| commit | 4c1aa6fd2f84dd895717c0b22cac6348e312e1d9 | |
| author | Jim McDonough <jmcd@samba.org> | |
| Mon, 29 Jun 2009 14:06:14 +0000 (29 10:06 -0400) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Mon, 10 Aug 2009 15:53:10 +0000 (10 17:53 +0200) | ||
| tree | 1ea0aabe17d014e43a7a25c3ee348e28f374475a | treesnapshot (tar.gz zip) |
| parent | 3e1e09b05f2f629c84ab2287ff324e5b50730681 | commitdiff |
Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
(cherry picked from commit 880d1a3f83a0834225d5a7c0f179c236b0e59ef8)
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
(cherry picked from commit 880d1a3f83a0834225d5a7c0f179c236b0e59ef8)