samba.git/libds, branch talloc-2.0.8 Unnamed repository; edit this file 'description' to name the repository. lib/param: Create a seperate server role for "active directory domain controller" 2012-06-15T07:18:33+00:00 Andrew Bartlett abartlet@samba.org 2012-06-10T12:08:20+00:00 b8815dc23d36468cce9b615335ed62f119eb8f35 This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett 
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.

To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.

Andrew Bartlett
s3-auth: remove "security=server" (depricated since 3.6) 2012-05-15T06:18:28+00:00 Stefan Metzmacher metze@samba.org 2012-05-12T10:00:00+00:00 b4abd3faaf3bdcbcd24fed8325960ccdee43bea9 "security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ 
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!

Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).

metze
                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SERVER      |
                  |    security=server   |
                  |                      |
                  |                      |
                  |       12 May         |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
s3-auth: Remove security=share (depricated since 3.6). 2012-03-04T22:33:05+00:00 Andrew Bartlett abartlet@samba.org 2012-02-03T07:03:10+00:00 d7bb961859a3501aec4d28842bfffb6190d19a73 This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ 
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
Intersite KCC flags 2012-01-14T05:13:08+00:00 Dave Craft wimberosa@gmail.com 2012-01-11T14:08:52+00:00 11e2c8493f08214c290fec87dac18ad23de234bf NTDSSITELINK option flags added Signed-off-by: Andrew Tridgell <tridge@samba.org> 
NTDSSITELINK option flags added

Signed-off-by: Andrew Tridgell <tridge@samba.org>
libds: Make server role values explicit for easier debugging 2011-11-16T23:34:09+00:00 Andrew Bartlett abartlet@samba.org 2011-11-10T08:48:06+00:00 a01a186a6cfd3b6f1f49ea6d3e7363d2a58d3d4a 






param: calculate server role from security, and security from server role
2011-11-16T23:34:08+00:00

Andrew Bartlett
abartlet@samba.org

2011-11-10T01:45:54+00:00

9524e2fce1b7f644fef5f7c8134f72681d786e65

This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.

This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>





This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.

This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>







roles: Add ROLE_AUTO to indicate that the server role is calculated
2011-11-16T23:34:08+00:00

Amitay Isaacs
amitay@gmail.com

2011-11-08T02:22:37+00:00

299ed456705944c0b6f848d4fce1fbf6853df965












s4:objectclass_attrs LDB module - implement the dSHeuristics length checks correctly
2011-10-27T16:52:29+00:00

Matthias Dieter Wallnöfer
mdw@samba.org

2011-10-13T06:48:08+00:00

6287d0d61c1b63f399edc901133a6f61069224a6

Consider bug #8489

Reviewed-by: abartlet





Consider bug #8489

Reviewed-by: abartlet







NTDSConnection and NTDSA Site setting flags
2011-07-13T21:05:09+00:00

Dave Craft
wimberosa@gmail.com

2011-07-06T02:17:10+00:00

b52246bf2f75e2a4869bce3e474e6c1c81a492b7

Flags that were missing from flags.h or were incorrectly
defined inline to the kcc_topology.c code (and thus unusable
elsewhere).   These are the NTDSConnection and NTDSDSA Site
settings flags.

Signed-off-by: Andrew Tridgell <tridge@samba.org>





Flags that were missing from flags.h or were incorrectly
defined inline to the kcc_topology.c code (and thus unusable
elsewhere).   These are the NTDSConnection and NTDSDSA Site
settings flags.

Signed-off-by: Andrew Tridgell <tridge@samba.org>







lib/util Remove samba-util-common!
2011-06-20T23:36:22+00:00

Andrew Bartlett
abartlet@samba.org

2011-06-20T10:36:46+00:00

5db74b9607f4a5fc5ecaa8be0d744222cd55153c

All of this code is now in common, so we don't need the second
'-common' library any more!

Andrew Bartlett





All of this code is now in common, so we don't need the second
'-common' library any more!

Andrew Bartlett