IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
more scalable:
The most efficient way is to use the "tokenGroups" attribute which gives
the nested group membership. As this attribute can not always be
retrieved when binding with the machine account (the only garanteed way
to get the tokenGroups I could find is when the machine account is a
member of the "Pre Win2k Access" builtin group).
Our current fallback when "tokenGroups" failed is looking for all groups
where the userdn was in the "member" attribute. This behaves not very
well in very large AD domains.
The patch first tries the "memberOf" attribute on the user's dn in that
case and directly retrieves the group's sids by using the LDAP Extended
DN control from the user's object.
The way to pass down the control to the ldap search call is rather
painfull and probably will be rearranged later on.
Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2.
Guenther
(This used to be commit 7d766b5505e4099ef7dd4e88bb000ebe38d71bd0)
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
(This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
- samba3 pass the limited version of RAW-LOCK
(the lock cancel and error checking tests are skipped)
metze
(This used to be commit b79ceece9550c0fe9f59ae59bad6709351e93906)
to make connections to ports 445 or 139 on the DC it's trying
to contact. It calls sys_select() on the non-blocking sockets,
not sys_select_intr(). This is a mistake (I believe) as it allows
a signal to early terminate the connection attempts - whereas
sys_select_intr() will ignore signals until we get back to
the main processing loop where they'll be handled correctly.
This change means winbindd_cm will not early terminate if it
gets a message whilst trying to connect to DC's.
Gunther, Volker and Jerry please review (but I think this
is correct).
Jeremy.
(This used to be commit 24aaa486771f797d35ea6b0711c12cd3e663dd8c)
fsp pointers. Ensure we cope with this to pass Samba4
DENY tests (we used to pass these, there must have been
a regression with newer code). We now pass them.
Jeremy
(This used to be commit fd6fa1d4eaf61783df74ee2da50d331477f06998)
close fd=-1 fnum=4321 (numopen=1)
close_file: Could not get share mode lock for file $Extend/$Quota:$Q:$INDEX_ALLOCATION
unix_error_packet: error string = Das Argument ist ungültig
error packet at smbd/reply.c(3325) cmd=4 (SMBclose) NT_STATUS_INVALID_HANDLE
so a fake file needs special close handling I think. Jeremy, can you check
this?
Thanks,
Volker
(This used to be commit f66b9701b5c6bb6302fa11889adab6902cbaf2e3)
defined in <stdint.h>, ensure that it is present. (Not all
implementations pull it in when <sys/types.h> is used).
Paul
(This used to be commit dafe36ec4cff4e5f94e35841966007e3e4758582)
we can use this in samba4's smbtorture to disable tests sections which doesn't pass
against samba3
metze
(This used to be commit fab4de70b65ab5b9d3a93db46f13c7bab0e70464)
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
(This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
