IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Also add a note to clarify that this should not be changed without
discussion and consensus. We don't want this bouncing around.
Paramater support to allow optional selection of Win2003 mode welcomed.
Andrew Bartlett
It doesn't really matter if the entries
have invalid context in it. Older versions of samba
refuse to open the file if the version doesn't match.
If we can't parse individual records, we'll fail schannel binds,
but the clients are supposed to reestablish the netlogon secure channel
by doing ServerReqChallenge/ServerAuthenticate* again. This
will just overwrite the old record.
metze
This ensures we only have one codepath to store the secret, and
therefore that we have a single choke point for setting the
saltPrincipal, which we were previously skipping.
Andrew Bartlett
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
When we disable null tracking, we need to move any existing objects
that are under the null_context to be parented by the true NULL
context.
We also need a new talloc_enable_null_tracking_no_autofree() function,
as the talloc testsuite cannot cope with the moving of the autofree
context under the null_context as it wants to check exact counts of
objects under the null_context, and smbtorture has a large number of
objects in the autofree_context from .init functions
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a
copy of the one under the directory root object. Therefore there doesn't exist
the "Windows 2000 Mixed" forest level.
I reread some docs about this attributes and it seems that this as mapping
attribute isn't host specific but in common for the whole domain. To allow
Windows DCs to join our s4 domain sooner or later we have to provide the full
attribute.
- The tool displays now also mixed/interim domain levels and warns about them
(s4 isn't capable to run on them)
- But it allows now also to raise/step-up from them
- It displays now also levels higher than 2008 R2 (altough we don't support them
yet) but to be able to get a correct output
Windows Servers allow OID strings to be used instead of
attribute/class names.
For now we only resolve the OIDs in the search expressions,
the rest will follow.
metze
I had to think about how to encode the string 0x0001 (taken from Windows Server).
The problem is due to the "0" byte at the beginning of it. BASE64 encoding
seems a good method to do it.
