IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 1 00:43:51 CEST 2016 on sn-devel-144
This also removes the asn1util dependency from krb5_wrap and moves it to
libads which is the only user.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When creating the custom krb.conf file, list etypes
according to kerberos encryption types
Also use proper directives for heimdal (heimdal recognizes
the MIT etype directives, but does not act upon them)
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144
When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006
Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Ensure we don't crash in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11959
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 9 13:18:56 CEST 2016 on sn-devel-144
ENCTYPE_NULL is defined by the RFC and used by MIT Kerberos. Heimdal
also provides ENCTYPE_NULL.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 26 22:47:19 CEST 2016 on sn-devel-144
Unused in this commit, the next commit will use it to avoid deleting
keys with the same kvno but a different enctype.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144
This fixes a regression in commit 2cb07ba50d
(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
that prevents things like 'net ads join' from working against a Windows 2003 domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 12 23:02:56 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Pair-programmed-with: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Caller will use them instead of the full principal in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It will be possible to use this for more than just NTLMSSP in future.
Similar to https://bugzilla.samba.org/show_bug.cgi?id=10288
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This avoids using the hand made spnego code, that
doesn't support the GENSEC_FEATURE_NEW_SPNEGO protection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is more generic and will handle the
ntlmssp_[un]wrap() behaviour at the right level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a preparation to move smb_krb5_kt_add_entry() to krb5_wrap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is a preparation to move smb_krb5_kt_add_entry() to krb5_wrap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is a preparation to move smb_krb5_kt_add_entry() to krb5_wrap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We may not have the permission to modify the object after creation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 26 11:30:03 CET 2016 on sn-devel-144
Without this fix, for accounts with an expired password, a password change
process is initiated and - due to the prompter - this fails with a confusing
error message:
"kerberos_kinit_password Administrator@W2K12DOM.BER.REDHAT.COM failed: Password
mismatch
Failed to join domain: failed to connect to AD: Password mismatch"
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make the oids accessible without having to include ADS_STRUCT&friends
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We already allow the user to configure LDAP page size, and use it in pdb_ldap.
But then we hard-code the initial LDAP page size value to 1000 in ads_init, so
it doesn't take effect there. So let's use the configured LDAP page size value
in ads_init also, which defaults to 1000.
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 03:59:16 CET 2016 on sn-devel-144
