IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The ldif for that operation looks like this:
dn:
changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1
It uses the rootdse's object functional attribute schemaUpdateNow.
In rootdse_modify() this command is being recognized and it is send as extended operation with DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID.
In the partition module its dispatched to the schema_fsmo module.
The request is processed in the schema_fsmo module by schema_fsmo_extended().
(This used to be commit 39f9184ddf)
This allows controlling whether krb5 auth is forced for the rpc bind in
libnet_become_dc. It defaults to "yes". For Windows 2000, DsGetNCChanges
only krb5 auth works due to a bug in Windows (it returns garbage - a
positive object count is returned along with first object == NULL).
For Windows 2008, on the other hand, krb5 auth does not work currently
due to the lack of support for AES keys. (Metze is working on that.)
Michael
(This used to be commit af85aad814)
This is for debugging and informational purposes only.
The assignment is implementation specific.
(WSPP docs, sec. 5.35).
Michael
(This used to be commit 1f5704e2de)
But it's still of by default until we now what triggers this generation.
It could be that the value is always generated but the KDC only
uses it when in a specific funtional level, but it could also
be that it's only generated in a specific functional level.
metze
(This used to be commit 08618bbd50)
This check breaks more than it fixes, and while technically not
correct, is the best solution we have at this time. Otherwise,
SCHANNEL binds from WinXP fail.
Andrew Bartlett
(This used to be commit f8628fa330)
According to the WSPP docs, section 5.35,
this is the "process identifyer" of the client.
It is meant for informational and debugging purposes
only and its assignment is implementation specific.
Michael
(This used to be commit 579306eb5b)
- fixes bug #4813 (simplify DNS setup)
- This reworks the named.conf to be a fully fledged include
- This also moves the documentation into named.txt
- improves bug #4900 (Group policy support in Samba)
- by creating an empty GPT.INI
- fixes bug #5582 (DNS: Enhanced zone file)
- This is now closer to the zone file AD creates
committed by Andrew Bartlett
(This used to be commit 74d684f6b3)
Clearly winbindd in Samba4 has not ever been run against windows, as
when we fixed the Samba4 server not to cause XP to loop like this,
Samba4's own client starts looping...
Andrew Bartlett
(This used to be commit 9741772190)
The 'comment' element in a number of domain structures is called
oem_information. This was picked up actually because with OpenLDAP
doing the schema checking, it noticed that 'comment' was not a valid
attribute.
The rename tries to keep this consistant in both the LDB mappings and
IDL, so we don't make the same mistake in future.
This has no real schema impact, as this value isn't actually used for
anything, as 'comment' was not used in the provision.
Andrew Bartlett
(This used to be commit 65dc0d5365)
The change to the RPC-LSA test proves that when the remote server has
0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not
NT_STATUS_OK.
Andrew Bartlett
(This used to be commit 40a55b34c2)
The code previously added data->add_objectClass, but only removed the
fixed objectclass of extensibleObject.
Found by the ldap.py test.
Andrew Bartlett
(This used to be commit 4fa15c3173)
This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database. This makes the memberOf module
able to validate the links again, now we have database ACLs.
Andrew Bartlett
(This used to be commit 9fe3e9f09f)
This test assumed that fnums are recycled immediately after a close. This is
not true on Samba 3.
Andrew B., I assume this is just a bug in the test. Assuming recycled fnums
might be true on Windows and Samba 4, but I don't think we should assume this
everywhere.
Volker
(This used to be commit a4c3a59d47)
Also in particular the 'sync' flags (which Samba has traditionally
ignored).
Thanks to Olivier Salamin <olivier.salamin@gmail.com> for pointing out
more flags that needed to be handled.
Andrew Bartlett
(This used to be commit 370bb39cd7)
The total_object_count member of DsGetNCChangesCtr[1|6] was wrong
it's the error code of an extended operation.
DsGetNCChangesCtr6 has a nc_object_count value which contains
the estimated amount of objects in the naming_context.
W2k seems to have a bug and sends this number of objects
in the extended_ret field. Maybe it's just a bug and
not a feature:-)
metze
(This used to be commit 6793109212)
With NTLMSSP we just get strange responses with a random object count
and a NULL object list. On the domain partition where we try to replicate
the password fields.
metze
(This used to be commit ce12a91051)
The MS-SMB document explains that some of these options should be
ignored. The test proves it.
/* Must be ignored by the server, per MS-SMB 2.2.8 */
/* Must be ignored by the server, per MS-SMB 2.2.8 */
If we implement HSM in samba4 (likely) we should honour this bit.
/* Don't pull this file off tape in a HSM system */
Andrew Bartlett
(This used to be commit 502739ff90)
This reworks our LDAP backend code to move from anonymous access to a
shared-secret SASL-protected connection. (SASL selects NTLM or
DIGEST-MD5 on my system).
To get this working, we must pre-populate the LDAP backend with a DN
to store ths SASL secret on, and we use back-ldif for this.
This gives us a reasonable basis to deploy a replicated OpenLDAP
backend solution.
Andrew Bartlett
(This used to be commit cd0745253c)
With these changes, we don't leak the LDAP socket, and don't reset all
credentials feature flags, just the ones we are actually incompatible
with.
Andrew Bartlett
(This used to be commit 72e52a3011)
This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.
Andrew Bartlett
(This used to be commit e396a59788)
This includes a simple bind DN, or SASL credentials.
The error messages are reworked as on systems without an LDAP backend,
we will fail to find this record very often.
Andrew Bartlett
(This used to be commit 95825ae6d5)
We don't really care (because nobody uses them) what we send as the
domain and workstation in the negotiate packet.
Andrew Bartlett
(This used to be commit 9ac07e1487)
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
(This used to be commit 1cf0d75149)
