Age | Commit message (Collapse) | Author | Files | Lines |
|
samba-tool domain demote allow the local DC to properly demote against
Microsoft and Samba DC.
|
|
|
|
can be reused
|
|
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sat Dec 3 20:52:51 CET 2011 on sn-devel-104
|
|
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
|
|
This disables the posix permission override if the calculated
permissions did not come from a NT ACL.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104
|
|
the ACL mapping code was incorrectly allowing creation of directories
in some situations where it should be denied by the unix permissions
|
|
--list argument when e.g. is not set.
|
|
|
|
This function call together with the lowat feature has been removed in release
3.0 as described in this mailing list post:
http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html.
Since we do not make any use of lowat (esprimed by each function call)
we are free to simply omit it on v3.0 and later.
This addresses bug #8537.
Reviewed by: abartlet + metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104
|
|
Windows-Members of NT4/Samba3 domains, send
MechTypes:
1.3.6.1.4.1.311.2.2.10 [NTLMSSP]
1.2.840.48018.1.2.2 [krb5 broken]
1.2.840.113554.1.2.2 [krb5]
MechToken for NTLMSSP.
This patch makes sure we start NTLMSSP with the given MechToken,
instead of trying to pass the NTLMSSP MechToken to the krb5 backend
first. As that would fail the authentication with an error
instead of trying fallbacks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 15:13:36 CET 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
This add an async establish hook, that gets called
before a connection success is detected.
This can be used to do a NBT session request
and it makes sure that we don't cancel the connection
on port 445, just because the tcp connect on port
139 worked.
metze
|
|
This will help users who are used to the kadmin interface, and could
be extended to import existing MIT or Heimdal keys into a Samba4 AD
domain.
To use, add to your krb5.conf
[kdc]
database = {
dbname = samba4:
}
or
[kdc]
database = {
dbname = samba4:/usr/local/samba/etc/smb.conf
}
And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 29 17:34:52 CET 2011 on sn-devel-104
|
|
We'll remove transport->socket soon, but removing transport->ev
will take a bit longer.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
py_net_join_member()
metze
|
|
metze
|
|
metze
|
|
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.
Based on a request by Gémes Géza <geza@kzsdabas.hu>
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
|
|
Find the objectSid for DnsAdmins group and use that instead of a fixed sid.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Nov 29 07:38:06 CET 2011 on sn-devel-104
|
|
Sometimes windows DC will set up dNSHostname before setting up
GC SPN and that causes replication errors since samba tries to
use GC SPN, which does not yet exist locally.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This creates session info from kerberos ticket and verifies if
the signer has write access to a particular DN corresponding
to the name in dynamic update.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This change is introduced to access samdb copy directly, rather
than over ildap. The advantage is that the samba server does not
need to be running for bind9 to start.
|
|
This creates a copy of rootdse, configuration and schema partitions
for dlz_bind9 use in dns/ directory. Since dlz_bind9 requires write
access to DNS partitions (DomainDnsZones and ForestDnsZones), those
partitions are hard-linked (or symlinked) to the actual partitions.
An empty domain partition is created so samdb layer can work.
|
|
Need to use domain security descriptor from sambadns.py also.
|
|
When using partitions, metadata.tdb automatically gets created in
${prefix}ldb.d/ directory. To correctly clean up check if metadata.tdb
exists, then remove metadata.tdb and directory.
|
|
|
|
This adds support for global sequence number which is independent of
partition information.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The result of the extended operation is now available in the calling
routine.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This was a hack for LDAP backends to store a sequence number as a
timestamp. It is still supported in standalone ldb tdb backend.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
"test_cldap_netlogon_flag_ds_dns_forest" test
The test is wrong since the DNS_* (DS_DNS_CONTROLLER, DS_DNS_DOMAIN,
DS_DNS_FOREST_ROOT) flags are never set on the plain CLDAP pipe. They
get added only over the DsRGetDCName* calls over NETLOGON RPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Nov 27 16:23:27 CET 2011 on sn-devel-104
|
|
info" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It is nicer to get an error message rather than a stacktrace on wrong IP
addresses.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|