wrote:
Is anyone running these together successfully?
Looks like the api change Andrew has been warning about happened.
If so, I will update the FAQ, probably should be in release note as
well.
Jerry
--
Andrew Bartlett [EMAIL PROTECTED]
Manager
be changed.
The 'easy' bits have been commited - the rest need a bit of work, or at
least a bit more explaination.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator
quite other topic.
I would like to see a patch for this at some stage - it frustrates me
too...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
Rafal Szczesniak wrote:
On Fri, Sep 06, 2002 at 11:39:52PM +1000, Andrew Bartlett wrote:
Rafal Szczesniak wrote:
This is a patch consisting of various fixes. Short list
includes:
- using user_info.client_domain structure (from user supplied auth info)
instead
Richard Sharpe wrote:
On Sun, 1 Sep 2002, Andrew Bartlett wrote:
Richard Sharpe wrote:
Hi,
Having looked at mangle_hash2, it is clear that the mangling char is hard
coded. I am sure this is not intended.
Should I fix it?
While tridge would be a much better one
(as an SMB server) will do, if the 'strict sync' paramater
is set. This is off by defult due to excessive usage by some clients.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
string keys and string
values.
key: NBT/name#1c
value: 192.168.2.10 192.168.3.21
Perhaps this (the value) should be prefixed with the current unix time,
in seconds since 1970? That should get us nice cache expiration
properties.
Andrew,
--
Andrew Bartlett
name, domain name etc).
Can you give this a look, and try out NTLMv2 to a Samba PDC?
Thanks,
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
on this :-)
I'll commit that.
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
need to 'make proto' (as has already been
indicated) to get the function prototypes.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL
));
should be
if (neg_flags NTLMSSP_NEGOTIATE_SIGN)
DEBUG(4, ( NTLMSSP_NEGOTIATE_SIGN\n));
if (neg_flags NTLMSSP_NEGOTIATE_SEAL)
DEBUG(4, ( NTLMSSP_NEGOTIATE_SEAL\n));
The attached patch changes this.
Applied.
--
Andrew Bartlett
.
With kind regards,
Eddie Lania.
ICT Manager.
Industrie en handelsonderneming Elton B.V.
the Netherlands
buisiness page: http://www.elton.nl
personal page: http://nl3lek.webhop.net
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba
Simo Sorce wrote:
On Fri, 2002-08-16 at 15:24, Andrew Bartlett wrote:
This patch removes WINBINDD_DOMAIN, and some of the misguided (and
fruitless) attempts to prevent winbind from calling smbd recursivly. (I
fixed that the 'proper' way, and the worst case is a pipe timeout of 30
sec
really matter.
Make sense?
I agree. And the LDAP exOp might not even modify that attribute - what
it modifies is up to the backend.
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
? nsswitch/.libs
)
We don't find this user [it] count=0
It seems samba is using uid=group instead of gid=group, is there
something I have missed or is this a bug???
You should forward this off to andrew bartlett since he rewrote all that
stuff in HEAD. Contact him on the samba-technical list.
I saw
.)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
.
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
to use it :-)
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
:08:35, 3] smbd/service.c:make_connection_snum(524)
** Connect path is
(I monkied with the times to do a diff between the two connects, so ignore
the timestamps).
Yep, I broke it :-)
Fixed in current HEAD.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
Nucleo Anti-Virus wrote:
Does anybody knows about SAM replication in HEAD ?? I need to put a NT
BDC server to work in my SAMBA-LDAP Domain .
Not possible in any version of Samba.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication
Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
Guenther Deschner wrote:
hello,
just wanted to let you know that pserver.samba.org refuses
cvs-connections. maybe the server has died?
Nope, just moved house. By the time you read this DNS should have
caught up with the new reality.
Andrew Bartlett
--
Andrew Bartlett
, map.comment, map.systemaccount);
reads in the group mapping from group_mapping.tdb
It should, yes.
