IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Operation 75 {5e1574f6-55df-493e-a6-71-aa-ef-fc-a6-a1-00}
- Create the CN=Managed Service Accounts object
Operation 76 {d262aae8-41f7-48ed-9f-35-56-bb-b6-77-57-3d}
- Add otherWellKnownObject link for CN=Managed Service Accounts
Referenced in the page 'Windows Server 2008R2: Domain-Wide Updates':
https://technet.microsoft.com/en-us/library/dd378973(v=ws.10).aspx
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is currently just a harmless check anyways.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Changes to provision and join to create a database with
encrypted_secrets enabled and a key file generated.
Also adds the --plaintext-secrets option to join and provision commands
to allow the creation of unencrypted databases.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add the ability to override the base schema files being used for the
new provision, e.g. instead of using the default supported schema,
the code can now potentially specify an older or newer schema to use.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add the changes needed to provision a 2012 DC (mostly this just affects
the Extended Rights objects) by moving to the new extended-rights.ldif
The localizationDisplayId is not documented in MS-ATDS so these values
are moved to provision_configuation_modify.ldif and applied after the
display-specifiers.ldif
We don't enable the 2012R2 mode yet. The ${INC2012} variable
just gets replaced with '#' so the lines get commented out and not
applied.
This approach allows us to support provisioning both a 2008R2 DC or
a 2012R2 DC (so that we can test we can upgrade a 2008 DC to 2012).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Checks password against default quality and length standards when it is entered,
allowing a second chance to enter one (if interactive), rather than running
through the provisioning process and bailing on an exception
Includes unit tests for the newly-added python wrapper of check_password_quality
plus black-box tests for the checks in samba-tool.
Breaks an openldap test which uses an invalid password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9710
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12235
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The other databases are created from copies of the main provision, but this one
is not, so did not previously get a valid @INDEXLIST.
This is important as otherwise we will not correctly notice support for
the GUID index or new DSDB features in @SAMBA_DSDB as this is gated
on seeing @SAMBA_FEATURES_SUPPORTED in @INDEXLIST.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
This is the wrong place, it will just prepare the ldif. The file is not
created here.
The code is corrently changing the group in:
python/samba/provision/__init__.py
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Tests were leaving entries in the secrets database that caused
subsequent test cases to fail.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should stop talking about Samba4 and use the terms Samba AD and
Samba FS.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 5 15:51:54 CEST 2017 on sn-devel-144
Port Python bindings of samba.param module to
Python3-compatible form.
Because native Python file objects are officially
no longer backed by FILE*, API of some _dump()
functions is changed. File argument is now
optional and contains only name of file. Stdout
is default if no file name is specified. Otherwise
opening and closing files is done on C layer
instead of Python.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Nov 21 18:49:12 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144
When provisioning a new DC, a message is displayed that a Kerberos
configuration file has been created. The message now uses the term
"Samba AD" instead of "Samba 4".
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 10 22:34:03 CEST 2016 on sn-devel-144
During the provision this causes a huge performance hit as these two
attributes are unindexed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10881
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 15 11:47:21 CET 2015 on sn-devel-104
If you join a second DC after changing the name of
the 'Default Domain Policy' or 'Default Domain Controllers
Policy' the join will fail as the search is hardcoded to
these names, this fix changes the search to the objects name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11600
Signed-off-by: Rowland Penny <repenny241155@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Nov 21 04:44:58 CET 2015 on sn-devel-104
While we do not support these yet, they make no difference to DNS, so permit up to 2012R2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 23:23:13 CEST 2015 on sn-devel-104
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 6 20:11:52 CET 2015 on sn-devel-104
Windows 2003 is going out of support shortly, and we want users to have AES by default
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We might be a subdomain, and not host this partition.
Andrew Bartlett
Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
This is better than passing around parameters to functions all over
the provision stack and makes it easier to pass in a seperate forest
SID when we start to support subdomains.
Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
The sitename is already included in "names" parameter.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
This fixes bug #10466
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed May 21 10:55:00 CEST 2014 on sn-devel-104
(small corrections and TODO added following Jelmer's review by abartlet)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
