| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG
as I found out later :-)
It adds a new parameter: server schannel = yes/auto/no defaulting to
auto.
What does this mean to the user: No requireSignOrSeal registry patch
for XP anymore.
Many thanks for this code to Luke Leighton, Elrond and anybody else I
forgot to mention.
My next thing will be to see if this applies cleanly to 3_0.
Please test and comment!
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Remove 'ldap del only sam attr' after asking Lars Mueller from SuSE first.
It is replaced by 'ldap delete dn'
* Fix a typo in docs.
* Document 'set primary group script'. Alexander, could you check the
file in smbdotconf/ please? Thanks.
Volker
|
| |
|
|
|
|
|
|
| |
for the 'ldap del only sam attr' functionality. So
we are compatiple to the current SuSE patches as well
as to TNG... ;-)
Volker
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
This patch is heavily based on a patch by SuSE. Thanks
to Guenther Deschner <gd@suse.de> for providing it.
Volker
|
| |
|
|
|
|
| |
rather than a runtime-parsed string.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
Matches 2.2
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
| |
work...
Andrew Bartlett
|
| |
|
|
|
|
|
| |
Comments wellcome.
Simo.
|
| | |
|
| |
|
|
|
| |
Yes I will add the docs....
Jeremy.
|
| |
|
|
|
|
| |
- Add smb_probe_module()
- Add init_modules()
- Call these functions
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there. If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.
This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code. Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.
This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.
This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames. When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.
Andrew Bartlett
|
| |
|
|
| |
section...does this make sense?
|
| |
|
|
|
|
| |
This patch adds the architecture for an IDMAP backend system including a new
smb.conf parameter "winbind backend". Right now, the only valid value is "tdb"
but I'm currently working on an LDAP backend.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 =
yes') and only when 'client use spengo = no'. (A new option to allow the
client and server ends to chose spnego seperatly).
NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet.
Also some parinoia checks in our input parsing.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This checking allows us to connect to Microsoft servers the use SMB signing,
within a few restrictions:
- I've not get the NTLMSSP stuff going - it appears to work, but if you break
the sig - say by writing a zero in it - it still passes...
- We don't currently verfiy the server's reply
- It works against one of my test servers, but not the other...
However, it provides an excellent basis to work from. Enable it with 'client
signing' in your smb.conf.
Doc to come (tomorrow) and this is not for 3.0, till we get it complete.
The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the
standard session key, ie MD4(NT#).
Thanks to jra for the early work on this.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
name' and 'netbios scope'. Probably has a similar effect on SWAT.
Also adds '-V' to testparm.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
|
| | |
|
| |
|
|
|
| |
named. Ensure we can query them.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
as to what it now does in 3.0. Needs more work, but better than documenting
the old functionality :-).
As the security benifits of this are nullified by a setting of 'guest ok' on
any share, we might want to put some documentation there too.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
attributes rather than calling getpwnam() on the user.
This should help fix some of metze's performance issues - particularly on
enumerations.
There is a consequential change to the operation of 'non unix account's in LDAP
- they are no longer restricted to being 'within' the NUA range, but will
always be added to that range.
Finally, there is the doco for this and the previous LDAP SSL changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Default is now for start-tls, on the ldap (not ldaps) port
- We check for 'I am currently root' in the right place now, and don't
accidentily use a cached connection.
- We don't loop on failure to be root, or some other errors.
- A bit cleaner error reporting for add/modify.
- Both the OpenLDAP and manual URI parsing tested.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
This is not 100% the same as what SuSE shipped in their Samba, there is
a crash bug fix, a race condition fix, and a few logic changes I'd like to
discuss with Andreas. Added Andreas to (C) notices for posix_acls.c
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
removed the following parameters
* postscript
* printer driver
* printer driver location
* printer driver file
also removed the get_a_printer_driver_9x_compatible() function
|
| |
|
|
|
|
|
|
|
| |
characters used in the prefix for 8.3 names in the hash2
algorithm. The longer the prefix the more readable the 8.3 names will
be, but the weaker the hash.
this was added because of someone complaining that the new hashing
algorithm was unreadable but the old one was broken :)
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
MAX_PRINT_JOBS in a queue.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
off his laptop :-)
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
This is to allow painless upgrades from 2.2, and so people don't get a shock
when they follow old docs.
If ldap has been detected on the system, ldapsam is always available, just not
the default.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
|
| |
|
|
|
|
| |
default) from working.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
in via deltas, we need a way to set a user's primary group.
Volker
|
| |
|
|
| |
Jeremy.
|
| | |
|
