Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This matches the windows behavior.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
this needs to be on the domain NC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
When we are acting in the role of a PDC then please return it as status information.
Reviewed-by: Tridge
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Jun 9 12:06:36 CEST 2011 on sn-devel-104
|
|
The transactions are now handled entirely within dsdb_add_user()
Andrew Bartlett
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Preparation for cleaning up this API.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
|
|
This better reflects what this structure is
Andrew Bartlett
|
|
convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
aliases and groups
That means when calling "QueryDisplayInfo" on the BUILTIN handle we
still get all related domain objects - for example all domain (global
+ universal) groups. This is contrary to the "EnumDomain..." calls which
do really only return the objects in the specified domain policy handle.
This has been observed against Windows Server 2008 and confirmed by
dochelp.
In the same occasion I've converted from a "gendb*"-oriented search call to "dsdb_search".
Patch-reviewed-by: Andrew Tridgell <tridge@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
To prevent platform-dependant problems.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
|
|
Windows Server 2008 does this
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Dec 4 12:11:47 CET 2010 on sn-devel-104
|
|
- Remove TODO comment: MS-SAMR 3.1.5.8.7 explicitly states:
"The SamrRemoveMemberFromForeignDomain method removes a member from all
aliases."
- Remove the search attributes since they aren't strictly needed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Nov 6 18:07:57 UTC 2010 on sn-devel-104
|
|
member have changed
|
|
|
|
|
|
name
As far as I can tell Windows SAMR never returns NULL on unknown values in this
call.
|
|
It's the content of the "domainReplica" attribute if it exists and has only a
meaning on interim/mixed domain function levels (with NT4 dcs).
|
|
This should represent a replication partner - never the DC iself
|
|
all type of groups
One pair are universal an global groups (on the SAMR pipe called "groups") and
the other one are the domain and builtin local groups (on the SAMR pipe called
"aliases").
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 19:37:27 UTC 2010 on sn-devel-104
|
|
Regardless if groups and users do exist in the builtin domain or not we do
count always all users, groups and aliases.
|
|
All other "samdb_search_*" calls do have one - why "samdb_search_count" doesn't?
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 25 17:42:33 UTC 2010 on sn-devel-104
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Oct 7 12:04:32 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
returned here
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
|
|
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
|
|
password sets
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
It has to consider the "password_expires" flag to known if the "pwdLastSet" has
to be updated or to be resetted.
|
|
on level 21
Taken from the s3 server code
|
|
Taken from the s3 implementation.
|
|
Behaviour as the torture SAMR passwords tests show.
|
|
Taken from s3
|
|
from s3 to s4
|
|
|
|
user password
|
|
haven't activated the the lanman auth
This is what s3 does.
|
|
encrypted password hashes
Used for password sets on "samr_SetUserInfo" level 18 and 21.
|
|
|
|
|
|
|