| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
(allow the use of base64 encoded strings, LM or NT passwords)
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
server had said something (such as an error).
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This protocol looks rather like SMTP headers/LDAP:
NT-Domain: TESTWG
Username: abartlet
...
Password: foo
Challenge-response passwords are in hexideciaml, while any 'plain'
string can be base64 encoded when like this:
Password:: Zm9vCg==
(the :: indicates it, just like LDAP - I hope)
The protocol is not final, so it is #ifdef DEVELOPER for now (so
nobody starts to rely on it until I'm happy), but we may as well get
this into subversion.
My intention is to use this to power the next version of my
PPP/ntlm_auth plugin, and hopefully entice a FreeRadius plugin out of
the woods.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
| |
the main ntlm_auth program.
It quite possibly should belong in smbtorture, but relies on the
winbind client for now.
Andrew Bartlett
|
|
|
|
|
|
|
| |
this variable to 'user_session_key', where possible. The command line
parameter is currently unchanged).
Andrew Bartlett
|
| |
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
|
|
|
| |
*ANYTHING* in
unless you have done a make clean; make.
Jeremy.
|
|
|
|
|
|
|
|
|
| |
all authentication to members of this particular group.
Also implement an option to allow ntlm_auth to get 'squashed' error codes,
which are safer to communicate to remote network clients.
Andrew Bartlett
|
|
|
|
|
|
|
| |
key could
be anything, and may not be based on anything 'NT'. This is also what microsoft
calls it.
|
|
|
|
| |
* updateing WHATSNEW with vl's change
|
|
|
|
| |
and honours the 'netbios name' in the smb.conf.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a (very) long time, we have had a bug in Samba were an NTLMv2-only
PDC would fail, because it converted the password into NTLM format for
checking.
This patch performs the direct comparison required for interactive
logons to function in this situation. It also removes the 'auth flags', which
simply where not ever used.
Natrually, this plays with the size of structures, so rebuild, rebuild
rebuild...
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
| |
Winbind tickets expired. We now check the expiration time, and acquire
new tickets. We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them. Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway. Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
|
|
|
|
|
|
|
|
| |
net rpc did not inform you if no smbd is running.
I never liked the error message (!) Success! when we established a trust.
Volker
|
| |
|
|
|
|
|
|
|
|
|
| |
"allow_bad_conv"
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
|
|
|
|
|
| |
(should fix the mb service name problem, can't remember the bugid).
Jeremy.
|
|
|
|
| |
Bas van Sisseren <bas@dnd.utwente.nl>
|
| |
|
|
|
|
| |
Volker
|
|
|
|
|
|
| |
srv_samr_nt.c: Correctly report that a user is not member of an alias.
Volker
|
|
|
|
|
|
| |
something not a group.
Volker
|
|
|
|
| |
Volker
|
|
|
|
|
|
| |
set of groups.
Volker
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect. I'd like to have some feedback on the usability
of this.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
|
|
|
|
|
|
|
|
|
|
| |
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
|
|
|
|
|
|
|
|
| |
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
|
|
|
|
| |
Volker
|
|
|
|
|
|
| |
Set the HWM values correctly after having manipulated the tdb.
Volker
|
|
|
|
|
|
| |
new system and a user is being added via pdbedit/smbpasswd.
Found at Connectathon setup.
Jeremy.
|
| |
|
| |
|
|
|
|
| |
Volker
|
|
|
|
| |
Volker
|
|
|
|
| |
Volker
|
| |
|
| |
|
|
|
|
| |
fixes for 'net share'
|
|
|
|
| |
Volker
|
|
|
|
|
|
|
|
|
| |
to, despite any smb.conf settings.
Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
|
|
|
|
|
| |
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
|
|
|
|
| |
Andrew Bartlett
|
|
|
|
|
|
|
| |
This adds the very simple 'admin set password' capability to 'net rpc',
much as we have it for 'net ads'.
Andrew Bartlett
|
|
|
|
|
|
|
|
| |
remote_password_change().
Sorry for the original bug.
Andrew Bartlett
|
| |
|
| |
|