IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
to/from utf8 for some calls. The libads code gets this right. Wonder why
the passdb code doesn't use it ?
Jeremy.
(This used to be commit 910d21d3164c2c64773031fddaad35ea88e72a04)
Someone only half changed the code to use dc_name
instead of remote machine... Found via back trace from Dariush Forouher
<dariush@forouher.de>.
Jeremy.
(This used to be commit 963b24ac1a721a8b0d348b578f25b1d8cb7e2124)
to build on systems with fixed getgrouplist() in GNU libc < 2.3.2.
Unfortunately, we can't detect correctness of getgrouplist() functioning in
portable way so this is left up to developer/packager.
This patch adds --with-good-getgrouplist[=no] switch to configure which packagers
on Linux platforms could use to specify in their own builds if they now that glibc
on their platform is fixed w.r.t CAN-2003-0689. By default we still think that glibc
is vulnerable and perform our version check.
** This patch does not change default behaviour in Samba 3.0 -- by default we are not
vulnerable on glibc as we are not using getgrouplist()
See http://www.securityfocus.com/bid/8477 for vulnerability description.
Right now there are following Linux vendors released glibc updates for CAN-2003-0689:
RedHat -- https://rhn.redhat.com/errata/RHSA-2003-249.html
ALTLinux -- http://www.altlinux.com/index.php?module=sisyphus&package=glibc
(This used to be commit e53622c114e0368515c50b357567fcdd0b95979e)
Display an error if we can't create a posix account for the user
(e.g no add user/machine script was specified; bug #323).
(This used to be commit 0c35ba2cd65ff64c5db2b20d5528a0d486cba51e)
we can override the value in smb.conf with the -w option.
Migrating accounts from another domain can now be done like:
# bin/net join bdc -w nt4dom -Uadministrator%password
# bin/net rpc vampire -w nt4dom -U administrator%password
(This used to be commit d7bd3c1efbd02a7ca01ad9a4b242ea4cc4a63c1f)
not number of bytes. Reproduce this by trying to rename the file named :
sibrseau -> sibrseaU
from Windows 2000 explorer.
Jeremy.
(This used to be commit 035f59599514491609078ac0fe5804278c43a9b3)
There was some confusion over dynamically allocated lists of pointers
(i.e you have to make space for the list of pointers and what they are
pointing too) in the memory buffer passed in from libc.
Valgrind is much happer now and as a bonus there is no segfault.
(This used to be commit 7907c44414acb841a9001e82285790eece73d032)
info delta correctly and thus crash when doing a net rpc samdump.
The easiest thing at the moment it to comment out these functions as
they seriously don't correspond with reality (netmon/ethereal) and the
data in the containers aren't used anyway.
(This used to be commit 695aa39c5d798b112f0a06281b499fcac8a5bf31)
relying on lp_servicename(n) to return an empty string for invalid
service numbers. For some reason it is returning NULL now.
Fixes bug 403.
(This used to be commit cebb2abd2e946a5f9f2d84a7e8ae82eceecd0274)
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
portion of NTLMv2 key exchange. Also revert the default for
'client ntlmv2 auth' to no. This caused no ends of grief in
different cases.
And based on abartlet's mail....
> All I care about at this point is that we use NTLMv2
> in our client code when connecting to a server that
> supports it.
There is *no* way to tell this. The server can't tell us, because it
doesn't know what it's DC supports. The DC can't tell us, because it
doesn't know what the trusted DC supports. One DC might be Win2k, and
the PDC could be an older NT4.
(This used to be commit fe585d49cc3df0d71314ff43d3271d276d7d4503)
already have ads_search_retry() for this. However, neither
domain_sid() nor sequence_nunber() used this function. So modify
them to us ads_do_search_retry() so we can specify the base search
DN and scope.
(This used to be commit 89f6adf830187d020bf4b35d1a4b2b48c7a075d0)
kerberos symbols unless I do the same as smbd does. It does not hurt
on my debian, so simply give a pointer to LDAPLIBS as well.
Volker
(This used to be commit 353d5272912ac11aa3ebf7403593177c45b20147)
Ken Cross. Sometimes ads conenction get stale but we don't know
they are dead until we try them. This patch may need some optimization
after people bang on it for a while.
(This used to be commit 7021cf63a4501c90620cf6a5f117eef345bbd291)
relocatable form.
Added a comment about this in the hope that it won't happen again.
Renamed PAM_WINBIND_OBJ to PAM_WINBIND_PICOBJ to make it a bit clearer.
(This used to be commit 04797e12d85a4b4d616397dd1283e5a65af5adab)
