| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This module, primarilly the work of "Stefan (metze) Metzmacher"
<metze@metzemix.de>, uses the Active Directory schema to store the
user/group/other information. I've been testing it against a real AD server,
and it is intended to work with OpenLDAP as well.
I've moved a few functions around in our other libads code, which has made it
easier to tap into that existing code.
Also, I've made some changes to the SAM interface, I hope there are not too
many objections... To ensure we don't get silly bugs in the skel module, it
is now in the default compile. This way you should not forget to update it :-)
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| | |
the first cli_push_string do? I suspect that it's a leftover from times
when the password length was needed at some point.
Volker
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Volker, I would like to understand what you are trying to do here...
I'll trust that it's broken (this code is certainly not well tested) but I do
want to keep a close eye on the fixes...
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
opened by an admin user, then used on a pipe handle created
by an anonymous user..... but they're working on security.... riiight !
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
smbclient would announce that it can send UNICODE, but would send the
plain text password in ASCII. This confused Samba HEAD somewhat. This
change has been tested against Samba HEAD of today and Samba 2.2.1a. I
do not have any other servers that do plain text passwords. Anybody?
Volker
|
| | |
| |
| |
| | |
English typo fixes and updates of documentation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
'security = user', 'encrypt passwords = no' did not work anymore.
This is on quite a standard SuSE 7.3, ./configure.developer --with-tdbsam.
I can provide a config.log / config.h on demand.
Please re-check for consequences, I don't really oversee that file.
Thanks,
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
like metze's sam_ads can also use them.
Also add error checking etc to a few more functions.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
of groupadd.
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
the new 'ldap passwd sync' option.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
off his laptop :-)
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
sane prototype for the push_utf8_allocate code.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
options need a matching entry in acconfig.h to actually do anything...
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is to allow painless upgrades from 2.2, and so people don't get a shock
when they follow old docs.
If ldap has been detected on the system, ldapsam is always available, just not
the default.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| | |
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
|
| | |
| |
| |
| |
| | |
a non existent entry. Stop a malloc(0) being called in the first case.
Jeremy.
|
| | |
| |
| |
| | |
branch.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
a rid.
Volker
|
| | |
| |
| |
| |
| |
| | |
control bits right on the SAMR pipe.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
better job of working with usrmgr. Previously we were blanking out entires,
and all sort of mischif.
The new patch (which I've now had a chance to test/modify) also takes care not
to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store
\\server\user back) and to correctly notice 'not set' compared to 'null string'
etc.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
- show_domain
- context
|
| | |
| |
| |
| | |
ago....)
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
default) from working.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
for all sorts of AD things in lp_realm(). We need to get some non-Win2k
NTLMSSP and chase this up a bit, but this will do for now.
(Hmm, this might affect NTLMv2 as well)
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| | |
flag to what we expect. This handles the 'upgrade' from unixsam beter (where
all $ terminated accounts are machines).
Andrew Bartlett
|
| | |
| |
| |
| | |
bug reported by metze
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
|
