summaryrefslogtreecommitdiff
path: root/source/utils/net_ads.c
Commit message (Collapse)AuthorAgeFilesLines
* syncing up to 3.0.0rc1Gerald Carter2003-08-151-4/+4
|
* starting to sync up for beta3Gerald Carter2003-07-161-8/+60
|
* starting to sync for 3.0beta2Gerald Carter2003-07-011-13/+27
|
* working on creating the 3.0 release treeGerald Carter2003-06-061-14/+20
|
* Merge from 3.0 - fix domain joins not to always join as BDC.Andrew Bartlett2003-04-221-6/+1
|
* Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett2003-04-161-5/+12
| | | | | | | | | | | | | workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett
* Change ADS CHOSTPASS to ADS CHANGETRUSTPW and add aJelmer Vernooij2003-04-141-4/+9
| | | | | general CHANGETRUSTPW that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW depending on what we have.
* Changes to help the kerberos change password code work on systems thatAndrew Bartlett2003-03-161-0/+9
| | | | | | | | | have some of the labels 'duplicated' (ie, the defines double-up). Also, to an ads_connect() to try and find our KDC. (So we don't segfualt *every* time) Andrew Bartlett
* Minor fixes.Andrew Bartlett2003-03-151-1/+1
| | | | | | | | - signed/unsigned - quieten warning about assignment as truth value - whitespace Andrew Bartlett
* Patch from Ken Cross <kcross@nssolutions.com> to take a username in the formAndrew Bartlett2003-03-121-0/+11
| | | | | | of user@realm for kerberos logins. Andrew Bartlett
* For some reason some attributes in ADS do not appear (and are not available)Andrew Bartlett2003-02-251-1/+63
| | | | | | | | | in general searches, but only if searching for the DN only. In my case, it was the tokenGroups attribute that caused me trouble, hence this patch. Andrew Bartlett
* Whenever we have a password, use the in-memory ccache. This fixes a bug whereAndrew Bartlett2003-02-241-2/+3
| | | | | | we were overwriting the user's ccache with the machine password (the -P option). Andrew Bartlett
* Fixed another compiler warning.Tim Potter2003-02-211-1/+1
|
* Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett2003-02-151-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett
* Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett2003-02-011-1/+7
| | | | | | | | blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett
* * removed unused variable from rpcclient codeGerald Carter2003-01-151-2/+2
| | | | | * added container option to net command (patch from SuSE) * Makefile patch for examples/VFS from SuSE
* add help text for 'net ads lookup'Andrew Tridgell2003-01-141-0/+2
|
* BIG patch...Andrew Bartlett2003-01-021-7/+13
| | | | | | | | | | | | | | | | This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett
* Forward port the change to talloc_init() to make all talloc contextsJeremy Allison2002-12-201-2/+2
| | | | | named. Ensure we can query them. Jeremy.
* jcmd really should run with a higher compiler warning level more often :-).Jeremy Allison2002-11-231-1/+1
| | | | Jeremy.
* Back out some goofs that accidentally checked in with printer publishing.Jim McDonough2002-11-181-3/+3
|
* Next step of printer publishing.Jim McDonough2002-11-181-34/+37
| | | | | | | | net ads printer publish <printername> [servername] Will retreive the DsSpooler and DsDriver info by rpc for a remote server then publish it. Next comes doing it within smbd
* Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison2002-11-121-26/+19
| | | | | | dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy.
* Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell2002-09-171-14/+12
| | | | the DC being out of sync with the local machine.
* Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett2002-09-061-1/+1
| | | | | | | | | | | | | to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett
* convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell2002-08-301-0/+4
| | | | | | | | | | | | | | | | we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS
* added a 'net ads lookup' command that does a CLDAP NetLogon query to aAndrew Tridgell2002-08-191-0/+26
| | | | | win2000 server. It does seem to work, and win200 sends us a valid reply, but we don't parse it yet. Maybe tomorrow :)
* fixed 'net ads chostpass' for new ads structuresAndrew Tridgell2002-08-061-1/+11
|
* added 'net rpc testjoin' and 'net ads testjoin' commandsAndrew Tridgell2002-08-051-0/+42
| | | | | unfortuately we don't seem to be able to auto-test the ADS join due to a rather nasty property of the GSSAPI library.
