samba.git/lib/param/param_table.c, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. docs-xml/smbdotconf: add "client use krb5 netlogon" option 2025-01-13T23:40:30+00:00 Stefan Metzmacher metze@samba.org 2024-11-07T12:25:37+00:00 41b46cdff19f5ccc67017189b85592035df4a623 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
param: Add "client netlogon ping protocol" 2024-11-11T14:03:04+00:00 Volker Lendecke vl@samba.org 2024-10-24T14:52:46+00:00 24dc8ef1749b77c21031465c1c77dd7ec2508163 Allow "net ads join" in environments where UDP/389 is blocked. Code will follow. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Allow "net ads join" in environments where UDP/389 is blocked. Code
will follow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbdotconf: add client ldap sasl wrapping = {starttls,ldaps} 2024-04-23T23:50:34+00:00 Stefan Metzmacher metze@samba.org 2024-02-09T14:40:00+00:00 844e1bdc6d43dc42550229bcc69dd4fe7631f042 In order to use SASL authentitation within a TLS connection we now provide "client ldap sasl wrapping = starttls" or "client ldap sasl wrapping = ldaps". Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
In order to use SASL authentitation within a TLS connection
we now provide "client ldap sasl wrapping = starttls" or
"client ldap sasl wrapping = ldaps".

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:ldap_server: add support for tls channel bindings 2024-04-23T23:50:34+00:00 Stefan Metzmacher metze@samba.org 2024-01-23T13:20:24+00:00 6c17e3d2800723bafebd1986ab59a9422c881f0b ldap server require strong auth = allow_sasl_over_tls is now an alias for 'allow_sasl_without_tls_channel_bindings' and should be avoided and changed to 'yes' or 'allow_sasl_without_tls_channel_bindings'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
ldap server require strong auth = allow_sasl_over_tls
is now an alias for 'allow_sasl_without_tls_channel_bindings'
and should be avoided and changed to 'yes' or
'allow_sasl_without_tls_channel_bindings'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
docs-xml: Add new parameter "acl claims evaluation" 2023-09-26T23:45:35+00:00 Andrew Bartlett abartlet@samba.org 2023-09-14T09:20:39+00:00 1223b89d81892ead52267a31afea40f14c4f2a09 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
docs-xml/smbdotconf: also allow 2012[_R2] for 'ad dc functional level' 2023-06-21T19:08:37+00:00 Stefan Metzmacher metze@samba.org 2023-06-21T08:31:34+00:00 48cc2862c289f2b3cf027037fe071fe2e5d81202 We may not jump to 2016 directly... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
We may not jump to 2016 directly...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
param: Add new parameter "ad dc functional level" 2023-05-16T23:29:32+00:00 Andrew Bartlett abartlet@samba.org 2023-05-09T04:37:37+00:00 e5c3e076c8f85cda11bf0be29a6f26a852c5a343 This allows the new unsupported functional levels to be unlocked, but with an smb.conf option that is easily seen. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
lib/util: Add "debug syslog format = always", which logs to stdout in syslog style 2023-04-06T12:51:30+00:00 Andrew Bartlett abartlet@samba.org 2023-04-06T00:26:11+00:00 83fe7a0316d3e5867a56cfdc51ec17f36ea03889 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
s3-librpc: add ads.idl and convert ads_struct to talloc. 2022-12-16T20:38:32+00:00 Günther Deschner gd@samba.org 2016-08-17T09:58:02+00:00 39e8489dfc51b2293afa13d58b167819b46918dc Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
dsdb: Allow password history and password changes without an NT hash 2022-06-26T22:10:29+00:00 Andrew Bartlett abartlet@samba.org 2022-01-31T01:08:13+00:00 d2a473a7b7471937d1098a11258b875134ad702a We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead which allows us to decouple Samba from the unsalted NT hash for organisations that are willing to take this step (for user accounts). (History checking is limited to the last three passwords only, as ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4 package only stores three sets of keys.) Since we don't store a salt per-key, but only a single salt, the check will fail for a previous password if the account was renamed prior to a newer password being set. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead
which allows us to decouple Samba from the unsalted NT hash for
organisations that are willing to take this step (for user accounts).

(History checking is limited to the last three passwords only, as
ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4
package only stores three sets of keys.)

Since we don't store a salt per-key, but only a single salt, the check
will fail for a previous password if the account was renamed prior to a
newer password being set.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>