| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 2ee0abb50f25e5a4529d8c9409c979a7a00e5984)
|
|
(This used to be commit 2f46bdeb4fa1d32fe948af5d7fa80480ff2d2c86)
|
|
(This used to be commit 3f6ca04003172c22d02111f2170ad60f0d7936d9)
|
|
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
(This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
|
|
(This used to be commit 28ba237a9e02e284fb541562270db758612e425a)
|
|
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
|
|
Andrew Bartlett
(This used to be commit ce6c8a647ca56dcbb60ff898d77c2df297c1fe79)
|
|
Andrew Bartlett
(This used to be commit 8405bccd4e7a5315e58890ffa5d481031636f88a)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
from itself).
they where alo not clean after use!
Simo.
(This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
|
|
to check for uppercased strings when we store them not uppercased.
jerry, this fix is needed to make usrmgr.exe work again.
meanwhile we found out that NT_STATUS code may not be appropriate there.
In particular it seem that an NT PDC will send back 02 as error
(ERRbadfile) not 0xc000000f (NT_STATUS_NO_SUCH_FILE NT)
I think further investigation is need to understand which are aprropriate
return codes here.
(This used to be commit 2ad0e81c8da62b7e15ab3e414b5e15a94fe5de87)
|
|
from some of the callers.
Andrew Bartlett
(This used to be commit eb3354aa6c7293df9a728565a6774049b2e6d57f)
|
|
name status query to 14 bytes, so we could not join a DC who had a
netbios name of 15 bytes in length.
(This used to be commit a7588f21c24dac833f098c48e2337c100cf75ba4)
|
|
parm_struct.ptr
this one also fixes log level not shown in swat
fix swat help system
(This used to be commit 7532e828966f3baaa418b528a5b7fe450c488401)
|
|
(This used to be commit 8e906a948196be7d630a9b20f3c3d2cbafd545f1)
|
|
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
|
|
(This used to be commit 76eacaa28546d65b9ddb7ff356f0bd2aaf2f86d8)
|
|
dictionary into a separate function.
(This used to be commit 10889241d5f5813f499501a45edccc4acd3e9f74)
|
|
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
|
|
(This used to be commit 81322f4d63095d828be7983eb4b47775abe8d33f)
|
|
(This used to be commit cf2abf677ed9942d841ef61ffb2565244c8979ac)
|
|
*somthing* in the directory. (Stops cvs update -P eating it).
This is the combined effort of many from #samba-technical, kai, metze,
ctrlsoft, idra and abartlet in particular. It will no doubt change :-)
Andrew Bartlett
(This used to be commit 40fc43296def1f5ac3c23aba8b283a91f1d10239)
|
|
Authenticaions will now attempt to use winbind, and only fall back to
'ntdomain' (the old security=domain) code if that fails (for any reason,
including wrong password).
I'll fix up the authenticaion code to better handle the different types of
failures in the near future.
Andrew Bartlett
(This used to be commit 78f0d4337bd263d26d7b349eaf8148e863c62f69)
|
|
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
(This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
|
|
longer than the buffer they claim to be in.
Many thanks to tridge for explaining the macros.
Andrew Bartlett
(This used to be commit 3efd462bf2f1ed50c108c2b8ddecc461d002745d)
|
|
for spotting this)
(This used to be commit d4c905e5a0a67c8e01a4fcf78aa992a3b7beff02)
|
|
(This used to be commit 0e2207c9c1ce573098f764e85a65c17cc1f1d284)
|
|
Andrew Bartlett
(This used to be commit bc17b91c2f1a1df58614b67bff94f228be6b9bb2)
|
|
Andrew Bartlett
(This used to be commit f77335b6f86c736e72b66eab6a2aee046ddbee41)
|
|
code.
(This used to be commit 3929532e3bfb98b925d73d331c8cbb319fdc8b9a)
|
|
(This used to be commit 9f9e0cbd2c9920b730286f8bf560dc3415c29aa6)
|
|
(This used to be commit aa5beb63f1b1133c4ad28118ddd33e21198d79bb)
|
|
When this option is disabled we should not do *any* netbios
operations. You should also not start nmbd at all. I have put initial
checks in at the major points we do netbios operations in smbd but
there are bound to be more needed. Right now I've disabled all netbios
name queries, all WINS lookups and node status queries in smbd and
winbindd.
I've been testing this option and the most noticable thing is how much
more responsive things are! wthout those damn netbios timeouts things
certainly are much slicker.
(This used to be commit 12e7953bf2497eeb7c0bc6585d9fe58b3aabc240)
|
|
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
|
|
on both by default, and you can specify a list of ports to listen on
either with "smb ports = " in smb.conf or using the -p option to smbd.
this is needed for proper netbiosless operation.
(This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
|
|
needed to find the DC IP. Just don't check its return value!
(This used to be commit ab144cd8af1622894d446ce48dde99babeb30bd6)
|
|
our smb.conf setup.
(This used to be commit cffa881092e48db10a712575a8671f695e8ef813)
|
|
Tridge, please look at this. Did you mean to take out the last parm?
(This used to be commit f70886df942e8b37fecb503b2d87f39f19c9bdab)
|
|
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
(This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
|
|
very useful in scripts
(This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
|
|
there were 2 bugs:
1) we were sending a null challenge when we should have sent an empty
challenge
2) the password can be in unicode if unicode is negotiated. This means
our client code was wrong too :(
(This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
|
|
(This used to be commit deff1f96232b328fb5f5bb49a23eb4cda11fd330)
|
|
without any 'realm =' or 'ads server =' options at all, as long as DNS
is working right.
(This used to be commit d3fecdd04241ed7b9248e52415693cd54a1faecf)
|
|
make the code a fair bit cleaner as it splits up the ADS and RPC
cases, which really are very different.
(This used to be commit 5a11c432afebe84b17820396476f48a6a6f6411b)
|
|
field. This has got to be pointless.
(This used to be commit fd02adab54b66a19c1b81b8ae91e66713691b060)
|
|
the servers netbios name when we don't need it. This also fixes ADS
mode when the DC has netbios disabled.
- if the password server is specified as an IP then actually use that
IP, don't do a lookup for the servers name :)
(This used to be commit 72042e94ef0f6841afcfa48eafb9809545860725)
|
|
Finally the cascaded VFS patch is in.
Testing is very welcome, specially with layered multiple vfs modules.
A big thank to Alexander Bokovoy for his work and patience :)
Simo.
(This used to be commit 56283601afe1836dafe0580532f014e29593c463)
|
|
- That we never call winbind recursivly
- That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping
in either the passdb or the group mapping db.
Also, remove restrictions that say 'this domain only'. If we have a mapping
configured, allow it to be returned. If we later decide certian mappings are
invalid, then we sould put that in the code that actually does the map.
Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even
if they are not represented by Unix groups yet.
Andrew Bartlett
(This used to be commit d5bafb224337e393420c2ce9c0a787405314713c)
|
|
are dealing with utf8 we may as well specify char** for the pointer, save
otherwise casting in the caller.
Andrew Bartlett
(This used to be commit 46021f85b6da4ba1e7f73ee7408079219d555dde)
|
|
(This used to be commit a5a0ff8bd7ee4a3586647d14fd750ec6df73efa8)
|
