IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The KCC algorithm contains a timeouts in a couple of places, and we
need to be able to set the time for testing these.
This also means samba_kcc uses the same time in all places.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This tries to record some information about what the graph is (e.g
which partition), though it is not very readable.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This enables the use of the intersite calculated list of edges
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Also sorts vertex color by preference in sorting algorithms.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The previous code did not operate as c_rep.source_dsa_invocation_id was not valid, and in any case
this was not the correct check. We need to look for the old interSiteTopologyGenerator in our
list of replication partners, and confirm it is current.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This change adds smb.conf documentation for the "fss: prune stale" and
"fss: sequence timeout" parameters accepted by Samba's FSRVP server.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the environment that represents our supported production
setup of an active directory domain controller.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In transfer_role() there is an duplicate call to samdb.modify() inside the if statement
where the type of role is being determined (specifically for the naming fsmo). This
call is unnecessary as after the if statement their is a correct call, with a try/catch
block, used by all fsmo transfers that will handle errors - such as the DC with the
fsmo role being offline.
The call to samdb.modify() inside the if statement for naming fsmo has been removed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10924
Signed-off-by: Steve Howells <steve.howells@moscowfirst.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It was observed that adding libnss_winbind (via nss_wrapper) lets
the posix acl mapping come out slightly differently with respect
to the owner/domain admin who is not explicitly nailed down in
the original NT acl.
This patch extends the test to react to the presence of
nss_winbind in environment and adapts the expected results.
This in particular fixes the run of the test against the
(changed) plugin_s4_dc environment while keeping the possibility
to successfully run it against an env without nss_winbind.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 6 20:11:52 CET 2015 on sn-devel-104
This matches our other binaries, and allows samba-tool commands to run with the machine account.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: Ieaefdc77495e27bad791075d985a70908e9be1ad
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 6 07:11:43 CET 2015 on sn-devel-104
This is a short module (< 1k lines) that removes the need to
depend on subunit, testtools, extras and mimeparse. It is
based on an extract from testtools and subunit.
Change-Id: I0a4f3060b25f7bde602a07ed6bef71c8196fca64
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies
of production domains in such a way that they cannot mix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Replaced "--gid" with the correct "--gid-number" in Example 3.
Additionally removed the first comment line in group.py, which
was wrong in that file.
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Allow to create NIS enabled user accounts via 'samba-tool user add'.
To create NIS enabled accounts, the parameters
--uid-number=, --login-shell=, --unix-home=, --gid-number=
are mandatory. Because we didn't had a parameter to set unixHomeDirectory
yet, this patch also adds this feature.
'unixUserPassword: ABCD!efgh12345$67890' is added by default, when you
enable NIS on an account in ADUC. The same we do in samba-tool.
See: https://bugzilla.samba.org/show_bug.cgi?id=10909
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-Date(master): Tue Feb 3 17:18:32 CET 2015 on sn-devel-104
this is to help me port Python tests to be more Unit test alike
and remove all global handling
Starting from a new test suite - tombstone_reanimation.py
Andrew Bartlett rose his concerns that passing parameters
through environment may make tests hard to trace for
failures. However, passing parameters on command line
is not Unit test alike either. After discussing this with him
offline, we agreed to continue this approach, but prefix
environment variables with "TEST_". So that an env var
should not be used by coincidence.
Change-Id: I29445c42cdcafede3897c8dd1f1529222a74afc9
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears
LC is also necessary, and it is not granted by default to anyone but
System and Administrator, so tests had to be done negatively
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
Change-Id: Iaa631179dc79fa756416be8eaf8c55e3b0c1a29f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We should not lower case file names, because we may get a path to sam.ldb.
Now we only lower case ldap urls.
