search for: cracknam

...INTERNAL-DOMAIN] workstation=[PC-001-036] len1=24 len2=234 [2013/10/24 11:37:56, 3] ../source4/auth/ntlm/auth.c:297(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [INTERNAL-DOMAIN]\[dan.pc]@[WF005-002932] [2013/10/24 11:37:56, 2] ../source4/dsdb/samdb/cracknames.c:806(DsCrackNameOneFilter) DsCrackNameOneFilter domain ref search failed: NULL Base DN invalid for a one-level search [2013/10/24 11:37:56, 2] ../source4/auth/ntlm/auth_util.c:185(map_user_info_cracknames) map_user_info: Cracknames of domain 'INTERNAL-DOMAIN \' -> RESOLVE_ERRO...

...n=[INTERNAL-DOMAIN] workstation=[PC-001-036] len1=24 len2=234 [2013/10/24 11:37:56,? 3] ../source4/auth/ntlm/auth.c:297(auth_check_password_send) ? auth_check_password_send: Checking password for unmapped user [INTERNAL-DOMAIN]\[dan.pc]@[WF005-002932] [2013/10/24 11:37:56,? 2] ../source4/dsdb/samdb/cracknames.c:806(DsCrackNameOneFilter) ? DsCrackNameOneFilter domain ref search failed: NULL Base DN invalid for a one-level search [2013/10/24 11:37:56,? 2] ../source4/auth/ntlm/auth_util.c:185(map_user_info_cracknames) ? map_user_info: Cracknames of domain 'INTERNAL-DOMAIN \' -> RESOLVE_ERROR [...

...rce4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ Administrator at CORMANDOM.INT-CORMAN.BE from ipv4:10.217.7.3:40947 for ldap/admin01.cormandom.int-corman.be at CORMANDOM.INT-CORMAN.BE [canonicalize, renewable] [2013/08/28 10:15:47, 4] ../source4/dsdb/samdb/cracknames.c:169(LDB_lookup_spn_alias) LDB_lookup_spn_alias: no alias for service ldap applicable [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Searching referral for admin01.cormandom.int-corman.be [2013/08/28 10:15:47, 3] ../source4/auth...

...s. So what I would like to know is how to REBIND the incoming user auth request into a new format if this is possible. auth_check_password_send: Checking password for unmapped user []\[user at company.com]@[sheep] [2015/06/19 11:04:28.601720, 2] ../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames) map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY [2015/06/19 11:04:28.601864, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: NO_METHOD authentication for user [(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER...

...s. So what I would like to know is how to REBIND the incoming user auth request into a new format if this is possible. auth_check_password_send: Checking password for unmapped user []\[user at company.com]@[sheep] [2015/06/19 11:04:28.601720, 2] ../source4/auth/ntlm/auth_util.c:91(map_user_info_cracknames) map_user_info: Cracknames of account 'user at company.com' -> DOMAIN_ONLY [2015/06/19 11:04:28.601864, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: NO_METHOD authentication for user [(null)\(null)] FAILED with error NT_STATUS_NO_SUCH_USER...

...ddir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet at samba.org> * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale at catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Günther Deschner <gd at samba.org> * BUG 13360: CVE-201...

...ddir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet at samba.org> * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale at catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Günther Deschner <gd at samba.org> * BUG 13360: CVE-201...

Hi everyone, I get more and more questions from security minded clients about MS-RPC and the dynamic RPC port range. The default range is quite wide, and while it can be configured and reduced through the "rpc server dynamic port range" parameter since 4.7.0, it still get network/firewall/security people nervous. Digging further into that subject, after some more reading and

...ckport autobuild/selftest fixes from master. * BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(). o Matthieu Patou <mat at matws.net> * BUG 10693: pyldb: Decrement ref counters on py_results and quiet warnings. * BUG 10698: Backport drs-crackname fixes from master. o Pavel Reichl <pavel.reichl at redhat.com> * BUG 10693: ldb: Use of NULL pointer bugfix. o Garming Sam <garming at catalyst.net.nz> * BUG 10703: Backport provision fixes from master. o Andreas Schneider <asn at samba.org> * BUG 10693: l...

...ckport autobuild/selftest fixes from master. * BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(). o Matthieu Patou <mat at matws.net> * BUG 10693: pyldb: Decrement ref counters on py_results and quiet warnings. * BUG 10698: Backport drs-crackname fixes from master. o Pavel Reichl <pavel.reichl at redhat.com> * BUG 10693: ldb: Use of NULL pointer bugfix. o Garming Sam <garming at catalyst.net.nz> * BUG 10703: Backport provision fixes from master. o Andreas Schneider <asn at samba.org> * BUG 10693: l...

