Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
used to be commit 9a5541595f78f2cbba16030552c6e780f6fddcf6)
|
|
(This used to be commit 70d9b71ceaeba95712fa61e601376ff5cc8e7714)
|
|
default) from working.
Andrew Bartlett
(This used to be commit 25950dbb3272949a235bed936c7d7b1d23f15fac)
|
|
for all sorts of AD things in lp_realm(). We need to get some non-Win2k
NTLMSSP and chase this up a bit, but this will do for now.
(Hmm, this might affect NTLMv2 as well)
Andrew Bartlett
(This used to be commit 0e6babc306f60e88fc28705a8d4ad112bafe92cb)
|
|
flag to what we expect. This handles the 'upgrade' from unixsam beter (where
all $ terminated accounts are machines).
Andrew Bartlett
(This used to be commit a198940ea6f7b7f3cba38c5a9f695e0731204583)
|
|
bug reported by metze
(This used to be commit 4aea951102a6e82612560e6a59931fde433ee6ea)
|
|
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
(This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
|
|
(This used to be commit 779aea57450db83fa7870e8a35db55d475682519)
|
|
(This used to be commit f0c095875758ef44ed2d25d3ed9d77e5e163b75f)
|
|
add command-line option to samtest to specify alternate config file - use /dev/null
to don't load any config file..
add 'conf' command to load specified config file
(This used to be commit 237883d1e68e99a3ea3df9b6e182c70cb31b2523)
|
|
(This used to be commit d5303d5c080212486329f7e5a65f732e11efbb37)
|
|
that just don't apply any more - now that we always keep username and domain
seperate. Also, the policy it was trying to permit is now implemented by the
auth code.
Andrew Bartlett
(This used to be commit 760c0740cad948665db4a1d462fbbd99332713ef)
|
|
See mx-ldap.sf.net for his current progress.
(This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0)
|
|
if we ever want to get rid of the magic macros.
(This used to be commit 13f33e466ed31d35221157d6b3a1a05507157b66)
|
|
didn't seem to work properly.
Andrew Bartlett
(This used to be commit c0925b6352ff6135da03edff44e0bbd72c949a20)
|
|
else we can't add to OpenLDAP 2.1
(This used to be commit d9a91a41441c156223760cb356fa997ea7bdbc1a)
|
|
NT_TOKEN and the unix credentials - as we incresingly use the NT stuff we want
to make it easy to check they don't get out of wack.
Andrew Bartlett
(This used to be commit a3882a19254811ace2f9545580c14ce3bd588095)
|
|
back to NTLMSSP. We need to get the password out of the user, and this
eventually does.
Andrew Bartlett
(This used to be commit bb518a3bae3bf91a589021fcc5b1e715247c5ded)
|
|
(This used to be commit 7ce782c20c6b9e515a2fa831315ae14c66d322ee)
|
|
Jeremy.
(This used to be commit cfd1bf250b417f3ba3ad21ff681ab282311bb7eb)
|
|
(This used to be commit 930c6710fe076b52ad21addf5fcda834f85e15a9)
|
|
to make this rebust w.r.t. stored devicemodes.
Jeremy.
(This used to be commit f93a008f09acda2ddaff9857f2fe0c86948539d1)
|
|
Jeremy.
(This used to be commit 38c67632ade40413c0cc2b91e04105e4065a18b7)
|
|
(This used to be commit d312e1c2b44905af87c4d550975eee78dbf2edee)
|
|
Fix bug in enum_domains
Add samtest commands:
- lookup_sid
- lookup_name
- enum_domains
- lookup_domain
(This used to be commit 0c01219850e5d9b77b3b2c0b4b87aa3c82e3292b)
|
|
and domainname
- Allocate sam_methods, set domain_sid, domain_name and backend_name in make_sam_methods_backend_entry instead of in the backend
- Remove sam_context and domain_sid pointers from the sam_init_function - we don't need those arguments anymore since they're
available in sam_methods as well
(This used to be commit 50d2527eed0eb26c16f2f7e28badbf08d771380e)
|
|
getsid, then join as a BDC, and then watch net rpc vampire suck out
the good stuff out of a PDC :-). It's not perfect, but it does quite a
bit for me. Watch out for more.
Volker
(This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba)
|
|
(This used to be commit 0ad19825df318030b1772404570cd993fe49e40a)
|
|
to a native NT member server. If the logoff time in the samlogon reply
is set to something else but infinity, the tree connect to the member
server comes back with 'bad uid'. In my traces, NT PDC sends
0x7fff.. always. Weird, but true.
I would really like others to double-check this. If you have questions
regarding the setup, feel free to ask!
Thanks!
Volker
(This used to be commit 066b163bde9419d32fe8ffe00c1841107357c138)
|
|
(This used to be commit b53547bf663ed1714326f9b0e74215e012e728af)
|
|
(This used to be commit 08c3e2b824cd2c93ca548fa18ea16a18f5b197e5)
|
|
When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.
Volker
(This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc)
|
|
(This used to be commit 42774a7753eb8be1ec04bcb5dda089910a1b6d0b)
|
|
Volker
(This used to be commit a1bade0748fa46c6cb00e99d7022b21057679889)
|
|
Volker
(This used to be commit f6ed429838cc0140c0d033875012c7a999891549)
|
|
* merge in AIX fixes from SAMBA_2_2
(This used to be commit 50752f84f24b36332ec4f1ade92dc5a095ac077b)
|
|
(This used to be commit 40aea3fe94b68ce284e2f21e57f086212936c049)
|
|
Volker
(This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
|
|
in via deltas, we need a way to set a user's primary group.
Volker
(This used to be commit 9f7a16acf1b1f3b100b85339aad8268254512e68)
|
|
Jeremy.
(This used to be commit f4845b0213aec58e0f489eba5653aa7b3855610f)
|
|
Jeremy.
(This used to be commit 5c4857d8e00162fc43a0f2e3a335b441bad743bd)
|
|
(This used to be commit f1021cbc557bfa0078e932a8268c5c9adcae0ae8)
|
|
(This used to be commit 29be94110415c87c7030f0d2d87b612220397eae)
|
|
(This used to be commit cbb16eac0e79649f4383763439c7e745f27fd0cb)
|
|
affects the principal used and the order of SPNEGO OIDs
(This used to be commit e8ff1c0819e02a1fc7234ad0a07d5415936dfbd2)
|
|
redhat
(This used to be commit 56b194e83538bcb6006a5ab1e00cdb493dd9ad7f)
|
|
(This used to be commit 1bd2c6e1441ea8e54284c72dc07de741f88dbe90)
|
|
Jeremy.
(This used to be commit a77966645a976d6ae08581c2e92465c48a8e961d)
|
|
exist and add them if necessary from check_correct_backend_entries into
sam_context_check_default_backends. The reason for this is that we don't
always want to have BUILTIN and lp_workgroup() in a sam_context, for example
when doing sam2sam. check_correct_backend_entries has been renamed to
'check_duplicate_backend_entries' since that's what it currently does.
The sam_context_check_default_backends() function is only called
by sam_get_static_context(BOOL reload) currently currently.
(This used to be commit 2fe72652ee468bf5e1f8f151215f45b10f4c8a28)
|