Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit c644ca6a663b615416cd809be4921688f85e84cf)
|
|
Jeremy.
(This used to be commit b56df25d48a7adaa49b0bd44f8ff7be81b970da2)
|
|
Jeremy.
(This used to be commit 439839be99e6e418eb5782a2fe0630d0ef5fb3c5)
|
|
(This used to be commit 8f7bf38de16a1f5316aa6a413fb697c43862c4c6)
|
|
(This used to be commit c2c8c4e713c362d0c6864c6359d90cf6b218e545)
|
|
(This used to be commit 6acd98cbb92ec5c78686d23d2e05c1c98b5127fe)
|
|
(This used to be commit b71a729e14e928fae288daeab4226d7e1f8b1dc5)
|
|
Added a rename torture test to illustrate the problem.
Jeremy.
(This used to be commit 509ac24525a0d1aaecc819a99590425a164aaf44)
|
|
Jeremy.
(This used to be commit 3bec83cbe9b863176ca087fd45efa6d1457b502c)
|
|
Jeremy.
(This used to be commit 2b85d3570c2b149049482c3878c50cf8f5bfca61)
|
|
Jeremy.
(This used to be commit d9cb1bf20ac8a739102b03d9a70e34fe5cb2f0f7)
|
|
(This used to be commit a7fa0733badad66ae610eac5e01569cf264976f3)
|
|
(This used to be commit 472acd89b2bf5ec2a471957aaff42e560053f60e)
|
|
(This used to be commit 7bb0dda8ee1d61a0e8448070f1a71fcd13be5d40)
|
|
Found by Andrew at connectathon with some new tests
Jeremy.
(This used to be commit 4aaa4f52b8fc712f5f879ae5c47ba4601281b4e8)
|
|
Jeremy.
(This used to be commit d2af6382b4de232299529c30f2a7a39ea9b38507)
|
|
(This used to be commit 2d620909f9def17dacf2af997a32d596f4dbd827)
|
|
(This used to be commit 97993630add4e8965f0395f92d34b0e8a6d9b875)
|
|
(This used to be commit 46b89bc9979229abc6e9f2f8c585a22dd4f22902)
|
|
I have to say that having to link in winbind_nss_solaris.o for hpux is
slightly dodgy...
(This used to be commit fd172ec603de590dae6c3a91c7baf39c0afebea8)
|
|
this means that we at least support all unicode chars by default
(This used to be commit 54a3f374496316ccc6d0e4aa2267963193690a23)
|
|
(This used to be commit 64c0a5c4a0d879ce8f9517717a0cd54a75c20619)
|
|
(This used to be commit f9e3b91f58df30440c8b90007997e012101235e3)
|
|
change, just in different packets.
(This used to be commit ffa6c61f0bb0c413d4bcc46da3bc879c40a40569)
|
|
Andrew Bartlett
(This used to be commit a9edcc1cb7c5f2692bc1931f0a2059a91891f178)
|
|
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager'
on the remote domain.
The only issue (at the auth level at least) that prevented NT4 domains from
trusting Samba was that our netlogon code was based on what appear to be
invalid assumptions.
The netlogon code appears to assume that the 'client name' specified
corrosponds to an account of the same form. This doesn't apply in trusted
domains, becouse the account is in the form domain$
Now that we use the supplied account name, and no longer make our access
control checks at the challange stage (where this info is unavailable) we
match the Win2k behaviour for invalid machine logins, and don't need to know
the names of PDCs/BDCs in trusting domains.
We also kill off the 'you logged on with a machine account, use your user
account' error message, becouse the previous NT_STATUS return was compleatly
bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error
messages on the client).
TNG doesn't use this and has to do magic password syncs between the various
accounts for domain/pdc/bdc. This patch feels like the much more natural way
of doing things, and has been mildly tested.
Andrew Bartlett
(This used to be commit 542673fcd6654a1d0966dddadde177a4c4ce135d)
|
|
(This used to be commit b6d62b8b2e0d72b0588fbe10b12c3877feb5ca71)
|
|
(This used to be commit 75f72f0b6a698e462a0567674613319dde789084)
|
|
(This used to be commit 6c5052a1a9e47c2efe0d5e84bee05ae335d79e60)
|
|
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
(This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
|
|
(This used to be commit f0b16b7b515296d0e687e084564fe0718f189dc8)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
using it anymore. This also removes an early #include of smb.h, making it
slightly easier to track whats being included where.
Andrew Bartlett
(This used to be commit 9d25e3023272a55a39f80305f0f336c655833d55)
|
|
(This used to be commit e3585e3c2ce2a09453fa1b59a947eccd67dfb88a)
|
|
working.
(This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
|
|
(This used to be commit 044391b5973f6070abf6ac185c74ffd713e933c5)
|
|
(This used to be commit 413a46292b4e963343abce2428955305052e9cb4)
|
|
Jeremy.
(This used to be commit ebef2e7bc87fcbae794426c39044a7d23f43722d)
|
|
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case.
Only allow trust accounts to request a challange in srv_netlogon_nt.c.
Currently any user can be the 'machine' for the domain logon. MERGE for 2.2.
Andrew Bartlett
(This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)
|
|
Jeremy.
(This used to be commit 04965086711e9f794f0a0bcbfa0fd230e20b0cbe)
|
|
Jeremy.
(This used to be commit 56b1252ebc89d2b4ac54c3ee7e3c4bc3c3ec5d0f)
|
|
(This used to be commit 5b28a7c59c392c6352cb8915a13806ca772d8cac)
|
|
(This used to be commit 4f887f01e52b04d4cf4517aaefeae7042170a511)
|
|
signal handlers. THIS NEEDS TESTING !
Jeremy.
(This used to be commit 166d2a6144f929baecd83bdd855f6ada06cb51a6)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
(This used to be commit 7412890adc8f3dfddfabba545003715816e262bc)
|
|
(This used to be commit 3bf4b42771d115500941be374bfdd9b8c2fdba4a)
|
|
Andrew Bartlett
(This used to be commit 5710e588ce19ff8fa2493a8d0fdbb6b793fd7c09)
|
|
patch by Hasch@t-online.de (Juergen Hasch)
Andrew Bartlett
(This used to be commit ba2570f518e07c95b952fb824a2d0b040b912bcc)
|
|
Jeremy.
(This used to be commit 10e3e6855be93b8c4d97d67a063d92ccee391fec)
|