For a long time I got failing private autobuild like this:
[1623(9233)/1718 at 1h28m9s] samba4.urgent_replication.python(dc)(dc:local)
Failed to connect to ldap URL
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' - LDAP client
internal error: NT_STATUS_NO_MEMORY
Failed to connect to
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' with backend
'ldap': (null)
UNEXPECTED(error):
samba4.urgent_replication.python(dc).__main__.UrgentReplicationTests.test_attributeSchema_object(dc:local)
REASON: _StringException: _StringException: Content-Type:
text/x-traceback;charset=utf8,language=python
traceback
322
The problem is that /memdisk/metze/W/ is my test directory instead
of /memdisk/metze/w/.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Running 'make test TESTS=tests.samba3' succeeds, but the log shows that
it tried to open the gencache tdb in the wrong directory:
Unable to create directory /usr/local/samba/var/cache for file gencache.tdb. Error was No such file or directory
Fix this by correctly initializing the cache directory.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Jan 16 02:36:39 CET 2015 on sn-devel-104
Change-Id: Ic6d6c51579f8859b4e396179123974382c253bf7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Dec 22 08:21:22 CET 2014 on sn-devel-104
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
A bit more specific for the caller to "know" that env key is missing
Change-Id: I4d4c2121af868d79f46f865f420336222bc67347
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Mon Dec 8 05:27:34 CET 2014 on sn-devel-104
Signed-Off-By: Daniel Cotton <danielcotton.patches at gmail.com>
Reviewed-By: Michael Adam <obnox@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Dec 2 01:18:53 CET 2014 on sn-devel-104
Change-Id: I69d060f27ea090d14405e884d1ce271975358c56
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sun Nov 30 20:54:04 CET 2014 on sn-devel-104
Avoid hardcoded IP-strings, use standard python IP functions to format
IPv4 and IPv6 addresses correctly.
I have removed the display of the port number.
MS-DNSP 2.2.3.2.2.1 DNS_ADDR: (from May 15, 2014)
Port Number (2bytes): Senders MUST set this to zero, and receivers MUST ignore
it.
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
DNS_ZONE_UPDATE_SECURE was used twice, DNS_ZONE_UPDATE_UNSECURE was missing.
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This allows creating RFC2307 enabled groups via samba-tool
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Oct 23 18:19:35 CEST 2014 on sn-devel-104
This allows a better scripting around samba-tool for adding/removing users
to/from groups. Before the output and the return code had indicated that
everything was successul.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10871
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
* rodc.py: destination_dsa_guid parameter was neglected
in drs_Replicate call
* rodc.py: cancel the local_samdb transaction on error
Change-Id: I962315a26ec48dc8774bb41db760387a3469c919
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Oct 23 03:05:00 CEST 2014 on sn-devel-104
It is system-dependent.
Andrew Bartlett
Change-Id: Icf21476c00295a428ad808bc56ab8153f109627f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Windows 2003 is going out of support shortly, and we want users to have AES by default
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: Icb1b00697cc5641481370ded26f2f0551a5b2a97
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 2 14:15:54 CEST 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 2 03:49:49 CEST 2014 on sn-devel-104
Otherwise, we get a random samAccountName
Andrew Bartlett
Change-Id: I87ea532fe22c1b2d2effd52859da3b357f692b5a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We might be a subdomain, and not host this partition.
Andrew Bartlett
Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
This is better than passing around parameters to functions all over
the provision stack and makes it easier to pass in a seperate forest
SID when we start to support subdomains.
Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().
Andrew Bartlett
Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
This test function is defined further in the file.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 30 07:00:57 CEST 2014 on sn-devel-104
This test uses an empty smb.conf file to check if the resulting
output from testparm is empty.
It also sets a parameter as default in an smb.conf file and then
sets the option on the command line to ensure they are displayed
correctly.
Change-Id: I48f05b6e3c9e5cd856e89b196e00ae35eb93bf9f
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 8 01:57:59 CEST 2014 on sn-devel-104
Avoids some problems with using str_list_make and str_list_make_v3 and tries to
verify if the ports assignment is reasonable
Change-Id: I441c4cca605c7548a5023b65994004fbac57d2df
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
This new parameter offers the option to specify a default initial site name.
Otherwise it will be "Default-First-Site-Name".
