| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
|
| |
|
|
|
| |
name status query to 14 bytes, so we could not join a DC who had a
netbios name of 15 bytes in length.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When this option is disabled we should not do *any* netbios
operations. You should also not start nmbd at all. I have put initial
checks in at the major points we do netbios operations in smbd but
there are bound to be more needed. Right now I've disabled all netbios
name queries, all WINS lookups and node status queries in smbd and
winbindd.
I've been testing this option and the most noticable thing is how much
more responsive things are! wthout those damn netbios timeouts things
certainly are much slicker.
|
| |
|
|
|
|
|
|
| |
distinction between uchar and char).
Lots of const etc.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
code
|
| | |
|
| |
|
|
|
| |
broadcast addresses. This makes it far more likely that we will try to
talk to an interface that is routable from one of our interfaces.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now cope wiith multiple WINS groups and multiple failover servers
for release and refresh as well as registration. We also do the regitrations
in the same fashion as W2K does, where we don't try to register the next
IP in the list for a name until the WINS server has acked the previos IP.
This prevents us flooding the WINS server and also seems to make for much
more reliable multi-homed registration.
I also changed the dead WINS server code to mark pairs of IPs dead,
not individual IPs. The idea is that a WINS server might be dead from
the point of view of one of our interfaces, but not another, so we
need to keep talking to it on one while moving onto a failover WINS
server on the other interface. This copes much better with partial
LAN outages and weird routing tables.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
|
| |
|
|
|
|
|
|
|
|
|
| |
it is *completely* bogus for our client code to be doing wins
registrations. Not only is it slow as hell (think about when a wins
server is down) but how the heck is going to answer the queries that
will later come in for our name? And what happens when libsmbclient
sends registrations and nmbd then gets the WACK response from the wins
server? we end up losing our name!
Name registration is a job for nmbd, not for clients.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gives us a good grounding to properly support multiple wins servers
for different interfaces (which will be coming soon ...)
- fixed our wins registration failover code to actually do failover!
We were not trying to register with a secondary wins server at all
when the primary was down. We now fallback correctly.
- fixed the multi-homed name registration packets so that they work
even in a non-connected network (ie. when one of our interfaces is not
routable from the wins server. Yes, this really happens in the real
world).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
spotted by alexander bokovoy.
it shouldn't break anything. if it's wrong, feel free to revert but
explain why.
J.F.
|
| | |
|
| |
|
|
|
| |
Fix bug where zeroip addresses were being checked.
Jeremy.
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
this is actually a workaround for old broken nmbd daemons, especially
from Samba 2.0
|
| |
|
|
|
|
|
| |
- put in some level 10 debugs so we can see what internal_resolve_name()
is doing
- remove duplicates from returned ip list of internal_resolve_name()
|
| | |
|
| |
|
|
| |
(as per tridge's instructions)
|
| |
|
|
|
|
|
|
| |
name_status_find() call here should look up a #1c name instead of #1d.
This fixes some bugs currently with BDC authentication in winbindd and in
smbd as you can't query the #1d name with the ip address of a BDC.
Who is Uncle Tom Cobbley anyway?
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
lookup uses password server parameter when looking for PDCs.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in....
They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure
it's not being used correctly....
Jeremy.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
segfault.
|
| |
|
|
|
|
|
|
|
|
| |
Function name_status_query() performs a node status query, so it really
should be called "node_status_query()" just to be consistent.
Yeah, minor... but it's looking as though an overhaul of namequery.c is in
order and I am trying to do the tiny changes that impact other stuff first.
Chris -)-----
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This isn't the final version, of course, I still need to get WINS failover
working. This is just patched so it won't need lp_wins_server() (which I
renamed to lp_wins_server_list()).
I can't compile just now as something else is broken in HEAD. Let me know
if this version of namequery.c causes trouble down the line. Shouldn't,
as the changes are very small, but I've been known to rock the boat
before.
Chris -)-----
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
can't redefine them. damn.
|
| |
|
|
|
|
|
| |
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
|
| |
|
|
|
| |
and the use of this function only increased timeouts when Samba queries
a broken DNS server.
|
