nmblookup -A and MS XP Clients
A nmblookup -A $IP against a NT 4.0 client will return the name of any logged in user. This same query against an XP Professional client does not return any user names. Has anyone seen this before? -- Matt Pavlovich [EMAIL PROTECTED] Allegiance Telecom, Inc.
acctFlags/groupFlags ldap schema
Perhaps there is a more natural way for storing the account/group flag information in LDAP. What about making acctFlags/groupFlags a multi-valued attribute? It would be easier for provisioning applications to perform modifications. It would also open the door for more useful searches. (acctFlag=D) etc.. ie: acctFlag: X acctFlag: U instead of- acctFlags: [UX ]
Re: [PATCH] rid allocator in passdb backend
This patch does not yet handle the case where we already have a sambaDomainInfo entry, but no rid attribute. I do not know how you can make sure that you do not end up with to rid attributes. Does anybody know how to do this? Define the rid attribute to be SINGLE-VALUE in the schema. Matt Pavlovich
Re: Draft of branch maintainence and release plans....
Jerry- I have a good start on the following, and putting it on the list will help keep it on my radar :). For 3.0 --- *Conversion to NTSTATUS for return codes Wishlist *Pluggable backend for storing WINS entries (ie SQL, LDAP) Matt Pavlovich Message: 8 Date: Tue, 2 Jul 2002 11:54:18 -0500 (CDT) From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Draft of branch maintainence and release plans Everyone, Here are the plans for getting 3.0 ready for release and the maintainence plans for SAMBA_2_2. Comments welcome. I would love to see this out sometime during the Fall of this year. Of course, none of this will get done without everyone's help :-) Roadmap to 3.0 -- The following features are planned for inclusion in 3.0. This list was compiled based on previous promises during 2.2 development and believed future directions of Samba * Internationalization - The UNICODE support is done. Jeremy thinks we will probably need some auditing and testing before release. * Full Windows NT 4.0 PDC support - Trust relationships - SAM replication These features will allow for full replacement and migration from Windows NT 4.0 domain controllers. Both of these features are partially completed. * Windows 2000 domain client support - Done. * NTLMv2 Sign/Seal of RPC packets - NTLMv2 should be ok, the sign/seal is yet to be done. * Winbind idmap storage central idmap repository (for clusters, nfs, etc...) * Winbind working with Samba DC * Group Mapping support (pluggable?) * Printer attribute publishing using 'net' * pluggable passwd support - Done. Other possible feature which may be included depending on time/resources. Probably in later 3.x release. * Background updates of print queue caches * WINS replication * loadable library support for named pipes * non-blocking winbind implementation * Printer attribute publishing via smbd SAMBA_2_2 maintainence -- The SAMBA_2_2 will only be updated to include fixes for severe bugs or security exploits. All testing will be done against HEAD at this point. No new features/functionality are to added due to the risk of destabilizing the branch. There will be a 2.2.6 release most likely, but all efforts should be concentrated on HEAD. cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca-- --__--__-- Message: 9 Date: Tue, 2 Jul 2002 11:54:32 -0500 (CDT) From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Jelmer Vernooij [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: ADS-HOWTO.sgml On Fri, 28 Jun 2002, Jelmer Vernooij wrote: Hi jerry, Here's the ADS HOWTO converted to sgml.. Adding it to HEAD now. Thanks. cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca--
PATCH: LDAP Passwod sync
This simple patch adds a clear_pw element to the SAM_ACCOUNT structure
used to store the clear password during a password update to change the
LDAP password via an Extended Operation. This allows for a variation of
LDAP password fields and hash algorithms to be used in the directory by
other applictions.
I tested with OpenLDAP 2.0.2x. iPlanet's Directory Server supports
Exended Operation, but it is not tested.
This patch should be considered *Alpha* quality, as it lacks a
configuration option to enable/disable, and there are still some
unknowns regarding error handling and the like.
'ldap exop passwd sync' = true/false sound good for a config option?
