*every* time)
Andrew Bartlett
(This used to be commit 56dce7ddad118051c93c62507234efca3920bc9b)
|
|
- signed/unsigned
- quieten warning about assignment as truth value
- whitespace
Andrew Bartlett
(This used to be commit a13ce0df4b4a776fa635a1fb804dd00d195f58d0)
|
|
Fix an inconpatible poitner type that caused the IA64 not to build
Andrew Bartlett
(This used to be commit 37436b0aae108fceace3049d3868510e1ba592ac)
|
|
(This used to be commit 9af30c9aae3623c4db1edca39a91973f0279acb4)
|
|
an expected situation.
Andrew Bartlett
(This used to be commit a07fccb7ae169c0b5089e3f7d2c5d6465b2e4686)
|
|
of user@realm for kerberos logins.
Andrew Bartlett
(This used to be commit ce013dc13e9e77b5cb9b2d5a4b76d54f91614e6c)
|
|
(This used to be commit 30ba31e6355b5dfb902e42d2b5edc71630db2923)
|
|
Andrew Bartlett
(This used to be commit 42b5514404bc7e33306c11344c6c934a1f83d295)
|
|
(This used to be commit 14d7d8b22993ca7f1c273a7baaccb09c8fa04ef9)
|
|
- added general options to 'net -h' help
(This used to be commit ee8a7fdab7f5aa6f4a64f2eea90f0d44ae0f388a)
|
|
(This used to be commit 87cebe797f06fab4a5d0077fd78b2183ff7333a5)
|
|
- More info is printed
- (grand)child domains handled properly
Thanks to Anthony Liguori (aliguori@us.ibm.com)
(This used to be commit 3dbcb4d93f7c192eb2ccea5941a3843b5de1190e)
|
|
- Add smb_probe_module()
- Add init_modules()
- Call these functions
(This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
|
|
(This used to be commit 0308f24ad209a28799b36d041be2dc2be2b2dac8)
|
|
in general searches, but only if searching for the DN only.
In my case, it was the tokenGroups attribute that caused me trouble, hence
this patch.
Andrew Bartlett
(This used to be commit 8a0cc4c2beb5d6ad7e44bf47bf0f9ec4a3ffdb96)
|
|
we were overwriting the user's ccache with the machine password (the -P option).
Andrew Bartlett
(This used to be commit 231d2f84ef36b30be98baf3b56ebf4a5cd8dad11)
|
|
(This used to be commit d0365f20c242bcfc4f5d8286c6c5654e310a9d45)
|
|
the user a second time now.
Andrew Bartlett
(This used to be commit a1e27a02f52315df0dd05ab8a94ae5a2bf398655)
|
|
(This used to be commit d15b7425d408f17505c4f3a91ec68bcfc4472c16)
|
|
Jeremy.
(This used to be commit e81d72ac221023ded9e0932be7dd303ad5280665)
|
|
(pdbedit already has a -V option..)
(This used to be commit 5de622968d95c1436dbd34edc8d0a9bbff68916b)
|
|
it can be used for 'net rpc join'.
Also fix a bug in our server-side NTLMSSP code - a client without any domain
trust links to us may calculate the NTLMv2 response with "" as the domain.
Andrew Bartlett
(This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
|
|
the regedit file parser etc.
(This used to be commit 5040b498675b91cd18bc7fe4456c94df0a8fa41d)
|
|
users w/o full administrative access on computer accounts to join a
computer into AD domain.
The patch and detailed changelog is available at:
http://www.itcollege.ee/~aandreim/samba
This is a list of changes in general:
1. When creating machine account do not fail if SD cannot be changed.
setting SD is not mandatory and join will work perfectly without it.
2. Implement KPASSWD CHANGEPW protocol for changing trust password so
machine account does not need to have reset password right for itself.
3. Command line utilities no longer interfere with user's existing
kerberos ticket cache.
4. Command line utilities can do kerberos authentication even if
username is specified (-U). Initial TGT will be requested in this case.
I've modified the patch to share the kinit code, rather than copying it,
and updated it to current CVS. The other change included in the original patch
(local realms) has been left out for now.
Andrew Bartlett
(This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
|