IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is not a general purpose profiling solution, but these JSON logs are already being
generated and stored, so this is worth adding.
Some administrators are very keen to know how long authentication
takes, particularly due to long replication transactions in other
processes.
This complements a similar patch set to log the transaction duration.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This adds support for trusted domains to the auth stack on AD DCs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This adds authentication support for trusted domains to the
netlogon server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This prepares real async handling in the backends.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 27 21:09:08 CEST 2017 on sn-devel-144
This prepares real async handling in the backends.
Check with git show -w.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Use the talloc context passed into all modules.
Remove one more talloc_autofree_context().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Not currently used - no logic changes inside.
This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.
Updated all known module interface numbers, and added a
WHATSNEW.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
This will allow tests to be written to confirm the correct events are triggered.
We pass in a messaging context from the callers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add a human readable authentication log line, to allow
verification that all required details are being passed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
We will soon have a much better replacement, but a note here may help some in the transition
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Currently we always map any incoming domain to our own domain
in map_user_info_cracknames(), so that the winbind module is never
used at all, e.g. we're DC of W4EDOM-L4.BASE with a forest trust to W2012R2-L4.BASE:
[2017/03/22 10:09:54.268472, 3, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [W2012R2-L4]\[administrator]@[UB1404-163]
[2017/03/22 10:09:54.268496, 5, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth_util.c:57(map_user_info_cracknames)
map_user_info_cracknames: Mapping user [W2012R2-L4]\[administrator] from workstation [UB1404-163]
auth_check_password_send: mapped user is: [W4EDOM-L4]\[administrator]@[UB1404-163]
That means the only condition in which "sam_ignoredomain" returns
NT_STATUS_NOT_IMPLEMENTED is the RODC case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
DsCrackNameOneName on a member does not really have a big user database. We
should delegate as much responsibility as possible to our DC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This changes the auth code in winbindd to use this as a flag, and to
therefore contact the RW DC.
Change-Id: If4164d27b57b453b398642fdf7d46d03cd0e65f2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
This adds in flags that allow winbindd to request authentication
without directly calling into the auth_sam module.
That in turn will allow winbindd to call auth_samba4 and so permit
winbindd operation in the AD DC.
Andrew Bartlett
Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will allow new tests to be written to validate winbindd authentication results
Andrew Bartlett
Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.
Now that security=server has been removed, we have no such module.
This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.
Andrew Bartlett
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
This matches check_ntlm_password() and generate_session_info_pac()
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
This matches what Samba3 does.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
