Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 472acd89b2bf5ec2a471957aaff42e560053f60e)
|
|
(This used to be commit 7bb0dda8ee1d61a0e8448070f1a71fcd13be5d40)
|
|
Found by Andrew at connectathon with some new tests
Jeremy.
(This used to be commit 4aaa4f52b8fc712f5f879ae5c47ba4601281b4e8)
|
|
Jeremy.
(This used to be commit d2af6382b4de232299529c30f2a7a39ea9b38507)
|
|
(This used to be commit 2d620909f9def17dacf2af997a32d596f4dbd827)
|
|
(This used to be commit 97993630add4e8965f0395f92d34b0e8a6d9b875)
|
|
(This used to be commit 46b89bc9979229abc6e9f2f8c585a22dd4f22902)
|
|
I have to say that having to link in winbind_nss_solaris.o for hpux is
slightly dodgy...
(This used to be commit fd172ec603de590dae6c3a91c7baf39c0afebea8)
|
|
this means that we at least support all unicode chars by default
(This used to be commit 54a3f374496316ccc6d0e4aa2267963193690a23)
|
|
(This used to be commit 64c0a5c4a0d879ce8f9517717a0cd54a75c20619)
|
|
(This used to be commit f9e3b91f58df30440c8b90007997e012101235e3)
|
|
change, just in different packets.
(This used to be commit ffa6c61f0bb0c413d4bcc46da3bc879c40a40569)
|
|
Andrew Bartlett
(This used to be commit a9edcc1cb7c5f2692bc1931f0a2059a91891f178)
|
|
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager'
on the remote domain.
The only issue (at the auth level at least) that prevented NT4 domains from
trusting Samba was that our netlogon code was based on what appear to be
invalid assumptions.
The netlogon code appears to assume that the 'client name' specified
corrosponds to an account of the same form. This doesn't apply in trusted
domains, becouse the account is in the form domain$
Now that we use the supplied account name, and no longer make our access
control checks at the challange stage (where this info is unavailable) we
match the Win2k behaviour for invalid machine logins, and don't need to know
the names of PDCs/BDCs in trusting domains.
We also kill off the 'you logged on with a machine account, use your user
account' error message, becouse the previous NT_STATUS return was compleatly
bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error
messages on the client).
TNG doesn't use this and has to do magic password syncs between the various
accounts for domain/pdc/bdc. This patch feels like the much more natural way
of doing things, and has been mildly tested.
Andrew Bartlett
(This used to be commit 542673fcd6654a1d0966dddadde177a4c4ce135d)
|
|
(This used to be commit b6d62b8b2e0d72b0588fbe10b12c3877feb5ca71)
|
|
(This used to be commit 75f72f0b6a698e462a0567674613319dde789084)
|
|
(This used to be commit 6c5052a1a9e47c2efe0d5e84bee05ae335d79e60)
|
|
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
(This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
|
|
(This used to be commit f0b16b7b515296d0e687e084564fe0718f189dc8)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
using it anymore. This also removes an early #include of smb.h, making it
slightly easier to track whats being included where.
Andrew Bartlett
(This used to be commit 9d25e3023272a55a39f80305f0f336c655833d55)
|
|
(This used to be commit e3585e3c2ce2a09453fa1b59a947eccd67dfb88a)
|
|
working.
(This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
|
|
(This used to be commit 044391b5973f6070abf6ac185c74ffd713e933c5)
|
|
(This used to be commit 413a46292b4e963343abce2428955305052e9cb4)
|
|
Jeremy.
(This used to be commit ebef2e7bc87fcbae794426c39044a7d23f43722d)
|
|
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case.
Only allow trust accounts to request a challange in srv_netlogon_nt.c.
Currently any user can be the 'machine' for the domain logon. MERGE for 2.2.
Andrew Bartlett
(This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)
|
|
Jeremy.
(This used to be commit 04965086711e9f794f0a0bcbfa0fd230e20b0cbe)
|
|
Jeremy.
(This used to be commit 56b1252ebc89d2b4ac54c3ee7e3c4bc3c3ec5d0f)
|
|
(This used to be commit 5b28a7c59c392c6352cb8915a13806ca772d8cac)
|
|
(This used to be commit 4f887f01e52b04d4cf4517aaefeae7042170a511)
|
|
signal handlers. THIS NEEDS TESTING !
Jeremy.
(This used to be commit 166d2a6144f929baecd83bdd855f6ada06cb51a6)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
(This used to be commit 7412890adc8f3dfddfabba545003715816e262bc)
|
|
(This used to be commit 3bf4b42771d115500941be374bfdd9b8c2fdba4a)
|
|
Andrew Bartlett
(This used to be commit 5710e588ce19ff8fa2493a8d0fdbb6b793fd7c09)
|
|
patch by Hasch@t-online.de (Juergen Hasch)
Andrew Bartlett
(This used to be commit ba2570f518e07c95b952fb824a2d0b040b912bcc)
|
|
Jeremy.
(This used to be commit 10e3e6855be93b8c4d97d67a063d92ccee391fec)
|
|
(This used to be commit 2a30960276ae65b60d01caf9464808d75a812e40)
|
|
it externally while winbindd is running
(This used to be commit cd3a7466dbf4491aba34197cd6f3cc4167c0c660)
|
|
Fix bug where zeroip addresses were being checked.
Jeremy.
(This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
|
|
this means "xcopy /o" has a chance of working with ACLs that contain
ACEs that use SIDs that the Samba server has no knowledge of.
It's a bit hackish, Tim, can you look at my uid.c changes?
(This used to be commit fe2db3148587937aa7b674c1c99036d42a3776b3)
|
|
DEVMODE as is the case with the
Okidata Okipage 20 PCLXL Advanced printer driver.
(This used to be commit 51c3d3536335a72aa264e3f4d62515f5c0b6d192)
|
|
Jeremy.
(This used to be commit 3f9063167f3fc9ae7e7fd753d76ece23c1d97800)
|
|
Jeremy.
(This used to be commit 9243a9778e52999d5c62cba484640637b24994d8)
|
|
(This used to be commit b1d56956fec0de0e8591d85eb5eeec939494e6d4)
|
|
Jeremy.
(This used to be commit 9dae1398b45515e5b93de038ec18df297d73026d)
|
|
Jeremy.
(This used to be commit f7c980d61439f42395a457a5b99b28f526cabe69)
|
|
been seing since the unicode conversion. It looks like a simple oversight in
the move away from StrnCpy (which takes amount of space -1 as an arg) to
push_ascii etc which take the absolute amount of space.
Andrew Bartlett
(This used to be commit 4447c6bd4d9c273ef5bf4eb23726923ee58bf38d)
|
|
(This used to be commit 339e3982bc1d2998022545e02456ec35c3b278a8)
|