IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It means no space/_/-/@.... and less than 16 chars.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Oct 30 14:26:22 UTC 2010 on sn-devel-104
This should help to fix bug #7403.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.
Andrew Bartlett
Otherwise "provision" resets our current debug level and
we don't get debug messages we may expect onwards
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Oct 5 11:32:50 UTC 2010 on sn-devel-104
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The challenge here is to update the existing record if it already
exists, rather than deleting the old record. This ensures that the
secrets.keytab handling code keeps the previous password in the
keytab.
Andrew Bartlett
The value of GUID for policy is not random for default policies, it is
described here ("How Core Group Policy Works"):
http://technet.microsoft.com/en-us/library/cc784268%28WS.10%29.aspx
at paragraph System\Policies Container.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.
metze
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.
The initlal rIDAvailablePool starts at nextRid + 100.
I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
check box).
After provision we should have this (assuming nextRid=1000):
rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100
rIDAvailablePool: 1600-1073741823
Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!
metze
We don't support many of the extra features, but that applies across many
other parts of AD. Allow the admin to join a 2008R2 domain if he or she wants.
This also makes it possible to test 2008R2 domain code in 'make test'
Andrew Bartlett
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
Comments are to inform people that this function should not handle
transaction within the function as it is mainly used in provision and
that we want to commit secrets only if all the action on secrets have
worked.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
When adding an additional DC as a GC server, the new DC attempts to register its
own gc._msdcs records. If the existing gc._msdcs record is a CNAME, BIND fails
the update with the message "attempt to add non-CNAME alongside CNAME ignored",
and the new DC is not registered as a GC server.
The A & AAAA record types for gc._msdcs have been verified against the DNS
server of a W2K8 DC.
