IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Currently this calls back to mapping.c, but we have the framework
to get the information into LDAP and the passdb.tdb (should we? I
think so..).
This has received moderate testing with net rpc vampire and
usrmgr. I found the add_groupmem segfault in add_aliasmem as
well, but that will be another checkin.
Volker
(This used to be commit f30095852fea19421ac8e25dfe9c5cd4b2206f84)
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
- Fix segfaults in the 'net ads' commands when no password is provided
- Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the
old options, but the actual code is available on all ldap systems.
- Fix shadow passwords (as per work with vl)
- Fix sending plaintext passwords to unicode servers (again vl)
- Add a bit of const to secrets.c functions
- Fix some spelling and grammer by vance.
- Document the -r option in smbgroupedit.
There are more changes in HEAD, I'm only merging the changes I've been involved
with.
Andrew Bartlett
(This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
(This used to be commit 31bdbeef0ea6f30247cd3b30cfea57b34102abe6)
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
(This used to be commit 36c2a3820faa1d90cd331881720be0e61ab93460)
better job of working with usrmgr. Previously we were blanking out entires,
and all sort of mischif.
The new patch (which I've now had a chance to test/modify) also takes care not
to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store
\\server\user back) and to correctly notice 'not set' compared to 'null string'
etc.
Andrew Bartlett
(This used to be commit ab878b6cc4132594fc33f78aeebf0d8b7266c150)
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
(This used to be commit 102a26e06591928a03b49cd312a65811ed46314f)
flag to what we expect. This handles the 'upgrade' from unixsam beter (where
all $ terminated accounts are machines).
Andrew Bartlett
(This used to be commit a198940ea6f7b7f3cba38c5a9f695e0731204583)
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
(This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
be traversals being attempted. Yes, this was from bitter experience (and
an out of control server :-). Also allow callers to break out of a tdb_chainlock
with sigalarm if desired.
Jeremy.
(This used to be commit a7781f91d8c1177210bffc199cd2f3b7ff993eaf)
accounts added first to /etc/passwd will be honered correctly. Also, users
'upgraded' to smbpasswd will have the right flags.
Andrew Bartlett
(This used to be commit 474cc910c73e5567313bac438c7324a80e2e90d8)
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
pdbedit failed to initialize global_myworkgroup, wo we could end up
having a SID for SECRETS/SID/ in secrets.tdb.
Volker
(This used to be commit 8c96ab4bc05e55e119c1b44779fe14d3ab6c5f35)
- don't use lp_passwd_file() to retrieve NIS domain name, but use location
instead
- some cleanups
(This used to be commit 16f4568f35c753ec0ab0a0dda2b264668f5ac5ab)
build farm happy again, and allow the 'guest account' to be added to smbpasswd.
Andrew Bartlett
(This used to be commit 5e5cd2874527dd9a213c4bfcf98a425c39f3f2e2)
This moves it right into the passdb subsystem, where we can do this in
just one (or 2) places. Due to the fact that this code can be in a tight loop,
I've had to make 'guest account' a 'const' paramater, where % macros cannot be
used. In any case, if the 'guest account' varies, we are in for some nasty
cases in the other code, so it's useful anyway.
Andrew Bartlett
(This used to be commit 8718e5e7b2651edad15f52a4262dc745df7ad70f)
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
(This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
