IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
lsa lookupsids3/lookupnames4 is only available over schannel sealed
ncacn_ip_tcp.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 14 17:28:29 CET 2011 on sn-devel-104
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call
netrServerAuthenticate2 during a domain join without setting the strong
keys flag (128bit crypto).
Only for NT4 we need to do a downgrade to the returned negotiate flags.
See also 0970369ca0.
DS_DNS_CONTROLLER bit is set if DC's domain name is dns name.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Dec 14 07:31:05 CET 2011 on sn-devel-104
Without this, netbios name lookups do not work, as we never fall back to them.
This caused segfaults from e38d97e042 to
251209bd6f and then name lookup failure
or timeouts until this patch.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Dec 14 01:16:37 CET 2011 on sn-devel-104
This is to avoid duplicating the logic of generating partition file
names. (partition file names are encoded partially as per RFC1738).
Also, use tdb_copy() instead of filesystem copy function to copy
database files, which guarantees correct database copy.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Dec 13 03:28:03 CET 2011 on sn-devel-104
This matches the values we set in provision.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 12 19:16:13 CET 2011 on sn-devel-104
Without this, log messages from any abort are not printed to
the samba logs.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Dec 12 14:34:16 CET 2011 on sn-devel-104
This avoids connecting to the netlogon server over \pipe\lsarpc
This works against windows because all pipes are implemented in the same
process, but not Samba4, and relying on this is not recommended in the WSPP docs.
Andrew Bartlett
Now tdb2 handles tdb1 files, we don't need most of commit
5eecc85423 which added TDB2 versions of
all the testing tdbs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Mon Dec 12 06:33:44 CET 2011 on sn-devel-104
This reverts commit de4b8943bf.
PYTHONDIR and PYTHONARCHDIR are both incorrect - they're the
distribution's python locations, rather than the python locations for
third party applications. For the moment, using PYTHONARCHDIR seems
better though, because it works around an issue on Fedora/RedHat.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Dec 9 01:58:50 CET 2011 on sn-devel-104
This is an advancement of samba_kcc to compute and
commit the modification of a repsFrom on an NC Replica.
The repsFrom is computed according to the MS tech spec
for implied replicas of NTDSConnections. Proper maintenance
of (DRS options, schedules, etc) from a NTDSConnection are now
all present. New classes for inter-site transports, sites,
and repsFrom) are now present in kcc_utils.py. Substantively
this gets intra-site topology generation functional by committing
the repsFrom that were computed from the DSA graph implemented in
prior drops of samba_kcc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Modification to periodic and explicit invocation
paths of the KCC topology generation code. Managed
via samba_runcmd_send() API. The samba_kcc script
is invoked if (kccsrv:samba_kcc = true) appears in smb.conf
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The subreq and status fields in the kcc_service struct
are added for execution management of the external samba_kcc
python script.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This allows dlz_bind9 to match on exactly the same key as bind9 itself
Andrew Bartlett
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104
To specify debug level, use -d <level> in named.conf.
To specify sam db, use -H <path/to/sam.ldb> in named.conf.
The default log level is set to 0. The log level specified in smb.conf
is not used. To set log level, use -d option.
Servers connection can be removed from repsTo and respFrom either due to
DC demote or topology change by the KCC, if a server is removed from the
reps* it must be effectivly removed from the list of server that we will
contact for getNcChanges and for replicaSync.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
This disables the posix permission override if the calculated
permissions did not come from a NT ACL.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104
This function call together with the lowat feature has been removed in release
3.0 as described in this mailing list post:
http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html.
Since we do not make any use of lowat (esprimed by each function call)
we are free to simply omit it on v3.0 and later.
This addresses bug #8537.
Reviewed by: abartlet + metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104
Windows-Members of NT4/Samba3 domains, send
MechTypes:
1.3.6.1.4.1.311.2.2.10 [NTLMSSP]
1.2.840.48018.1.2.2 [krb5 broken]
1.2.840.113554.1.2.2 [krb5]
MechToken for NTLMSSP.
This patch makes sure we start NTLMSSP with the given MechToken,
instead of trying to pass the NTLMSSP MechToken to the krb5 backend
first. As that would fail the authentication with an error
instead of trying fallbacks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
This add an async establish hook, that gets called
before a connection success is detected.
This can be used to do a NBT session request
and it makes sure that we don't cancel the connection
on port 445, just because the tcp connect on port
139 worked.
metze
This will help users who are used to the kadmin interface, and could
be extended to import existing MIT or Heimdal keys into a Samba4 AD
domain.
To use, add to your krb5.conf
[kdc]
database = {
dbname = samba4:
}
or
[kdc]
database = {
dbname = samba4:/usr/local/samba/etc/smb.conf
}
And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.
Based on a request by Gémes Géza <geza@kzsdabas.hu>
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
Find the objectSid for DnsAdmins group and use that instead of a fixed sid.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Nov 29 07:38:06 CET 2011 on sn-devel-104
Sometimes windows DC will set up dNSHostname before setting up
GC SPN and that causes replication errors since samba tries to
use GC SPN, which does not yet exist locally.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
This creates session info from kerberos ticket and verifies if
the signer has write access to a particular DN corresponding
to the name in dynamic update.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
This change is introduced to access samdb copy directly, rather
than over ildap. The advantage is that the samba server does not
need to be running for bind9 to start.
This creates a copy of rootdse, configuration and schema partitions
for dlz_bind9 use in dns/ directory. Since dlz_bind9 requires write
access to DNS partitions (DomainDnsZones and ForestDnsZones), those
partitions are hard-linked (or symlinked) to the actual partitions.
An empty domain partition is created so samdb layer can work.
When using partitions, metadata.tdb automatically gets created in
${prefix}ldb.d/ directory. To correctly clean up check if metadata.tdb
exists, then remove metadata.tdb and directory.
This was a hack for LDAP backends to store a sequence number as a
timestamp. It is still supported in standalone ldb tdb backend.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The test is wrong since the DNS_* (DS_DNS_CONTROLLER, DS_DNS_DOMAIN,
DS_DNS_FOREST_ROOT) flags are never set on the plain CLDAP pipe. They
get added only over the DsRGetDCName* calls over NETLOGON RPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Nov 27 16:23:27 CET 2011 on sn-devel-104
this is for a user who is doing DNS updates via key files rather than
GSSAPI. This allows the update to go through without a kerberos error
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 22 06:34:59 CET 2011 on sn-devel-104
Guys, we really should make sure to always add ndr tests like this whenever we
change some sensitive libndr or handmarshalling bits.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Sun Nov 20 23:10:39 CET 2011 on sn-devel-104
