IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
get_global_sam_name().
Error case: Adding a domain user to a XP local group did a lsalookupname on
the user without domain prefix, and this then failed.
Jerry: This is a must-fix before 3.0.3.
Volker
(This used to be commit f35e353454b6825da1de138a3f0d8106787e938b)
cache entry time comparisons in password lockout. Fixes problems where
pdb_ldap tries to delete the operational attribute modifyTimestamp when
deleting a user account.
(This used to be commit 5ebcb9081e435d54c39d4d3a1ef1d7b651ccb53f)
some platforms (FreeBSD in this case) don't define timezone according to
posix. This is what I wanted to do anyway.
Spotted by Andrzej Tobola <san@iem.pw.edu.pl>
(This used to be commit bc13e35db0b8b265f87553d4df1c7326710cb3fa)
bad time locally, updating the directory only for hitting the policy limit
or resetting.
This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit. It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.
The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends. tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring. There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
A windows DC does not reply to DCNAME\\Administrator, only to
DOMAIN\\Administrator. Fix that.
Without winbind we are wrong as domain members, we should forward the request
DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that
nicely.
Volker
(This used to be commit 7ed61edbbedbdee25f750aa30c13479764aa1af2)
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit 191b43159e7358541be9a3deac8c447885145442)
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.
For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.
Andrew Bartlett
(This used to be commit 9ffc490fce215dcaed8ebfc1db85f5017a692ca4)
the prototype at the beginning, and change some comments so diffs to HEAD
aren't filled with useless info.
(This used to be commit 7b40f6c464ecbd40ab3fdf32b53da1e61475d2e7)
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
(This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
- Add pgSQL backend (based on patch by Hamish Friedlander)
- Use query generate functions from pdb_mysql and pdb_pgsql
- Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change
(This used to be commit 65ad2c02fd2bf36d535c279ad290ab81e39f6816)
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name->sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)
Andrew Bartlett
(This used to be commit 9080c30de8aa96ed3b9b121ca111f1632572754e)
