I've been doing a few doc updates in HEAD, and was about to merge them
to 3.0 - but I'm not quite sure what the status is, given we seem to
have a slightly different syntax in HEAD (XML compliant?)
So, should I just merge my text changes, or wait for the lot to be
merged or?
Andrew Bartlett
look different to Win2k in this regard?
Do some comparative traces, look at what names your Win2k servers have
registered etc. It would be interesting to track this down.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems
way, of obtaining the global
groups?
Samba's group support only really started to anywhere in Samba 3.0, with
the 'group mapping' code being added.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL
. And don't be afraid to
repost a patch if it seems to have been ignored.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
On Sat, 2003-02-01 at 08:54, Andrew Bartlett wrote:
On Fri, 2003-01-24 at 15:08, Ken Cross wrote:
Hmm ... the helpful email client wrapped some of the lines. The patch
is attached.
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf
' is set, rather than 'security=ads'.
Or if 'net rpc changetrustpw' is run.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
all this we might even be able to kill off
unixsam without all that - possibly just serving rids 500 and 501.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker
get a chance.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
,
which can trigger the nss libs to talk to winbind again.
After that, we just have a few little details to sort out, like putting
the domain trust passwords into the PDB (allowing them to be shared via
LDAP).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
On Wed, Jan 22, 2003 at 12:41:34AM -0600, Christopher R. Hertel wrote:
On Wed, Jan 22, 2003 at 05:30:45AM +, Andrew Bartlett wrote:
On Tue, Jan 21, 2003 at 09:13:38PM -0600, Christopher R. Hertel wrote:
I *think* it's a rule that Kerberos authentication is always used with
SMB over
/ntlm_auth.c in Samba HEAD for what we have at the moment - currently
it is designed to support Squid, but I'm working with thm on slightly adjusting
the 'helper protocol'.
Andrew Bartlett
there is no per-port stuff.
Andrew Bartlett
this.
I would like to see what it's doing - grab CVS ethereal and decode the
password change, see what goes where.
It's quite possible that the password restriction is being partially
enforced on the local machine.
Andrew Bartlett
Any other comments are welcome.
Thank you *very much* - enjoy
, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The End
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
this as root, so the
modules-as-shipped will bypass the checks.
If we have to get some custom PAM configuration then we are better to
just bring it into smbd.
Bear in mind, too, that Andrew Bartlett is doing much work
within Samba to rationalise and add modular flexibility to its
authentication
index) in ldbm on OpenLDAP
about 2.0.10. I ended up moving to the latest 2.1, and also moved to
'bdb' - which is considered a more stable back-end.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL
'
and login as NT_STATUS_ You will soon figure out if it's a good
choice of error.
Andrew Bartlett
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
(debug 3 and above):
Thanks for that - I've applied it to HEAD and will merge to 3.0 shortly.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL
contributors on their free-time.
I don't mind answering a few questions.
Andrew Bartlett,Unknown / Self-financed
Most of my interesting work on Samba has been Self-financed, but I've
done various consulting/contracting jobs related to Samba, and use it
extensively as a sysadmin. Other than that, I'm
the user in the SAM anyway.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
Linux (I assume there is a client...).
This would be more interesting with Win2k clients doing kerberos
authentication and getting access to previously unix-only resources.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems
haven't found any problems with it yet.
Thanks for this - I didn't apply exactly this patch but it inspired me
to write something I believe is correct. I applied it to HEAD and 3.0,
and will back-port to 2.2.x.
Thanks once again !
Jeremy.
PS. Andrew Bartlett - we now pass the torture
3.0 - there is a new
option called 'ldap password sync' that works with Samba's existing
pdb_ldap to set the user's password, using Samba's administrative
rights.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team
, and should not be made to work that way.
If you want that, then you have malloc() and free().
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL
take care of this.
Yep - will do. While yes, that is the 'correct' fix, the implementation
in code isn't as straight-forward, particularly if we want changes to a
user's 'homedir' to be updated. I'll certainly keep an eye on this one.
Andrew Bartlett
--
Andrew Bartlett
-instate this functionality as an auth module
will probably be accepted, if people really want it...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
On Fri, 2003-01-03 at 11:31, Kenneth Stephen wrote:
On 3 Jan 2003, Andrew Bartlett wrote:
On Fri, 2003-01-03 at 10:50, Steve Langasek wrote:
Hi Kenneth,
It appears that the --with-krb5 option is currently used in connection
with exactly this feature, and that the previous
,
easily assuming you know how to go about setting up Kerberos).
