IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Recent versions of Linux-PAM support localization of user prompts,
so Samba must use the C locale when invoking PAM (directly or via
/usr/bin/passwd) to ensure that password chat values match the prompts in a
locale-invariant fashion.
Jeremy.
We can't use POPT_COMMON_SAMBA as the -s option is
already used by -s, --sid-to-name=SID.
Also load the config file after processing the cmdline options
metze
If mDNS is supported, attempt to register the first port we are
listening on for the _smb._tcp service. This provides more reliable
service discovery than NetBIOS browsing.
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
