| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Still todo:
* release notes
* few minor outstanding patches
* additional idmap man pages
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls is what I considered safe fixes from SAMBA_3_0.
This boiled down to either Klocwork fixes or obvious compiler
warning fixes. I did not include any changes to fnuction
signatures not the version change to the passdb API.
Also pulled in the 3 nmbd fixes requested by Jeremy
and the wildcard delete fix.
This code will sit for a few days in the cooker and then
become 3.0.23 if nothing blows up. I don't care how many
more compile warning fixes people throw into SAMBA_3_0.
|
| |
|
|
| |
* updating release notes to match
|
| | |
|
| |
|
|
|
|
| |
Howard for pointing this out.
Guenther
|
| |
|
|
|
|
| |
attribute when "winbind nss info = sfu" is set. Fixes #3539.
Guenther
|
| |
|
|
| |
Sync with trunk as off r13315
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids that each time a full-group-dump is requested from ADS; the
bitwise match allows to only query those groups we are interested in.
The ADS LDAP server changed to RFC compliant behaviour when decoding the ldap
filter with extensible match in the latest SPs (fixes). From the patch:
/* Workaround ADS LDAP bug present in MS W2K3 SP0 and W2K SP4 w/o
* rollup-fixes:
*
* According to Section 5.1(4) of RFC 2251 if a value of a type is it's
* default value, it MUST be absent. In case of extensible matching the
* "dnattr" boolean defaults to FALSE and so it must be only be present
* when set to TRUE.
*
* When it is set to FALSE and the OpenLDAP lib (correctly) encodes a
* filter using bitwise matching rule then a buggy AD fails to decode
* the extensible match. As a workaround set it to TRUE and thereby add
* the dnAttributes "dn" field to cope with those older AD versions.
* It should not harm and won't put any additional load on the AD since
* none of the dn components have a bitmask-attribute.
*
* Thanks to Ralf Haferkamp for input and testing */
Guenther
|
| |
|
|
|
|
|
| |
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
POSIX
homedirectory and the loginshell from Active Directory's "Services for Unix".
Enable it with:
winbind sfu support = yes
User-Accounts without SFU-Unix-Attributes will be assigned template-based
Shells and Homedirs as before.
Note that it doesn't matter which version of Services for Unix you use (2.0,
2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell,
msSFU30LoginShell, etc.) automatically.
If you also want to share the same uid/gid-space as SFU then also use PADL's
ad-idmap-Plugin:
idmap backend = ad
When using the idmap-plugin only those accounts will appear in Name Service
Switch that have those UNIX-attributes which avoids potential uid/gid-space
clashes between SFU-ids and automatically assigned idmap-ids.
Guenther
|
| |
|
|
|
| |
Make all LDAP timeouts consistent.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).
This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.
Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.
Guenther
|
|
|
metze
|
