1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/libads
Alexander Bokovoy 4f577c7b68 sync machine password to keytab: handle FreeIPA use case
FreeIPA uses own procedure to retrieve keytabs and during the setup of
Samba on FreeIPA client the keytab is already present, only machine
account needs to be set in the secrets database.

'sync machine password to keytab' option handling broke this use case by
always attempting to contact a domain controller and failing to do so
(Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2309199).

The original synchronizing machine account password to keytab feature
did not have a mechanism to disable its logic at all.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 13 13:16:09 UTC 2024 on atb-devel-224
2024-09-13 13:16:09 +00:00
..
ads_ldap_protos.h s3:libads: add ads_set_reconnect_fn() and only reconnect if we can get creds 2024-05-14 10:18:31 +00:00
ads_proto.h s3:libads: Remove ads_keytab_create_default & friends 2024-07-26 17:12:36 +00:00
ads_status.c krb5_wrap: move source3/libads/krb5_errs.c to lib/krb5_wrap/krb5_errs.c 2020-02-10 16:32:37 +00:00
ads_status.h
ads_struct.c s3:libads: add ads_set_reconnect_fn() and only reconnect if we can get creds 2024-05-14 10:18:31 +00:00
authdata.c s3:gse: Implement gensec_gse_security_by_oid() 2024-05-14 10:18:31 +00:00
cldap.c s3-libads: Also handle the DS_WEB_SERVICE_REQUIRED flag in check_cldap_reply_required_flags() 2023-05-31 04:02:36 +00:00
cldap.h libads: Check cldap flags in libads/ldap 2017-05-30 08:06:06 +02:00
disp_sec.c s3:libads: Allocate ads->config.config_path under ADS_STRUCT talloc context 2022-06-27 15:50:30 +00:00
kerberos_keytab.c sync machine password to keytab: handle FreeIPA use case 2024-09-13 13:16:09 +00:00
kerberos_proto.h s3:libads: let ads_krb5_set_password() require an explicit krb5 ccache to operate on 2024-05-14 10:18:31 +00:00
kerberos.c s3:libads: Do not fail if we don't get an IP passed down 2024-06-04 19:49:36 +00:00
krb5_setpw.c s3:libads: let ads_krb5_set_password() require an explicit krb5 ccache to operate on 2024-05-14 10:18:31 +00:00
ldap_printer.c
ldap_schema_oids.h
ldap_schema.c libads: Save intermediate NULL checks with talloc_asprintf_addbuf() 2022-12-14 05:29:51 +00:00
ldap_schema.h
ldap_user.c
ldap_utils.c s3:libads: add ads_set_reconnect_fn() and only reconnect if we can get creds 2024-05-14 10:18:31 +00:00
ldap.c s3:libads: Remove ads_keytab_create_default & friends 2024-07-26 17:12:36 +00:00
net_ads_setspn.c s3:utils: add new 'net ads setspn delete' subcommand 2018-03-02 14:07:14 +01:00
sasl_wrapping.c s3:libads: always require ber_sockbuf_add_io() and LDAP_OPT_SOCKBUF 2024-04-23 23:50:34 +00:00
sasl.c s3:libads: finally remove unused ads_connect[_user_creds]() and related code 2024-05-14 10:18:31 +00:00
sitename_cache.c s3:libads: Fix code spelling 2023-07-13 05:41:36 +00:00
sitename_cache.h
tls_wrapping.c s3:libads: make use of talloc_stackframe() in ads_setup_tls_wrapping() 2024-05-14 10:18:31 +00:00
trusts_util.c s3: Sync machine account password in secrets_{prepare,finish}_password_change 2024-07-26 17:12:36 +00:00
util.c s3: Sync machine account password in secrets_{prepare,finish}_password_change 2024-07-26 17:12:36 +00:00