IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
more scalable:
The most efficient way is to use the "tokenGroups" attribute which gives
the nested group membership. As this attribute can not always be
retrieved when binding with the machine account (the only garanteed way
to get the tokenGroups I could find is when the machine account is a
member of the "Pre Win2k Access" builtin group).
Our current fallback when "tokenGroups" failed is looking for all groups
where the userdn was in the "member" attribute. This behaves not very
well in very large AD domains.
The patch first tries the "memberOf" attribute on the user's dn in that
case and directly retrieves the group's sids by using the LDAP Extended
DN control from the user's object.
The way to pass down the control to the ldap search call is rather
painfull and probably will be rearranged later on.
Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2.
Guenther
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
to make connections to ports 445 or 139 on the DC it's trying
to contact. It calls sys_select() on the non-blocking sockets,
not sys_select_intr(). This is a mistake (I believe) as it allows
a signal to early terminate the connection attempts - whereas
sys_select_intr() will ignore signals until we get back to
the main processing loop where they'll be handled correctly.
This change means winbindd_cm will not early terminate if it
gets a message whilst trying to connect to DC's.
Gunther, Volker and Jerry please review (but I think this
is correct).
Jeremy.
fsp pointers. Ensure we cope with this to pass Samba4
DENY tests (we used to pass these, there must have been
a regression with newer code). We now pass them.
Jeremy
close fd=-1 fnum=4321 (numopen=1)
close_file: Could not get share mode lock for file $Extend/$Quota:$Q:$INDEX_ALLOCATION
unix_error_packet: error string = Das Argument ist ungültig
error packet at smbd/reply.c(3325) cmd=4 (SMBclose) NT_STATUS_INVALID_HANDLE
so a fake file needs special close handling I think. Jeremy, can you check
this?
Thanks,
Volker
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
