1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

36 Commits

Author SHA1 Message Date
Stefan Metzmacher
0475cfe570 r4941: - all needed data is now in sam.ldb and hacked.ldb is not needed anymore by the hacked ldap backend
- readd the schema naming context container object as it's needed for a w2k3 dc join

metze
(This used to be commit c583f80623)
2007-10-10 13:09:08 -05:00
Andrew Tridgell
6c310003d2 r4828: don't apply the schema until we get it working properly
(This used to be commit 37a133c817)
2007-10-10 13:08:59 -05:00
Stefan Metzmacher
b494d95e6d r4806: - add some data to the configuration naming context
- add some stuff to make w2k3 dc join to get the correct
  values

metze
(This used to be commit d149063562)
2007-10-10 13:08:57 -05:00
Simo Sorce
8a153e5ca2 r4785: add schema objects to provision
but let schema checking be disabled by default until we can pass all test with it enabled
(This used to be commit e2c1ee1dd8)
2007-10-10 13:08:54 -05:00
Andrew Bartlett
dae67d2f0b r4763: Join Samba4 to itself during the provision process.
Andrew Bartlett
(This used to be commit feca96fe5a)
2007-10-10 13:08:51 -05:00
Andrew Tridgell
f4e29ae1e9 r4748: removed unnecessary distinguishedName from provisioning
(This used to be commit 31919995fd)
2007-10-10 13:08:49 -05:00
Stefan Metzmacher
c0b55c0e3b r4715: alwys add the distinguishedName attribute
the w2k3 dc join needs that

metze
(This used to be commit 29bc75ba28)
2007-10-10 13:08:47 -05:00
Andrew Bartlett
c0571f6234 r4698: - Initial implementation of trusted domains in LSA.
- Use templates for Secrets and the new trusted domains

 - Auto-add modifiedTime, createdTime and objectGUID to records in the
   samdb layer.

Andrew Bartlett
(This used to be commit 271c8faadf)
2007-10-10 13:08:44 -05:00
Andrew Bartlett
a249198d53 r4682: A LDB-based secrets implementation in Samba4.
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.

Some small changes to come, but the bulk of the work is now done.

A re-provision is required after this change.

Andrew Bartlett
(This used to be commit ded3303352)
2007-10-10 13:08:42 -05:00
Stefan Metzmacher
aa731aceb8 r4484: - use the nTMixedDomain attribute to check if our domain is mixed mode or not
metze
(This used to be commit 7fe9550375)
2007-10-10 13:08:11 -05:00
Volker Lendecke
8445576d7f r4377: Fix default groupType attributes.
Volker
(This used to be commit 15d50350b5)
2007-10-10 13:07:40 -05:00
Volker Lendecke
e14a5a9167 r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and
samr_GetMembersInAlias.

Volker
(This used to be commit 78802720ae)
2007-10-10 13:07:40 -05:00
Volker Lendecke
4d6a13debb r4345: Unify the representation of grouptype and samaccounttype to hex. Without any
kind of schema support we only have string comparisons (Hmm. Is this true?)
and must agree upon a common representation for integers. I suspect that we
might sooner or later need a search filter for "This bit in this integer
attrib is being set".

Volker
(This used to be commit 5f2d93b66b)
2007-10-10 13:07:37 -05:00
Volker Lendecke
61b1620fc4 r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there
enough stuff to do in 3_0??? ;-)

Volker
(This used to be commit c0fa7a92d9)
2007-10-10 13:07:35 -05:00
Stefan Metzmacher
bf3067ea0d r4318: add missing template for trusting domains
metze
(This used to be commit 32264c6c30)
2007-10-10 13:07:34 -05:00
Andrew Tridgell
4ffc419ee3 r4227: index the privilege attribute to make lsa privilege calls efficient
(This used to be commit e9e603208d)
2007-10-10 13:07:27 -05:00
Andrew Tridgell
dca888e51e r4148: add a default set of privileges to the core builtin accounts in the
sam. I decided to do it the simple way of making the privileges user
attributes. w2k doesn't expose the privileges via LDAP, so we are free
to store them in any way we like without breaking compatibility.
(This used to be commit 5f29f4c307)
2007-10-10 13:06:31 -05:00
Stefan Metzmacher
b0d518efdf r4046: add more servicePrincipalName's for the dc account
metze
(This used to be commit 659a0b26e2)
2007-10-10 13:06:17 -05:00
Andrew Tridgell
7da22310e7 r3991: for uid->sid and gid->sid to be efficient we need to index on unixID
and unixName in samdb.
(This used to be commit 5c966821e2)
2007-10-10 13:06:11 -05:00
Simo Sorce
679e95db03 r3754: merge in ldb modules support from the tmp branch ldbPlugins
(This used to be commit 71323f424b)
2007-10-10 13:05:51 -05:00
Andrew Tridgell
3351f1aa8d r3632: added an index on "member" in default provision. This speeds up my
connect/disconnect test by a factor of 20x