And telling Samba about that machine's keytab. Currently Samba needs to
know the original plaintext password for the machine.
It's been on my todo for a while - a long while...
Andrew Bartlett
--
Andrew Bartlett
into a text file called
'MACHINE.SID'. That should help fix the most annoying problem. In
fact, I don't think that part of the secrets.tdb changed format, so it
might 'just work'. Things like LDAP secret and the like did however.
Andrew Bartlett
--
Andrew Bartlett
should be able to turn down just the passdb section in smb.conf if
you like. What other level 10 debugs do you need, that this is
cluttering?
Anyway, I don't mind much, becouse I run with level 100 (and then wonder
why I get /tmp full of packet captures :-)
Andrew Bartlett
--
Andrew Bartlett
not be the best unix-unix file system, but a lot of
people much prefer this over NFS...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL
?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
/ urls welcomed)
Server manager on NT will show you that - I don't think Samba has a
remote client for that at present, but it would not be particularly hard
to write.
Or is there another way to do it via network sniffing ?
thanks a lot !
regards,
Guillaume
--
Andrew Bartlett
that surrounds the password change, so as to pick out
NTSTATUS values.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
wouldn't be particularly useful. Is there any
concerted effort to document such issues, where I might forward this
hint?
Very interesting. This was the same setup Andrew Bartlett was saying
didn't work for him at the CIFS conference. Seems like you have to leave
the domain first...which
just_change_the_password()
OK - I'll take the blame on that one :-)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
need to stare at this a bit
more...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org
on 127.0.0.1) to perform
this operation without having a setuid application.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
On Mon, 2002-12-30 at 14:37, Andrew Bartlett wrote:
This code on line 203 of smbd/posix_acls.c maps the unix execute
permission to the windows execute.
if (mode S_IXUSR) {
if (conn-vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_EXECUTE)
== -1
to
keep trusted domains using as much common code as possible.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org
be a few
more flags in there we didn't know about.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
Mark at all?
Instead, I would avoid the extra operation (if something failed already,
then don't risk that something else could fail too) and just leave that
uid/gid 'dead'.
Andrew Bartlett
+{
+int hwm;
+
+/* Get current high water mark */
+
+if ((hwm = tdb_fetch_int32
is for was originally written.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
in that directory,
mangle it, and check it for a match. This can certainly get slow on
large directories. However, the penalty should only be payed on the
open(), not on each write. (And we do cache etc)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
, even when the right password is entered (it will try
again with the other password (NT or LM) in this case).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker
' :-). (Of course, GMT is never on daylight savings).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
it in LDAP - I would like to see a 'domain' record that contains things
like this, account policies - so we don't need to worry about TDBs for
basic PDC/BDC operation.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba
domain logons), while 'locking' on the session. (if that
makes any sense).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
integrating account policy support.
Alternatively, how difficult would it be to modify Samba to support an
option like this directly, within the constructs of the smbpasswd file?
Yes, your best option is to modify Samba,
Andrew Bartlett
--
Andrew Bartlett
permissions 'correctly', while not allowing users to put porn on a
college-wide desktop...
How does this sound? Am I at least slightly close to the mark?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED
complications on BDCs, but it probably
the best place to start.
We already have an account policy (lib/account_pol.c) to 'set' this
behavior, so that should probably control the new feature.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager
slightly ANSI C compliant compiler...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org
On Sat, 2002-11-23 at 19:01, John H Terpstra wrote:
On 23 Nov 2002, Andrew Bartlett wrote:
On Sat, 2002-11-23 at 14:46, xfesty wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hiya.
Is there anyway to make non changable roaming profiles for all users
with XP
I was wondering what the status of the Samba code to support the 'open'
smbtorture test is?
I remember when you added it, you were going to look at how to support
the Win2k behavior in Samba, and I saw some checkins, but we still fail
the test on the build farm.
Thanks,
Andrew Bartlett
...).
Andrew Bartlett
response-extra_data = NULL;
/* Read variable length response */
Start ---
if (response-length sizeof(struct winbindd_response)) {
int extra_data_len = response-length -
sizeof(struct winbindd_response
Full_Name: Russell Greene
Samba_Version: 2.2.6
Server_OS: N/A
Client_OS: N/A
Submission from: (NULL) (128.12.177.14)
Hello. This potential bug was found using a checker on the Samba source.
Please verify.
