sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
ae2454c5be
samba-mirror/source4/auth
History
Stefan Metzmacher ae2454c5be auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC 
Currently we always map any incoming domain to our own domain
in map_user_info_cracknames(), so that the winbind module is never
used at all, e.g. we're DC of W4EDOM-L4.BASE with a forest trust to W2012R2-L4.BASE:

  [2017/03/22 10:09:54.268472,  3, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
    auth_check_password_send: Checking password for unmapped user [W2012R2-L4]\[administrator]@[UB1404-163]
  [2017/03/22 10:09:54.268496,  5, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth_util.c:57(map_user_info_cracknames)
    map_user_info_cracknames: Mapping user [W2012R2-L4]\[administrator] from workstation [UB1404-163]
    auth_check_password_send: mapped user is: [W4EDOM-L4]\[administrator]@[UB1404-163]

That means the only condition in which "sam_ignoredomain" returns
NT_STATUS_NOT_IMPLEMENTED is the RODC case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-24 11:57:10 +01:00
..
gensec s4:gensec_gssapi: Correctly handle external trusts with MIT 2017-03-10 11:37:22 +01:00
kerberos Correct "specifiy" typos. 2017-02-22 08:26:23 +01:00
ntlm auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC 2017-03-24 11:57:10 +01:00
auth.h auth4: let auth_check_password* return pauthoritative 2017-03-24 11:57:09 +01:00
pyauth.c python: samba.auth: Port samba.auth to Python 3 compatible form 2017-03-10 07:31:11 +01:00
pyauth.h pytalloc: Use consistent prefix for functions, add ABI file. 2011-08-10 15:36:21 +02:00
sam.c s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc() 2016-06-30 03:30:26 +02:00
samba_server_gensec.c gensec: move event context from gensec_*_init() to gensec_update() 2011-10-18 13:13:33 +11:00
session.c CVE-2014-8143:auth: Force talloc type of session_info pointer to match 2015-01-15 12:33:08 +01:00
session.h Fix public header not to include private (not installed) ones. 2011-03-14 17:01:20 +01:00
system_session.c s4: fix wrong index usage PRIMARY_USER_SID_INDEX when it should have been PRIMARY_GROUP_SID_INDEX 2011-06-19 23:21:08 +02:00
unix_token.c wbclient: "ev" is no longer used in wbc_sids_to_xids 2016-09-28 00:04:36 +02:00
wscript_build python: samba.auth: Port samba.auth to Python 3 compatible form 2017-03-10 07:31:11 +01:00
wscript_configure s4:auth/gensec: remove unused and untested cyrus_sasl module 2015-06-23 22:12:08 +02:00