IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.
(This used to be commit 7a7862c01d07796ef206b255c676ad7dc2cc42fc)
calling convention in the latest MIT changes. Apparantly Heimdal
is also changing to this calling convention.
(This used to be commit c29c69d2df377fabb88a78e6f5237de106d5c2c5)
mode_t in posix_open/posix_mkdir -> 8 bytes to match
the SET_UNIX_INFO_BASIC call. Steve is updating the
Wikki.
Jeremy.
(This used to be commit 2f1c95ac7718c1d2a75367ba712edd6b57069432)
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
(This used to be commit 1c9e10569cd97ee41de39f9f012bea4e4c932b5d)
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adce51cec06df0e993534064b20666a8e)
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff345fa9e427c9579183f4380004bf3dd7)
DFS referrals. This doesn't appear to break anything in the non-DFS case,
but I don't have an environment to test DFS referrals. Need confirmation
from OP that this solves the problem.
(This used to be commit e479a9c094fa42354aad7aa76a712bf67d3d4d45)
- Should fix bug 4115 (but needs confirmation from OP). If the kerberos use
flag is set in the context, then also pass it to smbc_attr_server for use by
cli_full_connection()
- Should fix bug 4309 (but needs confirmation from OP). We no longer send a
keepalive packet unconditionally. Instead, we assume (yes, possibly
incorrectly, but it's the best guess we can make) that if the connection is
on port 139, it's netbios and otherwise, it isn't. If netbios is in use, we
send a keepalive packet. Otherwise, we check that the connection is alive
using getpeername().
(This used to be commit 2f9be59c10ef991a51cc858ab594187b5ca61382)
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181da0c356c8ffbdb5b380ccab3645a972)
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
works - even with the strange "initial delete on close"
semantics. The "initial delete on close" flag isn't
committed to the share mode db until the handle is
closed, and is discarded if any real "delete on close"
was set. This allows me to remove the "initial_delete_on_close"
flag from the share db, and move it into a BOOL in files_struct.
Warning ! You must do a make clean after this. Cope with
the wrinkle in directory delete on close which is done
differently from files. We now pass all Samba4 smbtortute
BASE-DELETE tests except for the one checking that files
can't be created in a directory which has the delete on
close set (possibly expensive to fix).
Jeremy.
(This used to be commit f2df77a1497958c1ea791f1d2f4446b5fc3389b3)
the stored client sitename with the sitename from each sucessfull CLDAP
connection.
Guenther
(This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197b1bc9db14a643fdd112b40ef37aaef)
The problem occurs like this:
1) running smbd as a domain member without winbindd
2) client1 connects, during auth smbd-1 calls update_trustdom_cache()
3) smbd-1 takes the trustdom cache timestamp lock, then starts
enumerate_domain_trusts
4) enumerate_domain_trusts hangs for some unknown reason
5) other clients connect, all block waiting for read lock on trustdom
cache
6) samba is now hung
The problem is the lock, and really its just trying to avoid a race
where the cure is worse than the problem. A race in updating the
trutdom cache is not a big issue. So I've just removed the lock.
It is still an open question why enumerate_domain_trusts() can
hang. Unfortunately I've not in a position to get a sniff at the site
that is affected. I suspect a full fix will involve ensuring that all
the rpc code paths have appropriate timeouts.
(This used to be commit ab8d41053347a5b342ed5b59a0b0dd4983ca91e6)
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