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED
it ever made it into a cronjob.
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
Andrew Bartlett wrote:
Bradley W. Langhorst wrote:
On Tue, 2002-08-06 at 06:42, Andrew Bartlett wrote:
If you track CVS too closly you occasionally get bitten :-)
This may interest those who used Samba HEAD CVS between 15 and 26 July
and can no longer use usrmgr on their domain
store the expanded strings back, unless they
are modified by a client.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
Marcel Ritter wrote:
On Sat, 3 Aug 2002, Andrew Bartlett wrote:
Marcel Ritter wrote:
Hi there!
I recently set up a samba server with LDAP support. After some tests with
different windows versions my profile was trashed. So I tried to store
the profile in a subdirectory
.
Sounds like a fair optimization to me - assuming that's what it is for.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
Security Policies/User Manager
(depending on OS) you need to set the advanced options to allow Users can
change system time. By default Administrators and Power users only can.
Or setup an NTP server an use 'ntptime' to syncronise them as 'system'.
Andrew Bartlett
--
Andrew Bartlett
slath. This
is illegal and should return an invalid parameter status.
This looks like a *very* intersting tool. Particulary with the NTSTATUS
codes displayed etc.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team
' it with some
security=domain bugs, and saw the real implications...
Anyway, the solution is to always do an anonymous session setup straight
after the negprot, which will insulate that particular connection from
this bug.
Andrew Bartlett
--
Andrew Bartlett [EMAIL
Michael B.Allen wrote:
On Tue, 30 Jul 2002 20:24:48 +1000
Andrew Bartlett [EMAIL PROTECTED] wrote:
I wish someone
would do a real analysis and write some practical documentation.
A volenteer! Great! I'll see what help I can be, but you might want
Kai Krueger wrote:
P.S. perhaps adding const all along would make it clear which parameters are
in parameters and which are out paramters
Yes, that would be a very good idea.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication
is
invalid\n,
fname));
return(ERROR_NT(NT_STATUS_INVALID_PARAMETER));
}
Jim Myers
IBM Almaden Research Center
B3-239, 408-927-2013
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
codes...)
Even better would be to be able to replicate Win2k when it speaks DOS
error codes too (you would need to use smbfilter), but we *know* that
our NTSTATUS codes are often wrong, and need fixing.
Thanks,
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
/alternate behaviours if required) I think I'll be able to apply
it.
Nice work!
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED
, the kerberos realm is an smb.conf paramater. (lp_realm())
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
, (struct sockaddr *)sunaddr,
sizeof(sunaddr)) == -1) {
close_sock();
***
*** 167,172
--- 191,197
return winbindd_fd;
}
+
/* Write data to winbindd socket */
--
Andrew Bartlett [EMAIL PROTECTED]
Manager
familiar with
samba sourcecode and would drop some lines for it?
It doesn't really work like that - you have to produce the patch, and
argue why it's a good idea...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team
password change in that case, (current
behaviour) but I'm not sure thats correct. I'll think about it.
Andrew Bartlett
--
Patrick McCarty
Video Technician
Azusa Pacific University
Logic is a systematic method of coming to the wrong conclusion with confidence
really should not be hard. We could rewrite the
configure script to only block compiling smbd without locking.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker
winbindd to do
the same thing, without any of these problems. Samba HEAD adds
'winbind use default domain', where users don't need to 'prefix' their
username like so 'domain\username'.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication
1.7 +8 -11 tng/source/include/debug.h
1.14 +295 -78 tng/source/lib/debug.c
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED
also use.
We should test if machines are premitted to change their password this
way at all. (They *should* make a netlogon call).
Did I mention this code is complex?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba
to get the scope of the problem.
I definately will. I'm still trying to get a feel for how a password
change flows through the code -- But I thought I had it.
It is a complex beast.
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba
authorization' fuction - but getting this all
in one place would be good.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
subsystem with such features.
