| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
at me :-)
Volker
|
| | |
|
| | |
|
| |
|
|
|
| |
that app-head does.
Jeremy.
|
| |
|
|
|
|
|
|
| |
somebody with a large domain do a net rpc samdump to verify this?
Without this change, I don't get everything from a NT4 SP1 and SP6
PDC.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
* s/driverlocation/comment
* detect native mode domain and enumerate local groups
Also
* Added sendfile stats from SAMBA_2_2
|
| |
|
|
|
|
| |
also try to uniform names to a clean scheme.
first part.
|
| | |
|
| |
|
|
| |
the ones for debuglevel and configuration file in pdbedit
|
| |
|
|
| |
from APP_HEAD
|
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
| |
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
|
|
| |
a rid.
Volker
|
| |
|
|
|
|
|
|
|
| |
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
|
| |
|
|
|
|
|
|
| |
getsid, then join as a BDC, and then watch net rpc vampire suck out
the good stuff out of a PDC :-). It's not perfect, but it does quite a
bit for me. Watch out for more.
Volker
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.
Volker
|
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
| |
positive name for this. It creates users and global groups. More to come.
Volker
|
| | |
|
| |
|
|
| |
the DC being out of sync with the local machine.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch.
pass also the negociation flags all the way.
all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient.
in the future we will be able to call auth_2 or auth_3 as we want.
J.F.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
|
| |
|
|
|
|
| |
I get all the groups at least.
Volker
|
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
| |
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
|
| |
|
|
| |
bound to a given driver
|
| | |
|
| |
|
|
| |
samsync operations (as a BDC)
|
| |
|
|
|
|
| |
options.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
user SIDs correctly.
Volker
|
| | |
|
| |
|
|
|
|
| |
Print domain SID on 'net rpc info'
Volker
|
| | |
|
| |
|
|
| |
Volker
|
| | |
|
