IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
(This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
stack tracing support. This provides an easy way for users to provide
stack traces (hopefully it will be implemented on something other than
ia64).
(This used to be commit 0b5e07e12daa98095dae27e0a6d53fe8ec3f3700)
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
handling anymore when we remove $(LIBS) from pam_winbind again.
Also make sure to build our own copy of iniparser with -fPIC.
Guenther
(This used to be commit e32c4f6f6e090ca5babe9f131bbcb9babedcec05)
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
/etc/security/pam_winbind.conf as config file for the PAM module by
default.
Guenther
(This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
Samba3 - with some 64-bit macro madness. Attempt to fix
the broken directory handling in the *BSD-of-the-month
club.
Jeremy.
(This used to be commit fd98427f64f4206c01f16f82fadf24f5863878db)
for module in ; do ... ; done
leads to an error (true64, solaris 8).
We now use {,UN}INSTALL_PAM_MODULES to get replaced by configure.
Therfore we don't run into the {,un}installpammodules rule if no PAM
module is requested.
Thanks to Björn Jacke for pointing to this issue.
(This used to be commit 07a70f8f861235ba4037aacb9cc835b6d18f51c3)
I'll try to add some tests using samba3's smbtorture and smbclient
later.
can someone check if this would be save to run on the build-farm
without leaking child processes...
metze
(This used to be commit 899fd6808ebd04d039caf7199c60d34a4987b43a)
Nothing happens if PAM_MODULES is empty which is our default.
The default destination dir is "${LIBDIR}/security". It's possible to
overwrite the default with --with-pammodulesdir while calling configure.
(This used to be commit 7163c6860549378fa63907048c4eb34fe81835cc)
- add configure tests --with-selftest-prefix=/tmp/samba-test
this is needed because the path name of unix socket can only be 108 chars long
- add configure test --with-smbtorture4-path=/home/foo/prefix/samba4/bin/smbtorture
this will be used to run samba4's smbtorture inside samba3's make test later
metze
(This used to be commit d9df1853b947c70f747ea30a353162f2985ef250)
called as part of the all rule (again only if pam modules are requested
by configure).
Add pam_winbind rule.
Ensure proto_exists before we build the pam modules.
Add test_pam_modules rule to test if the built pam modules have any
unresolved symbols. For test_pam_modules we use script/tests/dlopen.sh
which was written by Nalin Dahyabhai <nalin@redhat.com>. Thanks Nalin!
RedHat and SuSE use this script to test nss and pam modules since
several years.
(This used to be commit 71b2eb55adcd28f3796254ea1ce0bcee6098e712)
The intention is to have the resulting binaries at one place. This is
also usefull for upcoming changes to provide a test_pammodules rule.
With these changes I even got aware of
testsuite/nsswitch/pam_winbind_syms.exp But this only covers
pam_winbind.
(This used to be commit 9883957b74ddefb5293e4aef0cc2f53ee4d417ac)
* add support for %(DomainSID)
* replace standard_sub_XXX() functions with wrappers around their
alloc_sub_XXX() counterparts
* add support for using SIDs in read list, et. al. (anything that
is checked by nt_token_contains_name_in_list())
(This used to be commit 71d960250d2c6d01096a03e98884d3f9c395baa0)
Ignore script/gen-8bit-gap.sh in branches/SAMBA_3_0/source/script as we
already do in trunk.
(This used to be commit b974b1879c1bded616becb77fa34f071a5f43ecc)
to substitute rootsbindir in {,un}installbin.sh.in.
Pass $prefix as third arg to installbin/ uninstallbin as rootsbindir by
default is $prefix/sbin.
(This used to be commit 7773b8c9e0ad7bcff1312f28ca9cd17d7677e9bd)
I suggest to stay with ^BASEDIR= @prefix@$ for at least the next release
to give external projects - like samba-vscan project - time to adopt
this change.
BASEDIR is non of the default autoconf variables. prefix is.
Jerry1: If possible please announce this with the next release. I'll
self reply to technical.
Jerry2: This does not break your makepkg stuff as you set BASEDIR
_not_ from the Makefile.
(This used to be commit 730d5ec22948c579a81137051134657043c34415)