I am assuming that sys_fstat is a wrapper for fstat and therefore takes input
are more than simple config stuff.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org
, or the global/local group called Everyone.
I'm interested in how this lot works - the .man stops NT uploading the
changes - but does it still need write permissions or not? I'm just
worried about users deliberately messing with their profiles.
Andrew Bartlett
--
Andrew Bartlett
Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
for this purpose. Win2k still doesn't disclose the
passwords, and it appears NT and Win2k use a different algorithm between
them.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
variables is always a little
system-dependent. The new patch attempts to avoid this.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL
of things, it's
just that the current replacement (taken directly from the relevant
linux manpage) doesn't actually appear to work.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
On Thu, 2002-11-14 at 03:18, Kris Van Hees wrote:
On Wed, Nov 13, 2002 at 06:09:05PM +1100, Andrew Bartlett wrote:
On Wed, 2002-11-13 at 17:28, Kris Van Hees wrote:
Well, that is not the case, since for the underlying filesystem it is usually a
very valid name. The fact is just
On Fri, 2002-11-15 at 19:40, Tim Potter wrote:
On Fri, Nov 15, 2002 at 07:32:06PM +1100, Andrew Bartlett wrote:
In the Samba HEAD and 3.0 branches however the parameter behaves more
like the RestrictAnonymous registry setting. Only 'restrict anonymous = 1'
is currently supported
'
is currently supported though.
I'm going to do some research, and figure out exactly what 'restrict
anonymous = 2' does. If it denies all guest logins, then it is trivial
to implement.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication
On Sat, 2002-11-16 at 06:09, David Collier-Brown -- Customer Engineering
wrote:
Andrew Bartlett wrote:
Well, it just means that we need to find a real replacement for
gmtime(). Any chance you could have a look at that function, and see if
you can figure out why the current replacement
be wrong.
Can somebody else confirm this?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
machine in the GMT timezone?
My thinking is that the gmtime() replacement might not be functioning
correctly.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker
a look at that function, and see if
you can figure out why the current replacement doesn't work?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
, then you probably now have a +10
hour problem in the time. Samba uses the time the ldap server sends to
avoid time skew problems, hence having those timegm() functions in the
first place...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication
that function incorrectly, then you could get
problems with the fact that AEDST != GMT :-). You might want to
double-check that actually. See if the problem 'goes away' if you set
the system time zone to GMT...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
interface. I have a proposal out for an ntlm_auth
program that will provide a stable interface here (squid needs it in
particular) but I have not yet had time to implement it.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems
issue is fixed too.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
, as the pointer
might change, or they might be stack strings, but of what size?
And I'm glad it generates compiler warnings, because it should make you
stop and think 'is this actually a good idea'.
What exactly were you wanting to do anyway?
Andrew Bartlett
--
Andrew Bartlett
On Wed, 2002-11-13 at 16:08, Kris Van Hees wrote:
On Wed, Nov 13, 2002 at 03:43:08PM +1100, Andrew Bartlett wrote:
On Wed, 2002-11-13 at 15:24, Kris Van Hees wrote:
On Wed, Nov 13, 2002 at 03:08:26PM +1100, Andrew Bartlett wrote:
Well, I think that doing so would be *very* dangerous
On Wed, 2002-11-13 at 16:35, John E. Malmberg wrote:
Andrew Bartlett wrote:
On Tue, 2002-11-12 at 16:10, John E. Malmberg wrote:
The exception is much more than that - all sorts of things go over
IPC$, and they are protected by their individual ACLs. Enumerating
users, all sorts
On Wed, 2002-11-13 at 16:58, Kris Van Hees wrote:
On Wed, Nov 13, 2002 at 04:24:22PM +1100, Andrew Bartlett wrote:
On Wed, 2002-11-13 at 16:08, Kris Van Hees wrote:
I do not think that I should solve it with MSDFS itself, since that is a very
specific Microsoft thing. Adding @sys
On Wed, 2002-11-13 at 17:28, Kris Van Hees wrote:
On Wed, Nov 13, 2002 at 05:16:38PM +1100, Andrew Bartlett wrote:
Well, I think making the MSDFS resolving code pluggable would be a good
thing.
Agreed.
