IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Winbind tickets expired. We now check the expiration time, and acquire
new tickets. We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them. Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway. Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
(This used to be commit c2436c433afaab4006554a86307f76b6689d6929)
net rpc did not inform you if no smbd is running.
I never liked the error message (!) Success! when we established a trust.
Volker
(This used to be commit 4191a434d48065a75f38752c4aa27219f36d602b)
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
(This used to be commit 7b96765c23637613f079d37566d95d5edd511f05)
I was rather annoyed by the net groupmap syntax, I could never get it
right.
net groupmap set "domain admins" domadm
creates a mapping,
net groupmap set "domain admins" -C "Comment" -N "newntname"
should also do what you expect. I'd like to have some feedback on the usability
of this.
net groupmap cleanup
solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.
Volker
(This used to be commit eb4d4faff8c14e999f414ca5b6e8c25a558859c8)
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit 191b43159e7358541be9a3deac8c447885145442)
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
new system and a user is being added via pdbedit/smbpasswd.
Found at Connectathon setup.
Jeremy.
(This used to be commit f9c7a42e895f50e15d2f5079bfb2cb389fdf2df4)
to, despite any smb.conf settings.
Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.
Andrew Bartlett
(This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
(This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
This adds the very simple 'admin set password' capability to 'net rpc',
much as we have it for 'net ads'.
Andrew Bartlett
(This used to be commit ced7fb55276f3d21d69b85b40d3f64c5e790bcc9)
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
see a reason why we have so many special cases and not simply use
nt_errstr(nt_status).
Comments?
Volker
(This used to be commit ea1a5fb30357f4fe70139ff5583d09cef9fdaa62)
initialized.
Also split out the oldstyle join into a new fn, allowing us to call it
with no failure message from net rpc join, but displaying a failure message
when used with net rpc oldjoin.
(This used to be commit 07d6ed4343d7a2575dc974bfbc498b14784b2dc1)
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
(This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
Supports recursive downloads and resume, progress indication and shows
estimated time remaining.
(This used to be commit 82bd1b45a4205706b57bae42c7b03974f8b44753)
using pread/pwrite. Modified a little to ensure fsp->pos is correct.
Fix for #889.
Jeremy.
(This used to be commit 019aaaf0df091c3f67048f591e70d4353a02bb9b)
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name->sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.
This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.
Andrew Bartlett
(This used to be commit 7a3a5a63612b2698a39f784859496c395505a79b)
