diff options
author | Gerald Carter <jerry@samba.org> | 2003-07-07 05:11:10 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-07-07 05:11:10 +0000 |
commit | 0b18acb841f6a372b3aa285d4734875e5e35fe3b (patch) | |
tree | add4afee2b70d87bfd96b7702d9d6a2476ac7e74 /source3/param | |
parent | b5cd4a8643169b276a3af8a9272d212d76a54dd3 (diff) | |
download | samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.tar.gz samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.tar.xz samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.zip |
and so it begins....
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
Diffstat (limited to 'source3/param')
-rw-r--r-- | source3/param/loadparm.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 1736254a4c..3ce4979489 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -163,8 +163,7 @@ typedef struct char *szSourceEnv; char *szIdmapUID; char *szIdmapGID; - BOOL *bIdmapOnly; - char *szNonUnixAccountRange; + BOOL bEnableRidAlgorithm; int AlgorithmicRidBase; char *szTemplateHomedir; char *szTemplateShell; @@ -172,6 +171,7 @@ typedef struct BOOL bWinbindEnumUsers; BOOL bWinbindEnumGroups; BOOL bWinbindUseDefaultDomain; + BOOL bWinbindTrustedDomainsOnly; char *szWinbindBackend; char *szIdmapBackend; char *szAddShareCommand; @@ -1117,7 +1117,7 @@ static struct parm_struct parm_table[] = { {"Winbind options", P_SEP, P_SEPARATOR}, - {"idmap only", P_BOOL, P_GLOBAL, &Globals.bIdmapOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"enable rid algorithm", P_BOOL, P_GLOBAL, &Globals.bEnableRidAlgorithm, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_DEPRECATED}, {"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_DEPRECATED }, @@ -1130,6 +1130,7 @@ static struct parm_struct parm_table[] = { {"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"winbind trusted domains only", P_BOOL, P_GLOBAL, &Globals.bWinbindTrustedDomainsOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; @@ -1467,12 +1468,13 @@ static void init_globals(void) string_set(&Globals.szWinbindSeparator, "\\"); string_set(&Globals.szAclCompat, ""); - Globals.winbind_cache_time = 600; /* 5 minutes */ + Globals.winbind_cache_time = 300; /* 5 minutes */ Globals.bWinbindEnumUsers = True; Globals.bWinbindEnumGroups = True; Globals.bWinbindUseDefaultDomain = False; + Globals.bWinbindTrustedDomainsOnly = False; - Globals.bIdmapOnly = False; + Globals.bEnableRidAlgorithm = True; Globals.name_cache_timeout = 660; /* In seconds */ @@ -1637,9 +1639,10 @@ FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat) FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers) FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups) FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain) +FN_GLOBAL_BOOL(lp_winbind_trusted_domains_only, &Globals.bWinbindTrustedDomainsOnly) FN_GLOBAL_STRING(lp_idmap_backend, &Globals.szIdmapBackend) -FN_GLOBAL_BOOL(lp_idmap_only, &Globals.bIdmapOnly) +FN_GLOBAL_BOOL(lp_enable_rid_algorithm, &Globals.bEnableRidAlgorithm) #ifdef WITH_LDAP_SAMCONFIG FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer) |