MSDFS works by the server attempting saying 'not here' to a file open
).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
have nasty consequences when mapping back and forth
between uids and RIDs. (We are working hard to ensure that there is
only one point at which uids and RIDs are mapped, and currently this is
in the passdb.)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
On Tue, 2002-11-12 at 13:16, John E. Malmberg wrote:
Andrew Bartlett wrote:
Because the Guest account is a 'well known' account, and as such
should have a fixed RID. This is enforced via the passdb backend
because to do otherwise would have nasty consequences when mapping
back
On Tue, 2002-11-12 at 14:48, John E. Malmberg wrote:
Andrew Bartlett wrote:
On Tue, 2002-11-12 at 13:16, John E. Malmberg wrote:
On a related note, does SAMBA still use the guest account in place
of the (unkown) internal user for enumerating shares?
An NT client can not browse
On Tue, 2002-11-12 at 16:10, John E. Malmberg wrote:
Andrew Bartlett wrote:
In Samba, access by the guest user is determined per-share, so I'm
not sure exactly what you mean here.
The NT behavior is that if the guest account is enabled, than if any
shares have the everyone group
, if you can get that, and also try the lastest 3.0 CVS
(pserver.samba.org), that will help us to chase it down.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator
available download was marked up in HTML).
In the process, I manage to break it for most of last week :-(. I have
fixed that now and extended the system. It now also copes with new and
deleted files, including them in the diff output.
Andrew Bartlett
--
Andrew Bartlett
of behaviour.
So, what do people think? Is this the right way forward? Or should we
strictly emulate NT4 (not possible - as far as I can tell - given macro
issues).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team
to the local user, or the 'admistrator'. Either way, just
run 'net join -Uadministrator' and type in the password.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator
it
a bit difficult to debug pretty much anything since logs get overwritten all
the time.
I noticed that. It looks like a problem with jelmer's popt work.
Andrew Bartlett
, and then
the profiles were accessed under Samba-head.
The translation schemes were different.
This is going to bite us badly, as sites upgrade. Is there any way we
can make this more automatic?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager
On Mon, 2002-11-04 at 16:27, Steve Langasek wrote:
On Sat, Nov 02, 2002 at 06:36:47PM +1100, Andrew Bartlett wrote:
I've just committed a patch that adds a new 'ldap trust ids' smb.conf
option.
Currently defaulting to off, this option allows pdb_ldap to use the ldap
server directly
Mimir: When you get your trustdom patch together, don't forget that:
srv_netlog_nt.c:_net_trust_dom_list()
also needs to be picked up for the DC side. - so far we are only getting
it right in the SAMR call. Now that seems to be the one that's actually
called, but anyway...
Andrew Bartlett
Jean Francois Micouleau wrote:
On Sat, 2 Nov 2002, Andrew Bartlett wrote:
I've just committed a patch that adds a new 'ldap trust ids' smb.conf
option.
Currently defaulting to off, this option allows pdb_ldap to use the ldap
server directly to determine if a user 'exists' in unix
make it scriptable, and able to use a libsmbclient.so in a
non-standard location, then this would be very useful to add to the
build farm.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student
The openldap-devel list doesn't like non-members, so I'll just have to
see if we have any local LDAP gurus...
Andrew Bartlett
Original Message
Subject: Tracking replication changes back to local mirror
Date: Sat, 02 Nov 2002 15:38:19 +1100
From: Andrew Bartlett [EMAIL PROTECTED
get some feedback on exactly how much this helps.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
and if it is safe.
We are using only samba servers.
You could, but you really don't want to. Security=server
is really nasty. Fix whatever is causing Samba to pick the
wrong DC for secruity=domain. You can still specify the
server to use.
Andrew Bartlett
On Thu, Oct 31, 2002 at 12:20:25PM +0100, Ignacio Coupeau wrote:
Andrew Bartlett wrote:
On Thu, Oct 31, 2002 at 11:33:15AM +0100, Ignacio Coupeau wrote:
We have several samba printservers and fileservers with
security=server validating against several PDC with ldap (samba 2.2.6).
I
of the ansi 24 char password?
Some clients (Win9X) don't send the 'unicode' NT response.
Now that ntlm v2 is here, does this mean we will have a database with 3
different sets of credentials?
It uses the NT hash.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
support for this, but I need to double-check our NTLMSSP
implementation (some things changed there that I may have broken it).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
Alexander Bokovoy wrote:
On Sun, Oct 27, 2002 at 02:14:54PM +1100, Andrew Bartlett wrote:
I was wondering, would you have time to look at the netlogon unigroup
issue again?
I'll add this to TODO list. I finally have an arragement to dedicate
up to 8-16 hrs of work time per week to Samba
101 - 200 of 417 matches
Mail list logo