samba.git/libds/common, branch talloc-2.2.0 Unnamed repository; edit this file 'description' to name the repository. libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK 2018-03-13T17:59:17+00:00 Ralph Boehme slow@samba.org 2018-03-08T16:34:08+00:00 8497d2090900b252853278f29a4aaf3bce7515da The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not yet used. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not
yet used.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
flags.h: Introduce the 2016 function level constant 2017-12-14T07:20:14+00:00 Garming Sam garming@catalyst.net.nz 2017-08-15T03:17:34+00:00 07f094f69fa91f7f363ca892cd2a640a76c90a94 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Avoid including libds/common/roles.h in public loadparm.h header. 2016-01-13T03:43:23+00:00 Jelmer Vernooij jelmer@jelmer.uk 2015-12-28T19:01:54+00:00 773cfba9af34e64b96e843b1b60afa5a0b0dec32 Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org> 
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
dsdb: Add functional levels for 2012 and 2012R2 2015-10-20T18:22:22+00:00 Andrew Bartlett abartlet@samba.org 2015-03-17T03:02:52+00:00 35f267304e89d870cbd645dbba8ed06f88686e1a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
dsdb-samldb: Only allow known and settable userAccountControl bits to be set 2015-01-22T06:50:06+00:00 Andrew Bartlett abartlet@samba.org 2015-01-06T03:43:37+00:00 49485ab9782b7abc32581f29c35d862bb9a7058c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
libds: UF_PARTIAL_SECRETS_ACCOUNT is a flag, not an account type 2015-01-22T06:50:06+00:00 Andrew Bartlett abartlet@samba.org 2014-12-10T01:15:54+00:00 412b602314e1174824d86940eacd74fb76774aba This list should only be of the account exclusive account type bits. Note, this corrects the behaviour in samldb modifies of userAccountControl. This reverts 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
This list should only be of the account exclusive account type bits.

Note, this corrects the behaviour in samldb modifies of
userAccountControl.

This reverts 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
libds: add UF_PARTIAL_SECRETS_ACCOUNT to UF_ACCOUNT_TYPE_MASK 2014-04-02T15:12:47+00:00 Stefan Metzmacher metze@samba.org 2014-04-01T11:21:35+00:00 6cb91a8f33516a33210a25e4019f3f3fbbfe61f2 Change-Id: Ie26520c37c393ab4d2e3c5782e3dca46d4d1f83c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Change-Id: Ie26520c37c393ab4d2e3c5782e3dca46d4d1f83c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/param: Create a seperate server role for "active directory domain controller" 2012-06-15T07:18:33+00:00 Andrew Bartlett abartlet@samba.org 2012-06-10T12:08:20+00:00 b8815dc23d36468cce9b615335ed62f119eb8f35 This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett 
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.

To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.

Andrew Bartlett
s3-auth: remove "security=server" (depricated since 3.6) 2012-05-15T06:18:28+00:00 Stefan Metzmacher metze@samba.org 2012-05-12T10:00:00+00:00 b4abd3faaf3bdcbcd24fed8325960ccdee43bea9 "security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ 
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!

Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).

metze
                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SERVER      |
                  |    security=server   |
                  |                      |
                  |                      |
                  |       12 May         |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
s3-auth: Remove security=share (depricated since 3.6). 2012-03-04T22:33:05+00:00 Andrew Bartlett abartlet@samba.org 2012-02-03T07:03:10+00:00 d7bb961859a3501aec4d28842bfffb6190d19a73 This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ 
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______