IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit dd320c0924.
(This used to be commit cccb80b7b7)
If mDNS is supported, attempt to register the first port we are
listening on for the _smb._tcp service. This provides more reliable
service discovery than NetBIOS browsing.
(This used to be commit 1e7241517d)
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.
(This used to be commit 7fad5f38ea)
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
(This used to be commit e180bbd454)
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
(This used to be commit 18c66a364e)
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
(This used to be commit e77c4022cf)
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
(This used to be commit 4562342eb8)
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
(This used to be commit 91da12b751)
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88)
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
(This used to be commit 4788fe3924)
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit dd320c0924)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jason,
Jason Haar wrote:
> Patched 3.0.28, compiled, installed and here's the log file.
>
> Hope it helps. BTW I don't think it matters, but this is on 32bit
> CentOS4.5 systems.
yes, it helps. Thanks for that.
Very interesting, there are two auth data structures where the first one
is a PAC and the second something unknown (yet).
Can you please try the attached fix ? It should make it work again.
Guenther
- --
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner@redhat.com
Samba Team gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd
MPsZW4G31VOVu64SPjgnJiI=
=Co+H
-----END PGP SIGNATURE-----
(This used to be commit c9adc07ca2)
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.
Michael
(This used to be commit 9c24713b40)
for a server. We should have been doing this for a while,
but it's more critical with IPv6.
Original patch fixed up by James.
Jeremy.
(This used to be commit 5c7f7629a9)
Also the design of this function was really bad,
instead do the dump into a file, the client should get
back the list of mappings.
metze
(This used to be commit ce7fe8acf4)
