Age | Commit message (Collapse) | Author | Files | Lines |
|
to be configured
|
|
TODO: add test_session with 'use spnego = false'.
We need a way to do set an option just for one test case.
Note: the 'use spnego = false' was ignored before as it's
only used on the first session setup on a connection.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 04:50:39 CEST 2012 on sn-devel-104
|
|
If the try a session setup without EXTENDED_SECURITY after
one with EXTENDED_SECURITY Windows 2008 R2 returns INVALID_PARAMETER,
while Windows 2000 sp4 returns LOGON_FAILURE...
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
hdb_enctype2key.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon May 7 18:33:10 CEST 2012 on sn-devel-104
|
|
This fixes rpath for samdb-common private library after make install.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon May 7 07:40:29 CEST 2012 on sn-devel-104
|
|
metze
|
|
This cases upgraded domains to have a too-long password expiry, which in extreme
cases can cause the KDC to misfunction.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
|
|
|
|
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
|
|
vfs_ipc.c had system/kerberos.h and system/filesys.h missing
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
|
|
For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and this
code is used only in some proxy scenario. Not normally needed for common
configurations.
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Unfortunately these functions are not available in MIT and there is no easy
workaround or compat funciton I can see at this stage. Will fix properly once
MIT gets the necessary functions or if another workaround can be found.
|
|
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
|
|
|
|
|
|
|
|
Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.
|
|
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
|
|
|
|
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
|
|
|
|
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 4 16:50:59 CEST 2012 on sn-devel-104
|
|
function in samldb
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
|
|
|
|
"servicePrincipalName"s more than once
The service principal names need to be case-insensitively unique, otherwise we
end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error.
This issue has been discovered on the technical mailing list (thread:
cannot rename windows xp machine in samba4) when trying to rename a AD
client workstation.
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu May 3 17:38:14 CEST 2012 on sn-devel-104
|
|
|
|
This is the unique username value.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu May 3 01:57:41 CEST 2012 on sn-devel-104
|
|
While this setting is not the default in Samba3, any domain that is
in a suitable condition to upgrade to Samba4 should already be in the
layout that ldapsam:trusted uses. It can be turned off by setting
ldapsam:trusted=false in the smb.conf.
Many upgrades to Samba4 happen on a different host to the old Samba3 domain
and this avoids the need to configure nss_ldap only for the duration of
the upgrade.
Andrew Bartlett
|
|
of the members of an AD group
|
|
This fixes an issue where some group types were not upgraded, as we
did not upgrade alias memberships.
It also uses enum_group_memberships() to try and find the memberships
from the other direction, by asking which groups a user is a member
of. As Samba3 (and NT4) does not implement nested groups, this should
be safe.
Andrew Bartlett
|
|
- open a pipe via smb2
- trigger a read which hangs since there is nothing to read
- do a logoff
- wait for the read to return and check the status
(STATUS_PIPE_BROKEN)
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed May 2 19:57:45 CEST 2012 on sn-devel-104
|