IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This was an interesting hack, and the local_password module still exists, but
until it has a use case and a test case, remove the bypass of password_hash.
Andrew Bartlett
We need to have the struct dreplsrv_partition_source_dsa around until the end of the
async op, so we use talloc_reference after carefully checking the callers and
making the modifications required.
This prevents a crash when replicating partitions in the vampire_dc test after
adding DNS replication at join time.
Andrew Bartlett
modifyTimeStamp is a generated attribute, for most object it's generated
directly from the whenChanged attribute. But for the CN=aggregate object
in the schema we have to handle it in a different way, that's because
for this object whenChanged!=modifyTimeStamp (as checked against Windows
2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the
most recently modified and loaded schema object (that is to the one with
the highest USN before the schema was reload due to timeout or by the
reloadSchemaNow command).
Some third party are using this information to know if they have to
update their schema cache and also to check that schema updates have
been correctly reloaded by the DC, a good example of this behavior is
exchange 2010.
If the value has changed then reload the schema, this means that now the
schema is only reloaded on a periodical basis or if we have been asked
explicitly to do it and not necesserly if the schema partition has
changed.
In theory when presented this control and not a GC we should use the
specified name as the DC to contact for cross-domain link verification.
But for the moment we don't support this so we just fail when we have
this control and are not a GC.
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because
in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID).
If so generate another random value.
If not check if the highest USN in the database for the schema partition is the
one that we know.
If so it means that's only this ldb context that is touching the schema in the database.
If not it means that's someone else has modified the database while we are doing our changes too
(this case should be very bery rare) in order to be sure do the search in the database.
Samba 4 use to try to reload the schema every time dsdb_get_schema was
called (which could be 20+ time per ldb request). Now we only reload at
most every xx seconds (xx being the value of dsdb:"schema_reload_interval"
or 120). The timestamp of the last reloaded schema is kept in the
dsdb_schema object. There is also a timestamp in the ldb_context, that
is used by the LDAP server to know if it has to reload the schema after
handling the request. This is used to allow that the schema will be
immediately reload after a schemaUpdateNow request has been issued, the
reload can't occur in the handling of the LDAP request itself because
we have a transaction autostarted.
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
To remove finddcs_nbt these missing deps need to be added. These
subsystems linked to to implicit dependencies provided by finddcs.
Due to the new arrangmenet of subsystems, MESSAGING needs to be a
private library to avoid being a source of duplicate symbols.
Andrew Bartlett
Thanks to Matthieu Patou <mat@matws.net> for pointing it out.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
The service principal names need to be case-insensitively unique, otherwise we
end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error.
This issue has been discovered on the technical mailing list (thread:
cannot rename windows xp machine in samba4) when trying to rename a AD
client workstation.
First they do not need to be "static" any longer since we have abandoned
asynchronous result handling (where global variables have been important).
In addition add some "const" in order to protect us from unwanted writes.
Reviewed-by: Andrew Bartlett
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Apr 30 16:46:20 CEST 2012 on sn-devel-104
This is a very essential attribute since it references to various domain
master roles (PDC emulator, schema...) depending on which entry it has
been set. Incautious modifications can cause severe problems.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
Also avoid a silly game with directly modifying the principal and
then calling krb5_principal_unparse_flags to get out a string.
If we already assume it is a 2 components name and know what outcome we are
going to get, just go ahead and talloc_asprintf the linearized string.
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
