sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
21,409 Commits 60 Branches 1,145 Tags 453 MiB
ea38e1f836
Commit Graph

4 Commits

Author SHA1 Message Date
Jeremy Allison
5ae3564d68 r17970: Add missing include-guards around ads.h and ads_cldap.h. 
Remove all reference to "Default-First-Site-Name" and
treat it like any other site.
Jeremy.
 2007-10-10 11:39:44 -05:00
Jeremy Allison
9be4ecf24b r17945: Store the server and client sitenames in the ADS 
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
 2007-10-10 11:39:01 -05:00
Jeremy Allison
ab3f0c5b1e r17928: Implement the basic store for CLDAP sitename 
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
 2007-10-10 11:38:59 -05:00
Gerald Carter
4c4ea7b20f r15543: New implementation of 'net ads join' to be more like Windows XP. 
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
 2007-10-10 11:16:57 -05:00