IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
a NT4 domain as a BDC with an existing workstation account (existing
bdc is fine), we fail. Print a friendly error message in this case.
The correct solution would probably be to delete the account and try
again. But even this makes us better than NT: NT4 fails in this
situation with an empty warning message box and an unusable BDC. It
has unsuccessfully tried to suck down the domain database, and thus
has no administrator account to log in after reboot....
Volker
(This used to be commit 1ddeea2179)
module. Use "wins" as the nss name to invoke this behaviour.
Also, fixed nsstest so it doesn't segfault when a nss function can't
be dlopened(). Log an error and abort the test gracefully instead.
(This used to be commit 66bafbe371)
There are lots of things wrong with this patch, including:
1) it overrides a user chosen configuration option
2) it adds lots of complexity inside a loop when a tiny piece of code
outside the loop would do the same thing
3) it does no error checking, and is sure to crash on some systems
If you want this functionality then try something like this at the end
of charset_name():
#ifdef HAVE_NL_LANGINFO
if (strcasecmp(ret, "LOCALE") == 0) {
const char *ln = nl_langinfo(CODESET);
if (ln) {
DEBUG(5,("Substituting charset '%s' for LOCALE\n", ln));
return ln;
}
}
#endif
then users can set 'display charset = LOCALE' to get the locale based
charset. You could even make that the default for systems that have
nl_langinfo().
(This used to be commit 382b9b806b)
Samba should preferentially use the locale information from the native system,
and only fall back on 'display charset' if this is unavailable or unsupported.
(This used to be commit 1e445fb422)
the idmap and the SAM.
The basic idea is this: Lookup the user with GetPwnam(), and if they
exist then use that uid. This is what people expect. If the user does
not exist, try and run the right script.
This is also what people expect from previous Samba 3.0 behaviour, where
the Get_Pwnam() was at runtime.
If the idmap entry for this SID isn't valid, or isn't the right value,
modify the idmap to account for this mapping.
Also, the same logic is applied to the primary gid - if it has changed,
update the user's primary unix group.
This patch allows users to be added without a mapping - this is fine for
machine accounts, for example. I've given it a quick test against my
Win2k DC, and I *think* it's sane.
Andrew Bartlett
(This used to be commit d2a70bfff1)
that has been authenticated unmapped.
We need to make sure that every caller of idmap handles failure gracefully.
Volker
(This used to be commit 902d607b66)
from the PDC as a mapping to the uid we got from getpwnam in the
local idmap.
This should not be worse than the current state, so I decided to
commit it. It is different from abartlet's preliminary patch, but I
believe this is the better solution. Feel free to comment and/or
revert it.
Volker
(This used to be commit 0c16965e6f)
**********************************************************
**** PLEASE TEST YOUR CHANGES BEFORE CHECKING THEM IN ****
**********************************************************
Jelmer, your change did not fix the -b option, it just make it not
segfault on debian. It did however add a warning and make it not
compile on some systems. It also gave the io_bufsize the value of a
pointer, not the value the user specified.
(this doesn't apply just to Jelmer, I'm just seeing rather too many
checkins from everyone lately where the code could never have possibly
worked, so was obviously checked in without testing)
(This used to be commit 21931ad7a0)
the "don't use bzero" macros.
In general I think it would be better to have a separate script that
checks for deprecated functions like these using grep rather than
using these cpp tricks. They just get us into trouble.
(This used to be commit 2a227c880d)
keep putting bzero BSD'ism's into our source code. Make this an error like
bcopy and others to prevent it in future.
Jeremy.
(This used to be commit 80d0432316)
fails to build on a ton of platforms as it completely bypasses all of
our portability code.
if you want it then use 'make bin/editreg'. If some distros want to
add that to their spec files then thats up to them, but we really
can't have non-portable code unconditionally built in our main tree.
(This used to be commit 3c66111f32)
have a primary ADS domain and a secondary (trusted) NT4 domain. This
caused winbindd to be *really* slow for that setup.
- fixed winbindd_getgrgid(), which was calling uid_to_sid instead of
gid_to_sid(). When you make changes to winbind *PLEASE* test using
nsstest.
(This used to be commit cdd9b60a07)
to NTLMSSP for SASL if krb5 fails. This is important as otherwise the
admin may think that a join has succeeeded when kerberos is actually
broken.
(This used to be commit 23a6ea385c)
called. This is *essential* (and should be done on all the other cli_XX
rpc calls) to help debug winbindd problems remotely.
Jeremy.
(This used to be commit bc215612cb)
(this now causes things like the LANMAN protocol and contacting servers with 'encrypt passwords = no' set to fail, if configured)
'client ntlmv2 auth' (a BOOL) forces both plaintext and lanman off, and is the
most secure setting for compatible hosts.
Perhaps we should change this to 'client minimum auth'?
Andrew Bartlett
(This used to be commit e1fb681e4c)
* remove 'winbind uid' and 'winbind gid' parameters (replaced
by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
(parameters are passed to idmap init() function
(This used to be commit 1665926281)
any extra bytes, not clobber region them - otherwise valgrind
thinks they are invalid on send() or write().
Jeremy.
(This used to be commit 8aa5f7a65c)
(to match win2003 behaviour)
- added the STR_TERMINATE_ASCII flag from samba4 so we can get the
string termination right for the case where it is supposed to be
non-terminated for UCS2 and terminated when ASCII
(This used to be commit 791a4cc7cf)
valgrind warning) causes us to return a completely wrong 8.3 filename
in directory searches!
come on guys, this close to a release you need to TEST CODE BEFORE COMMITTING
(This used to be commit 381cea68b8)
Includes sambaUnixIdPool objectclass
Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
