IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
The DC is now using smb signing, so testing for the old SMB versions
won't work.
Add a new test script to check 'net join' independent of
blackbox.smbclient.
Andrew Bartlett
(This used to be commit 44ff392ffea52e89a3ac096a6d381ae540d3473c)
The MS-ADTS document has quite detailed instrucitons on how these
flags should be processed. This change also causes the correct
sign-wrapping to occour, as these are declared as signed integers.
Andrew Bartlett
(This used to be commit 5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.
Andrew Bartlett
(This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128)
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
This reverts commit 2a4fb661d7e3d601a5eb9ccecb4d4f2b07073097.
(we don't need inflateReset2 anymore)
metze
(This used to be commit ac43081b93966b545928230f7af8654b942432da)
This reverts commit 0dbbc287f65a51330c5309df5a96b3acd4d044d5.
(we don't need inflateReset2 anymore)
metze
(This used to be commit 426d129dfff1e2d3750884abb68089ff1850e640)
when changing file size using SMBwrite of size zero,
SET_END_OF_FILE, or SET_ALLOCATION_SIZE - no 2 second
delay in these cases.
Jeremy.
(This used to be commit 3aa7523d7750fe30d1e6bb5a75ac42b681b9e493)
(this does not change the file server role, and only really changes
what 'server signing = auto' means)
Optional signing really isn't any benifit to network security.
In doing so, allow anonymous clients (if permitted by policy) to log
in without signing, as Samba3 does not sign these connections (which
would use an all-zero key, so pointless).
Andrew Bartlett
(This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797)
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
This uses Heimdal's PAC parsing code in the:
- LOCAL-PAC test
- gensec_gssapi server
- KDC (where is was already used, the support code refactored from here)
In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.
Andrew Bartlett
(This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
