| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | |
| |
| |
| |
| | |
I have to say that having to link in winbind_nss_solaris.o for hpux is
slightly dodgy...
|
| | |
| |
| |
| | |
this means that we at least support all unicode chars by default
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
change, just in different packets.
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager'
on the remote domain.
The only issue (at the auth level at least) that prevented NT4 domains from
trusting Samba was that our netlogon code was based on what appear to be
invalid assumptions.
The netlogon code appears to assume that the 'client name' specified
corrosponds to an account of the same form. This doesn't apply in trusted
domains, becouse the account is in the form domain$
Now that we use the supplied account name, and no longer make our access
control checks at the challange stage (where this info is unavailable) we
match the Win2k behaviour for invalid machine logins, and don't need to know
the names of PDCs/BDCs in trusting domains.
We also kill off the 'you logged on with a machine account, use your user
account' error message, becouse the previous NT_STATUS return was compleatly
bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error
messages on the client).
TNG doesn't use this and has to do magic password syncs between the various
accounts for domain/pdc/bdc. This patch feels like the much more natural way
of doing things, and has been mildly tested.
Andrew Bartlett
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| | |
using it anymore. This also removes an early #include of smb.h, making it
slightly easier to track whats being included where.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| | |
working.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case.
Only allow trust accounts to request a challange in srv_netlogon_nt.c.
Currently any user can be the 'machine' for the domain logon. MERGE for 2.2.
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
signal handlers. THIS NEEDS TESTING !
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
patch by Hasch@t-online.de (Juergen Hasch)
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
it externally while winbindd is running
|
| | |
| |
| |
| |
| | |
Fix bug where zeroip addresses were being checked.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| | |
this means "xcopy /o" has a chance of working with ACLs that contain
ACEs that use SIDs that the Samba server has no knowledge of.
It's a bit hackish, Tim, can you look at my uid.c changes?
|
| | |
| |
| |
| |
| |
| | |
DEVMODE as is the case with the
Okidata Okipage 20 PCLXL Advanced printer driver.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
been seing since the unicode conversion. It looks like a simple oversight in
the move away from StrnCpy (which takes amount of space -1 as an arg) to
push_ascii etc which take the absolute amount of space.
Andrew Bartlett
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
