| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
|
|
|
|
| |
NTDSSITELINK option flags added
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.
This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).
Andrew Bartlett
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
correctly
Consider bug #8489
Reviewed-by: abartlet
|
|
|
|
|
|
|
|
|
| |
Flags that were missing from flags.h or were incorrectly
defined inline to the kcc_topology.c code (and thus unusable
elsewhere). These are the NTDSConnection and NTDSDSA Site
settings flags.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
| |
All of this code is now in common, so we don't need the second
'-common' library any more!
Andrew Bartlett
|
|
|
|
| |
Guenther
|
|
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
this will allow us to move the server roles in common, which will
make it much easier to mix s3/s4 calls in the one C file
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
This is a tiny library, but otherwise the functions end up in multiple
other libraries.
Andrew Bartlett
|
|
|
|
|
|
|
| |
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 1 18:53:40 CET 2011 on sn-devel-104
|
|
|
|
|
| |
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
|
|
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
| |
these define why a KCC connection was made
|
| |
|
|
|
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
| |
to the default primary group RID
|
| |
|
|
|
|
|
| |
These specify the character position, while the character value of that character
controls behavior
|
|
|
|
|
|
|
| |
when this is in user_account_control the account is a RODC, and we
need to set the primaryGroupID to be DOMAIN_RID_READONLY_DCS
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
|
| |
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
| |
|
|
|
|
| |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
- Reorders the header file to have the order "userAccountFlags", "groupType",
"sAMAccountType" (matches the order in the flag_mapping.c and samldb module)
- Fixes the group account flags properly up
- Fixes the flags for "domain/forestFunctionality" and "domainControllerFunctionality"
up
|
|
|
|
| |
Guenther
|
|
Guenther
|