Matt Pavlovich
diff -r -u -x *.o -x configure -x *.status -x Makefile -x smbd -x winbindd -x swat -x smbpasswd -x smbcacls -x rpcclient -x config.log -x *.a -x pdbedit samba-2.2.3a-orig/source/include/smb.h samba-2.2.3a/source/include/smb.h
--- samba-2.2.3a-orig/source/include/smb.h Sat Feb 2 18:46:40 2002
+++ samba-2.2.3a/source/include/smb.h Wed Apr 3 23:40:05 2002
-620,6 +620,8
unsigned char *lm_pw; /* Null if no password */
unsigned char *nt_pw; /* Null if no password */
+ /* Clear password for updates */
+ unsigned char *clear_pw; /* Null if no password */
uint16 acct_ctrl; /* account info (ACB_ bit-mask) */
uint32 unknown_3; /* 0x00ff */
diff -r -u -x *.o -x configure -x *.status -x Makefile -x smbd -x winbindd -x swat -x smbpasswd -x smbcacls -x rpcclient -x config.log -x *.a -x pdbedit samba-2.2.3a-orig/source/passdb/passdb.c samba-2.2.3a/source/passdb/passdb.c
--- samba-2.2.3a-orig/source/passdb/passdb.c Sat Feb 2 18:46:49 2002
+++ samba-2.2.3a/source/passdb/passdb.c Thu Apr 4 11:38:56 2002
-1656,7 +1656,9
if (!sampass || !plaintext)
return False;
-
+
+sampass-clear_pw = plaintext;
+
nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
if (!pdb_set_nt_passwd (sampass, new_nt_p16))
diff -r -u -x *.o -x configure -x *.status -x Makefile -x smbd -x winbindd -x swat -x smbpasswd -x smbcacls -x rpcclient -x config.log -x *.a -x pdbedit samba-2.2.3a-orig/source/passdb/pdb_ldap.c samba-2.2.3a/source/passdb/pdb_ldap.c
--- samba-2.2.3a-orig/source/passdb/pdb_ldap.c Sat Feb 2 18:46:49 2002
+++ samba-2.2.3a/source/passdb/pdb_ldap.c Thu Apr 4 11:39:13 2002
-947,6 +947,81
DEBUG(2, (successfully modified uid = %s in the LDAP database\n,
pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
+
+/* Update LDAP password via ldap_extended_operation() */
+if (newpwd-clear_pw != NULL) {
+ /* Build change password control -- from OpenLDAP
+ clients/tools/ldappasswd.c */
+
+int id, rc;
+struct berval *bv = NULL;
+ BerElement *ber = ber_alloc_t( LBER_USE_DER );
+
+ /*
+ if( ber == NULL ) {
+
+ Print error the Samba way ???
+
+ }
+ */
+
+ ber_printf( ber, { /*}*/ );
+
+ if( dn != NULL ) {
+ ber_printf( ber, ts,
+ LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID, dn );
+/* Are we really done w/ the DN ? */
+ free(dn);
+ }
+
+/* How can I get the old password ?? */
+ /*
+if( oldpw != NULL ) {
+ ber_printf( ber, ts,
+ LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, oldpw );
+ free(oldpw);
+ }
+ */
+
+ /* Add new password to change control */
+ ber_printf( ber, ts,
+ LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, newpwd-clear_pw );
+ber_printf( ber, /*{*/ N} );
+ rc = ber_flatten( ber, bv );
+
+ /* Error the samba way
+ if( rc 0 ) {
+
+ perror( ber_flatten );
+ }
+*/
+ber_free( ber, 1 );
+
+rc = ldap_extended_operation( ldap_struct,
+ LDAP_EXOP_X_MODIFY_PASSWD, bv,
+ NULL, NULL, id );
+
+ /* or, since Samba seems to do most things ldap*_s
+rc = ldap_extended_operation_s( ldap_struct,
+LDAP_EXOP_X_MODIFY_PASSWD, bv,
+ NULL, NULL, id );
+*/
+
+ ber_bvfree( bv );
+
+ /* Error the Samba way
+ if( rc != LDAP_SUCCESS ) {
+ ldap_perror( ldap_struct, ldap_extended_operation );
+ return EXIT_FAILURE;
+ }
+*/
+
+ /* We can do a whole lot more error
+ checking and parsing from the operation
+ but let's just see if we can get this to work */
+
+ }
+
ldap_unbind(ldap_struct);
return True;
}