PasswordCanChange is also not yet implemented, but I'll take patches (to
HEAD) to improve that support.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student
mechinism. The
best available is found on Win2k - but we like keeping at arms length
from that stuff.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
seem good, but I would really prefer to smb_ucs2_t types
in it :)
We will see...
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
David Collier-Brown wrote:
On Wed, 3 Jul 2002, Andrew Bartlett wrote:
* Full Windows NT 4.0 PDC support
- Trust relationships
- SAM replication
[And someone said]
I don't see this being in 3.0. Maybe a later release, but there is more
work 'todo' in this area
Gerald Carter wrote:
On Tue, 9 Jul 2002, Andrew Bartlett wrote:
I've never suggested that anybody put any work on hold. I'm just
worried about others promising features that I personally feel might not
be compleated in the timeframe and that I *know* have major hurdles in
the way
that there are some more flags and stuff to sort out
there...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
still have problems.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
failed for target `rpc_server/srv_reg_nt.o'
Fix is:
Thanks, I've fixed that. I hope jerry isn't too mad at me for it ;-)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
removes most of that - in an attempt to allow for easier
verification of its security status. I would also (but not included in
this patch) like to remove its use of includes.h (for the same reason),
but I know tridge has different opinions on things like that.
What do people think?
Andrew Bartlett
' case.
You need a real case-insensitive filesystem.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
, not domain properties.
Also, we probably don't have the full story on exactly what is in that
struct - but I know its been looked at a little.
Andrew Bartlett,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED
, but have not got around to it
yet.
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http
. I can not access shares as it
stands now...
Joined domain INS.
So it joined fine. sessionid.tdb is not related to this at all - and
should be created on the first login to the server.
Look into the smbd logs for connections, not the domain join.
Andrew Bartlett
--
Andrew Bartlett
it mean it can't execvp it?
I dunno - but just make it a simple 'panic action = /bin/sleep 9000' and
attach manually. Then lets look at it from there.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL
due to the risk of destabilizing the branch.
There will be a 2.2.6 release most likely, but all efforts
should be concentrated on HEAD.
Finally! :-)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL
the team).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
what needs to be fixed.
Thanks!
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org
not convinced that the
current situation is ideal.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
/tab interaction, but watch that indent.
Again, thanks for the patch, it looks pretty good.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL
Richard Sharpe wrote:
On Fri, 21 Jun 2002, Andrew Bartlett wrote:
Juergen Hasch wrote:
Hi,
this is a simple backport of Andrew Bartlett's mutex fix from HEAD to 2.2.5.
It fixes spurious authentication failures when using security=server.
For the record, this is the Win2k
, and I think I've some usefull ideas.
samba-technical is the place.
In particular, you might want to look at the current patch, and see if
you have any issues with it etc.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems
such as access control and Kerberos integration.
Apart from the 'sombody killed my conn' issue, the issue that prevents
kerberos intergration in smbfs is NTSTATUS support - again, becouse it
uses the samba mount-time helper.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED
:-)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
for, and what (it appears) has been
implemented.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
://niihau.student.utwente.nl/~sketch/libsmbc2-1.diff
I only gave it a quick glance, but it looks good to me. I'll try to
give it a bit more review, perhaps when I've out of exams.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL
this, but takes 'guesses' at the username instead...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
and auth
modules.
It also works much better for the builtin-and-or-external case.
My only issue is with the complete loss of compile-time type checking.
How should that be addressed?
Andrew Bartlett,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication
Simo Sorce wrote:
On Tue, 2002-06-18 at 09:05, Andrew Bartlett wrote:
Simo Sorce wrote:
+ /* Handles on dlopen() call */
+ smb_vfs_dl_handle *dl_handle;
+ void **vfs_private;
Why a void** ?
Because you really do not know what the module wants to put
use it at my site.
