| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
(cherry picked from commit 04f8c229de7ffad5f4ec1a0bb68c2c8b4ccf4e15)
(cherry picked from commit da926c1249705b95344730539c64111876955151)
|
| |
|
|
|
|
|
|
| |
samba.
Guenther
(cherry picked from commit 3d679a3b5fc208d8521217f6a4b4d9037b609b9b)
(cherry picked from commit 5b051c7accf5f88e46d86e9afa4da0e4152f0fd3)
|
| |
|
|
|
|
| |
Guenther
(cherry picked from commit 4a1b50afd567313cc25d5bbc14e01e170aa62a00)
(cherry picked from commit 488e228fc9b469c6b40a372c0f2ff0658e176c27)
|
| |
|
|
|
|
|
|
|
| |
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is
an error for Device Context (DC), not Domain Controller
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
(cherry picked from commit d9994a604bd51949a9869927bdc2cb512fba9171)
(cherry picked from commit e9cb12953f191489b34e84547fc84841ff29515a)
|
| |
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Also check that the connection to ads worked.
|
| |
|
|
|
|
| |
struct.
Guenther
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
|
| |
|
|
|
| |
It is not used anywhere else, so make it also static and remove
it from proto.h
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| | |
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
the system one is broken.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| | |
This is particuarly in the netlogon client (but not server at this
stage)
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
|
| |/
|
|
|
|
|
| |
This file (contining metze's decryption routines) is now also be used by
Samba3's DRSUAPI implementation
Andrew Bartlett
|
| |
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().
This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
when filled in.
Guenther
|
| |
|
|
|
|
|
|
|
|
| |
libnet_samsync_delta().
We absolutely need to avoid messing with the sync_context as that breaks the
stream of replication data coming from the DC (only replicates ~350 instead of
~4000 groups).
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Michael
|
| |
|
|
| |
Guenther
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Jeremy
|
| |
|
|
|
| |
attribute warn_unused_result. Start to fix these.
Jeremy.
|
| |
|
|
| |
metze
|
| |
|
|
|
|
|
|
| |
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
