IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This patch make sure we do not try to contact smbd in the main dameon
to avoid deadlocks.
All the operations that require connecting to smbd are performed in
the domain child anyway.
(This used to be commit 9347d34b502bef70cdae8f3e8acd9796dba49581)
Use the flags stored in the tdb when determining if a domain can
be contacted. The tdb should be considered authoratative anyways unless
you know the flags in the winbindd_domain are correct (such as when
first enumerating trusts).
Original suggestion and patch from Steven Danneman <steven.danneman@isilon.com>.
Manually rewritten by me for 3.2.
(This used to be commit f53658a20de07a29abbe2e90917b328d00fc0024)
On a DC, we always use the domain name given. On a domain member,
we use lp_workgroup(). This fixes a bug supporting trusted domains.
(This used to be commit 8b063a414149bdf401a8f854d55ed7dc6f94cb60)
The check for inbound trusts is invalid when samba is a DC
and has a trust with an active directory domain.
This effectively prevented tusts with an AD domain on a
samba DC from working (unless using "winbindd rpc only"),
because an ads_connect() was never performed. Only the
rpc-based winbindd methods were working properly.
Jerry: Please check!
Michael
(This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)
The present assignment
"request->data.init_conn.is_primary = domain->internal ? False : True"
simply feels wrong. This seems to be the thing right to do:
"request->data.init_conn.is_primary = domain->primary ? true : false".
The question is: Does this have any purpose at all?
data.init_conn.is_primary seems to be used nowhere
in the whole code at all.
Is it (still) needed?
Michael
(This used to be commit 8bb21b8b3802e7b093a3c4fb41b8550033388878)
The child struct is immediately reused, and this results
in a panic when child->logfilename == NULL.
Michael
(This used to be commit da131d089db98017632103aa9bbe38c98f7a3fc1)
This uses 2 tdb files. One is permanent, and is in shared storage
on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a
temporary cache tdb on local storage.
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709365fb620867ad8954bc5bf24496775)
If we try to flush the caches and due to a corrupted tdb we and have no tdb
context close the tdb and validate it. Initialize the cache afterwards again.
(This used to be commit d0c0f91fb9f3438a18c6f47ed894f525beb75cbf)
Also *do not* clear the trust list when rescanning or else it is possible
to suffer from a race condition where no trusted domains can be found.
(This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
A user logging in via GDM was not getting a complete list of supplementary
groups in his/her token. This is because getgroup() was not able to
find the winbindd_domain* using the DNS name. Fallback to matching the DNS
name is the short name match failes.
(This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
This allows us to deal with child domains in transitive forest trusts.
It also allows us to fill in the forest name to the target domain to the
struct winbindd_domain *.
(This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)
This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b)
which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for
reasons that are unclear to me. Maybe I am being too naive.
Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.
Michael
(This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