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
The sitename is already included in "names" parameter.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 23 20:10:49 CEST 2014 on sn-devel-104
This fixes bug #10466
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed May 21 10:55:00 CEST 2014 on sn-devel-104
Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.
This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
This does not currently test enums.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When looking for incorrect name values, this improves the previous
code by avoiding one more manual parse step, and uses less cryptic
variable names.
Andrew Bartlett
Change-Id: Iff8e571a6359a67bf173f729dc12b8787292b3cb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
With older Samba versions (4.0.x) the following could happen:
- On account was created on DC1
- It was replicated to DC2
- The connection between the dcs is offline
- The account gets modified on DC2
- The account gets deleted on DC1
- The connection becomes online again
- DC1 replicates the modification from DC2,
this resets the dn to the original value.
'name' and 'cn' are correct (with '\nDEL${GUID}'),
but 'dn' is wrong.
- DC2 replicates the deletion from DC1.
this doesn't include a changed dn as DC1
had a bug.
'name' is correct (with '\nDEL${GUID}'),
but 'cn' and 'dn' are wrong.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10536
Change-Id: Ia70a6c12e0ff0d4c2c8100cb1d8f3c6422b65591
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I282ad887c41412e25fdf73476e405f4e88e0b239
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
so it is actually able to make samdb.search-es
Change-Id: I8491fd215710a53fbb41d607381f89afb5267464
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous
KCC implementation in "C"
Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
We preload socket_wrapper, no need to use the special module.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: I291924785b505b26b91152c0c13b4afd4de068a6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
In several cases we have seen objects without the objectClass attribute.
Here the suggestion for a patch to find such objects in "samba-tool dbcheck"
with the option to delete them.
(patch improved by Andrew Bartlett to suggest DRS re-replication)
Signed-off-by: Felix Botner <botner@univention.de>
Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This also includes a test to ensure we do not regress on this point.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(small corrections and TODO added following Jelmer's review by abartlet)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
Add another check to the one added for bug #10471, for added paranoia
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue Mar 4 15:47:10 CET 2014 on sn-devel-104
DNS queries for records with the wrong type need to trigger an empty
response with RCODE_OK instead of returning NXDOMAIN.
This adds a test and fixes bug #10471
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Mon Feb 10 02:26:28 CET 2014 on sn-devel-104
By doing the test later, there is an actual sam.ldb file that can be connected to.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
The script now checks the parameter defaults against the documentation by using
the output of testparm and samba-tool testparm.
It now also uses the ElementTree xml library.
Change-Id: I2657c8c56a8c8383735e659dc9f636b4c5ab460b
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jan 31 23:22:09 CET 2014 on sn-devel-104
In making this change, it also fixes a bug where attempting to dump a parameter would immediately cause an error
(due to a lack of string conversion).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jan 23 23:51:56 CET 2014 on sn-devel-104
DNS query should either be '@' to represent entire zone or a fixed string
and not wildcard search pattern.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
Credentials are no longer used and there were too many arguments to the
constructor
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix posix_acl tests to match the change in writing ACLs
with ID_TYPE_BOTH.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion
of security objects with RID < 1000. This patch will prevent deletion of
well-known accounts and groups.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
This skips handling the ForestDNSZone when we are setting up a subdomain.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
The treeConnect&X of the GUID name fails against Windows 2003.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This avoids confusion, because the LDAP backend does not use these,
and they do not set the password for the administrator account either!
This may break support for the 'existing' backend LDAP backend, but
that is nothing more than a stub for future development anyway, and
new work in this area should use EXTERNAL in any case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104
At the moment they are only available if TEST_LDAP=yes to avoid accidental use
as the openldap backend is still failing some tests
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
This is the final part of the fix for the issue in Samba 4.1
pre-release tree where we would wrongly delete the Deleted Objects
container during a join.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104
Also calling delegation locally without credentials, as this is not really
necessary and causes selftest errors against the openldap backend.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9461
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 23 12:00:24 CEST 2013 on sn-devel-104
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Remove BerkeleyDB-specific setup.
Streamline cn=samba partition initialization - allow any backend type for it.