* This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell2002-08-051-29/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm
* make sure that 'net ads info' gives info on the server we specify, notAndrew Tridgell2002-07-311-0/+4
| | | | our smb.conf setup.
* net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell2002-07-301-0/+1
| | | | very useful in scripts
* Support utf8 on the wire for ads ldap. DN's are converted, as well as strings,Jim McDonough2002-06-241-10/+20
| | | | | | | | | | | | | | though it is up to the calling function to decide whether values are strings or not. Attributes are not converted at this point, though support for it would be simple. I have tested it with users and groups using non-ascii chars, and if the check for alphanumeric user/domain names is removed form sesssetup.c, even a user with accented chars can connect, or even login (via winbind). I have also simplified the interfaces to ads_mod_*, though we will probably want to expand this by a few functions in the near future. We just had too many ways to do the same thing...
* added a 'net ads search' command, similar to 'ldapsearch' but using theAndrew Tridgell2002-06-031-7/+70
| | | | | | | | Samba LDAP code. I have found using 'ldapsearch' rather frustrating, particularly with kerberos authentication. Using 'net ads search' makes it easier to track down ADS problems.
* Allow initial password set on net ads user add. I need to do this onJim McDonough2002-05-231-3/+30
| | | | | rpc and rap too. Anyone know what key I'm supposed to use to encrypt it for the rap one?
* Add ads group add and delete, allowing converged net group command.Jim McDonough2002-05-091-16/+106
| | | | Also update some of the help info.
* fixed the fallback to a BDC for ADS connectionsAndrew Tridgell2002-04-181-5/+4
|
* Rename of ads_do_search_all2() to ads_do_search_all() and removal ofJim McDonough2002-04-101-23/+11
| | | | server sort controls. Also put option externs in the net.h include.
* Use the new ads_do_search_all2 function. It provides sorted results. We nowJim McDonough2002-04-051-30/+18
| | | | | also filter out users that end in '$', which gives us the same results as the net rpc user and net rap user.
* Lots more net consistency work:Jim McDonough2002-04-051-10/+1
| | | | | | | | - Added net_help.c for unified help when possible - Added net rpc user listing, delete, info commands - Unified net user command to autodetect ads/rpc/rap (try in that order) - Added generic routine for detecting rpc (protocol > PROTOCOL_NT1) - I'm sure I forgot something.
* More updates for auto-detecting server connection method. Added net_ads_check()Jim McDonough2002-04-041-5/+38
| | | | | | to make a connection (which stores the password in a global so it can be used by rpc or rap function if ads fails) and close it to verify if ads method should be used.
* Add non-ads version of net_ads_help for build on non-ads machines.Jim McDonough2002-04-041-0/+6
|
* Correct error string function call to ads_errstr()Jim McDonough2002-04-041-3/+3
|
* Add net ads user subcommands: add delete info. Also make user listing formatJim McDonough2002-04-041-12/+169
| | | | consistent with rap version.
* Re-implemented net ads user and net ads group to use the newJim McDonough2002-03-291-14/+50
| | | | | ads_process_results function. Also made sure net rap user and net ads user display the same thing, to make auto-transport-detection smoother.
* make net ads info work with -SAndrew Tridgell2002-03-211-4/+5
|
* make "net ads user" and "net ads group" also use the new paged interfaceAndrew Tridgell2002-03-191-30/+16
|
* Fix build for non-ads caseJim McDonough2002-03-161-0/+5
|
* Expose net_ads_join to allow for auto-transport-detection for net joinJim McDonough2002-03-151-1/+1
|
* Add paged search requests to net ads user and net ads group commands, ↵Jim McDonough2002-03-141-21/+32
| | | | allowing more than 1000 (or whatever the query limit is on the server) objects to be returned. Printers will come next.
View Lorry Controller Status