IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
Thanks to Andrew Kroeger <andrew@id10ts.net> for reporting this. This
fix just for the release. A better fix will make it into the master
branch soon.
Andrew Bartlett
Win7-beta.
The first problem is that we removed the dnsDomain attribute a while
back, so we were returning NULL for two fields. We now return the
realm.
The second problem is that Win7-beta sends the domain in the form the
user typed it, so it may be in either the short or long form. We check
for the short form and convert if needed.
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
More correctly handle expired passwords, and do not expire machine accounts.
Test that the behaviour is consistant with windows, using the RPC-SAMR test.
Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.
Andrew Bartlett
(This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
torture test, as I see little reason to implement these RPCs).
Add information regarding the importance of the LogonGetDomainInfo calls
Andrew Bartlett
(This used to be commit 9cd3a76c25019f4d8d7b41d75e1f7efb4475e86a)
samdb before we start writing entries into it.
In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).
We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.
When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works. This required some ejs
glue.
Andrew Bartlett
(This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
