IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The reason for this are:
(a) the set_dc_type_and_flags() cannot tell the different
between connecting to an NT4 domain and an NT4 BDC
of a mixed mode domain.
(b) the connection management for the rpc backend only
provides on named pipe per cli_state. So it is possible
to connect to an NT4 BDC for netlogon and an AD mixed mode
DC for lsarpc. RPC is the lowest common demonimator here.
(c) Issue with the sequence number value between the
highestCommittedUSN LDAP attribute and the seq_num returned
via RPC.
We will revisit this later, but the changes need to make this
work right now are too broad and risky.
This adds a configure test, that tries to find out if we have a working
cracklib installation, and tries to pick up the debian hints on where
the dictionary might be found. Default is per my Fedora Core 1 system -
I'm not sure how much it changes.
Andrew Bartlett
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
'newrec' into the tdb.
This was not initialised, so valgrind warned about it.
(Note: valgrind only makes sense on tdbs with 'mmap = no' in your smb.conf)
Andrew Bartlett
While machine accounts cannot use an NTLM login (NT4 style), they are
otherwise full and valid members of the domain, and expect to be able to
use kerberos to connect to CIFS servers.
This means that the LocalSystem account, used by various services, can
perform things like backups, without the admin needing to enter further
passwords.
This particular issue (bug 722) has started to come up a lot on the lists.
I have only enabled it for winbindd-based systems, as the macros use use
to call the 'add user script' will strip the $ from the username for
security reasons.
Andrew Bartlett
but security=ADS, we would attempt to free the principal name that krb5
never allocated.
Also fix the dump_data() of the session key, now that we use a data_blob to
store that.
Andrew Bartlett
here's a small fix that fixes the new quota system on irix.
I need to reanable XFS quotas on irix for the new quota system
(Jerry do you want to wait for this for the release ?)
But the old system works and is the default on irix!
