Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Karolin
|
|
When initialize_password_db returns an error this means that the SID
stored in the backend cannot be read. Return this error directly
instead of creating a random SID through get_global_sam_sid.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Apr 30 13:07:20 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat Apr 21 00:55:13 CEST 2012 on sn-devel-104
|
|
This also removes the ID_CACHE_FLUSH message.
|
|
This simplifies the g_lock implementation. The new implementation tries to
acquire a lock. If that fails due to a lock conflict, wait for the g_lock
record to change. Upon change, just try again. The old logic had to cope with
pending records and an ugly hack into ctdb itself. As a bonus, we now get a
really clean async g_lock_lock_send/recv that can asynchronously wait for a
global lock. This would have been almost impossible to do without the
dbwrap_record_watch infrastructure.
|
|
|
|
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Thu Apr 19 10:32:27 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 17 11:54:35 CEST 2012 on sn-devel-104
|
|
This triggers a notify cleanup run which would normally only run periodically
|
|
Add command to force smbd to reload printers by sending MSG_PRINTER_PCAP.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client)
will not select krb5.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This imports the gensec handling code from the source4 ntlm_auth, which
will eventually be used for all the NTLMSSP and SPNEGO clients and servers
but which is only used for gss-spnego for now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
usleep moving to libreplace.
|
|
We already confirm that we have this functionality before we set HAVE_KRB5 at
configure time.
Andrew Bartlett
|
|
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Sat Mar 10 19:07:20 CET 2012 on sn-devel-104
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
do net rpc keytab vampire
|
|
The SPNEGO code changed since this was last tested.
Andrew Bartlett
|
|
While windows will accept this ticket without the wrapping, it is
nicer to follow the standard and wrap it up in GSSAPI.
This should allow the ntlm_auth gss-spnego-client to talk to
the ntlm_auth gss-spengo server.
Reported by Christof Schmitt <christof.schmitt@us.ibm.com>
Andrew Bartlett
|
|
This will allow the gss-spnego-client protocol to work with modern
SPNEGO servers that do not send the principal in the mechListMIC.
Andrew Bartlett
|
|
|
|
This uses the common gensec_ntlmssp server code for ntlm_auth, removing
the last non-gensec use of the NTLMSSP server.
Andrew Bartlett
|
|
Found by callcatcher.
Andrew Bartlett
|
|
This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.
Andrew Bartlett
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
This replaces the use of the internal krb5_locate_kdc() function with
our own get_kdc_list() function.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Feb 3 03:07:33 CET 2012 on sn-devel-104
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Jan 31 18:37:45 CET 2012 on sn-devel-104
|
|
|
|
|
|
_net_ads_join_dns_updates()
|
|
|
|
untangle assignment from check and log error code in message if failed.
|
|
block
If failed, print according error message and skip the attempt to do dns update.
|