(It was a the subject of a mildly hostile takeover earlier this year,
along with the rest of the passdb subsystem ;-)
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student
of
the protocol, and therefore fail when the remote server only accepts NT
authenticaion (not the LM used in older versions).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator
Jeremy Allison wrote:
On Sat, Jun 15, 2002 at 12:25:42AM +1000, Andrew Bartlett wrote:
Otherwise, all strings are 'unix strings'.
But what character set is a unix string ? What if
we get an incoming UCS2 string that doesn't map ?
We need to use utf8 in all the backends
Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
are gone in 3.0, what should I do?
is this translation needed at all in 3.0?
passdb should not do any translation, unless it wants to use unicode or
the backend uses a particular (fixed) encoding.
Otherwise, all strings are 'unix strings'.
Andrew Bartlett
--
Andrew Bartlett
, libxml, etc) but still can build packages with only
a plugin
Sounds like a nice idea - I'll see what others think of it.
Andrew Bartlett,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network
and new
enthusiasm).
Thanks!
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org
much rather see it
implemented using pdb_set_user_sid() and a local variable.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http
% of the time
you *know* its a valid sid. (So add the check to the code that is
reading it from secrets.tdb).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker
to secrets.tdb)
Applied, but I've done the sid_copy() problem differently. We really
should be checking
the return from get_global_sam_sid() where it could possibly not exist -
or make that fn panic or somthing.
Andrew,
--
Andrew Bartlett [EMAIL PROTECTED]
Manager
in the smb.conf file, so I can post
my patch here if requested.)
Any swat user is one 'root preexec' away from being root, so there is no
security benifit from doing this.
Other than that, I think the permissions are based on who can modify the
smb.conf file.
Andrew Bartlett
--
Andrew Bartlett
(it just dos samr remote admin stuff now).
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org
just noticed this for testparam. I might get to chase it up, but I've
CC'ed 'ab', who I think was the last person messing in that area. (It
could also be somthing comleatly unrealated)
Thanks,
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager
that in. In the meantime, this looks bogus.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http
to the
plaintext passwords of all users.
Yes, most of the current solutions are pretty nasty...
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
Love wrote:
Andrew Bartlett [EMAIL PROTECTED] writes:
1. Get rid of AFS's need for plaintext passwords.
[]
Ah, of course credential forwarding/proxying would be a requirement for
making this work without giving the gateway special privileges; I'd
completely overlooked
Love wrote:
Andrew Bartlett [EMAIL PROTECTED] writes:
I see no reason why this would not be possible. We would need to do a
little bit of work on the smbd side of things, but credential forwarding
is pretty standard. This assumes either a AD domain, or Samba modified
it
in samba would not pose a particular problem. Of course it is one thing
to propose, quite another to actually implement... But I do think that
this work (particularly the server end, but also the client) should live
in the samba tree.
Andrew Bartlett
--
Andrew Bartlett
would probably do well to have team-folk at least
glance at what they are doing. In any case, things are really still in
development - we have a patch to rework the subsystem substantially that
is yet to get applied, for example.
Andrew Bartlett
--
Andrew Bartlett
Jeremy Allison wrote:
On Thu, May 23, 2002 at 01:01:05AM +1000, Andrew Bartlett wrote:
(I was going to commit this, but decided that I should get some comment
first)
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly
if required, and
should do lookups based on RID as much as possible.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org
Andrew Bartlett wrote:
Just a quick note:
I finally got around to testing NTLMv2 support for NT and Win2k
clients. The basic news is that it works. The restrictions are that
for win2k it must be run with the 'use spnego = false' smb.conf option.
(Without this Win2k will attempt to use
the second helper
the challange packet, with a tag to say 'pretend you sent this'.
How does this sound?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College
Henrik Nordstrom wrote:
Andrew Bartlett wrote:
Being a seperate execuable, licencing issues are overcome (not an issue
for squid, but we
can now allow the same thing for apache). I hope that we can also use
the same NTLMSSP implementation inside Samba - which should ensure its
301 - 400 of 417 matches
Mail list logo