Use back-mdb instead of back-ldif for cn=samba partition
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Moving the sleep to the beginning of the loop avoids most
occurrences of the "connection failed" message
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
We changed the magic string when we reworked the list of server roles.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
This means we now use logger consistently between doimin join, domain dcpromo
and domain provision.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This set of patches fixes up the errors that were introduced into the partial support
during the past couple of years.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will help track down strange failures in the future.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The issue here is that we create the ncName remotely with DsAddEntry,
and then replicate it back. However, at this point the naming context
pointed at by the ncName does not exist! The issue is that the
extended_dn_out module then hides the link, because it points to a
missing object. The reveal_internals control forces this link to be
returned, and so we can then find the GUID, to create the domain with
the right GUID.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104
The previous pattern never matched, as it was a typo.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 30 12:55:00 CEST 2013 on sn-devel-104
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104
If an update leaves the dnsNode without any entries, the dnsNode object
should be deleted. Thanks to Günter Kukkukk for his excellent debugging
work on this one.
This should fix bug #9559
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Windows DC ignores the secure update flag while creating new zone. Windows
performs another operation to set the secure update flag.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 28 08:47:56 CEST 2013 on sn-devel-104
This should make things a bit faster when importing very large numbers of users
as we will not constantly rewrite the indicies on disk.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Due to an oversight, the internal DNS server supports MX record updates,
but not MX record queries. Add support for MX queries and tests.
This should fix bug #9485
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
When --gecos is not specified samba-tool user add will try to read the
gecos field from a getpw call. And if user's GECOS is empty (like the
build user on sn-devel-104) then the test will fail because we can't add
an empty gecos.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 15 16:19:23 CEST 2013 on sn-devel-104
It should help to debug why is it failing on some hosts in the build
farm (ie. sn-devel)
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix provided by Tobias Florek.
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 18 12:40:33 CEST 2013 on sn-devel-104
Upgrading old Samba 3 instances seems like a place where we don't have
to read ntdb files, but Andrew Bartlett points out that you can run a
Samba 4.0 and even a 4.1 'classic' domain and desire to migrate that
to the AD DC.
So make this upgrade code generic: if it finds an ntdb file, read
that, otherwise read the tdb file.
Cc: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will allow us users to join existing oddly named domains without
objection from provision.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
This is better than failing just a little further down the stack with a useless error
about use-before-set.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
This avoids the need to fix it up again in samba_upgradedns.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
These mappings are very convenient, however because they are not
one-to-one, they lead to differences being reported when none exist,
dependent only on the order the schema searches return results in.
Sadly the time saved by the names is offset by the time wasted chasing
the 'differences' that don't exist.
This in turn fixes some tests that were previously knownfail
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows the reference SD not to have an owner specified, and still
have the comparison with a database SD that does have an owner pass.
(And the same for owning group).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is done by making a modification to the SD, which triggers it to be
filled in if we have the correct session_info established on the DB.
However, we normally want dbcheck running as system, so we wrap
the session_info set around this operation only.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will allow an upgrade from Samba 4.0.0 without needing to run
samba_upgradeprovision, which for now is not the preferred upgrade
tool.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.
Andrew Bartlett
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 17 12:56:47 CET 2013 on sn-devel-104
This reverts commit 78594909b8 which was
needed by 7622aa16ad.
This change masked bug #9462 which was fixed by
2013bb9b4d. The issue was that the
defaults for the substituted parameters did not match the old
parameter. Changing the values in our test suite hid the issue, but
did not fix the issue.
(Additional change in the revert is to correct the expected ACL value
in posixacl.py due to changed implied inherited permissions).
Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 11 19:46:24 CET 2013 on sn-devel-104
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This value is only a link to the local value of intanceType on our server, so only fix it for our server.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The DN is of the form B:8:01020304:DC=samba,DC=example,DC=com. We need
to account for the case where the 8 is actually (say) 16, and so not just
one character.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is needed to compare some parts of the database, particularly in --two mode, which
are just never going to have exactly the same DNs.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