when andrew gets a chance to change auth_sam.c to not do a search on
member= and instead use the memberOf attribute for the user then we
should delete this index attribute, as maintaining the index is
expensive
(This used to be commit 0443537be8)
2007-10-10 13:05:41 -05:00
Andrew Bartlett
1d990b526e r3109: Give krbtgt and our machine account a random password in provision.
Andrew Bartlett
(This used to be commit 560a8c9f42)
2007-10-10 13:02:22 -05:00
Stefan Metzmacher
c9e761a39e r2873: create a DNS zone file for a BIND name server
metze
(This used to be commit 1e8c431331)
2007-10-10 12:59:41 -05:00
Stefan Metzmacher
becc7302f0 r2829: REALM and netbiosname are always uppercase
dnsname and dnshostname always lowercase

metze
(This used to be commit 0b46dc6f4b)
2007-10-10 12:59:37 -05:00
Andrew Tridgell
ffe8ecfc14 r2808: added auto-detection of unix user and groups names during provision.
(This used to be commit 036e953fac)
2007-10-10 12:59:36 -05:00
Andrew Tridgell
0eeb0973e9 r2804: - setup some reasonable default SAM to unixName mappings in the provisioning.
- enable the unixuid module by default on all backends
(This used to be commit e335cd4933)
2007-10-10 12:59:36 -05:00
Stefan Metzmacher
169cf23812 r2727: mark the password fields as hidden
metze
(This used to be commit 7ff118ecc9)
2007-10-10 12:59:27 -05:00
Andrew Bartlett
9d3f614ea4 r2313: Make these attributes case insensitive in the default provision.ldif
Andrew Bartlett
(This used to be commit e7115c6b95)
2007-10-10 12:58:42 -05:00
Andrew Tridgell
7f3d4cc980 r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server
- added lsa_OpenPolicy2() to server

- added guid handling in samdb

- added a couple more info policy levels in lsa server

- added some DNS info in the provisioning template and script

With the above changes WinXP professional can join a Samba4 domain
(This used to be commit d6dca96352)
2007-10-10 12:56:20 -05:00
Andrew Tridgell
acda755f54 r793: - don't make templates members of any class that would make them show
up in searches like "objectclass=user"

 - auto-add the computer objectclass for computer accounts on create

 - added two types of password change call in samr server

 - reset last_fault_code before each dcerpc call
(This used to be commit c1a65f83f6)
2007-10-10 12:53:51 -05:00
Andrew Bartlett
064e7447be r743: Start on a NETLOGON server in Samba4.
Currently this only authentiates the machine, not real users.

As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.

I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.

The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.

Andrew Bartlett
(This used to be commit 94624e519b)
2007-10-10 12:53:46 -05:00
Andrew Tridgell
7dc054acaf r624: all templates should be in class Template
(This used to be commit 0431d30903)
2007-10-10 12:51:55 -05:00
Volker Lendecke
16f7b35a0a r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo,
samr_DeleteDomainGroup.

I've added the hidden attribute numMembers that must be maintained by
Add/DelGroupMember for the GroupInfoAll query.

Volker
(This used to be commit 945d747860)
2007-10-10 12:51:52 -05:00
Volker Lendecke
9652ed4de8 r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2.
Volker
(This used to be commit 59241c0c9a)
2007-10-10 12:51:50 -05:00
Andrew Tridgell
0ed08d9398 r578: initial server side implementation of samr_CreateUser(),
samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(),
and samr_DeleteUser()

this uses a user template in the SAM db, of objectclass "userTemplate"
and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows
an admin to add any default user attributes that they might want to
the user template and all new users will receive those attributes.
(This used to be commit 10b6e0011b)
2007-10-10 12:51:48 -05:00
Andrew Tridgell
7ab448ae67 r459: added an initial provision.ldif - this is temporary, and needs to be
replaced with a more sophisticated provisioning system
(This used to be commit 86604bef23)
2007-10-10 12:51:44 -05:00