...per-V replica from BM-SRV-5 to BMSRV-WIN.10) Kerberos: TGS-REQ BM-SRV-5$@MYDOMAIN.COM.XYZ from ipv4:192.168.1.10:56993 for Hyper-V\ Replica\ Service/BMSRV-WIN10.mydomain.com.xyz at MYDOMAIN.COM.XYZ [canonicalize, renewable, forwardable] [2017/03/16 10:55:07.246904, 4] ../source4/dsdb/samdb/cracknames.c:169(LDB_lookup_spn_alias) LDB_lookup_spn_alias: no alias for service Hyper-V Replica Service applicable [2017/03/16 10:55:07.246971, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Searching referral for BMSRV-WIN10.mydomain.com.xyz [2017/03/16 10:5...

...* BUG 9196: Don't take 'state->te' as indication for "was_deferred". o Matthieu Patou <mat at matws.net> * BUG 9240: Remove unused variable in DNS server. * BUG 9252: Preliminary tests for dcpromo in Windows 2012 fails with Samba DC. * BUG 9253: Crackname returns a dns domain name even if there is no cracked SID. * BUG 9255: Getncchanges with exop for repl_obj returns highest_usn. * BUG 9256: Getncchanges with exop for repl_obj_with_secrets should always be allowed for RWDC. * BUG 9257: LDAP server has at least one un-initia...

...* BUG 9196: Don't take 'state->te' as indication for "was_deferred". o Matthieu Patou <mat at matws.net> * BUG 9240: Remove unused variable in DNS server. * BUG 9252: Preliminary tests for dcpromo in Windows 2012 fails with Samba DC. * BUG 9253: Crackname returns a dns domain name even if there is no cracked SID. * BUG 9255: Getncchanges with exop for repl_obj returns highest_usn. * BUG 9256: Getncchanges with exop for repl_obj_with_secrets should always be allowed for RWDC. * BUG 9257: LDAP server has at least one un-initia...

...er: Improve debug of new endpoints. o Ralph Boehme <slow at samba.org> * BUG 12791: Fix kernel oplocks issues with named streams. * BUG 12944: vfs_gpfs: Handle EACCES when fetching DOS attributes from xattr. o Bob Campbell <bobcampbell at catalyst.net.nz> * BUG 12842: samdb/cracknames: Support user and service principal as desired format. o David Disseldorp <ddiss at samba.org> * BUG 12911: vfs_ceph: Fix cephwrap_chdir(). o Gary Lockyer <gary at catalyst.net.nz> * BUG 12865: Track machine account ServerAuthenticate3. o Marc Muehlfeld <mmuehlfeld...

...er: Improve debug of new endpoints. o Ralph Boehme <slow at samba.org> * BUG 12791: Fix kernel oplocks issues with named streams. * BUG 12944: vfs_gpfs: Handle EACCES when fetching DOS attributes from xattr. o Bob Campbell <bobcampbell at catalyst.net.nz> * BUG 12842: samdb/cracknames: Support user and service principal as desired format. o David Disseldorp <ddiss at samba.org> * BUG 12911: vfs_ceph: Fix cephwrap_chdir(). o Gary Lockyer <gary at catalyst.net.nz> * BUG 12865: Track machine account ServerAuthenticate3. o Marc Muehlfeld <mmuehlfeld...

...ddir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet at samba.org> * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale at catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Samuel Cabrero <scabrero at suse.de> * BUG 13540: ctdb_...

...ddir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet at samba.org> * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale at catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Samuel Cabrero <scabrero at suse.de> * BUG 13540: ctdb_...

...* BUG 9196: Don't take 'state->te' as indication for "was_deferred". o Matthieu Patou <mat at matws.net> * BUG 9240: Remove unused variable in DNS server. * BUG 9252: Preliminary tests for dcpromo in Windows 2012 fails with Samba DC. * BUG 9253: Crackname returns a dns domain name even if there is no cracked SID. * BUG 9255: Getncchanges with exop for repl_obj returns highest_usn. * BUG 9256: Getncchanges with exop for repl_obj_with_secrets should always be allowed for RWDC. * BUG 9257: LDAP server has at least one un-initia...

...* BUG 9196: Don't take 'state->te' as indication for "was_deferred". o Matthieu Patou <mat at matws.net> * BUG 9240: Remove unused variable in DNS server. * BUG 9252: Preliminary tests for dcpromo in Windows 2012 fails with Samba DC. * BUG 9253: Crackname returns a dns domain name even if there is no cracked SID. * BUG 9255: Getncchanges with exop for repl_obj returns highest_usn. * BUG 9256: Getncchanges with exop for repl_obj_with_secrets should always be allowed for RWDC. * BUG 9257: LDAP server has at least one un-initia...

...e <bj at sernet.de> * BUG 7472: Check for dn_expand also in libinet. * BUG 9339: Build and quota fixes. o Volker Lendecke <vl at samba.org> * BUG 9208: Cannot migrate files with inheritance flags to share on top of NFSv4 filesystem. * BUG 9352: dsdb: Simplify DsCrackNameOneFilter a bit. o Stefan Metzmacher <metze at samba.org> * BUG 8620: Read ACL are not enabled by default on DS. * BUG 9175: Add smbXcli_session_set_disconnect_expired(). * BUG 9341: Fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile(). * BUG 9359: Optimization needed for SM...