IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
In interactive mode we should let the admin confirm which
implementation he wants.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 10 11:45:08 CEST 2012 on sn-devel-104
Because these run as non-root, we need to avoid doing things that will
fail during the provision. The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.
Andrew Bartlett
When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC
(commit message adjusted by abartlet)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This version of BIND only ever caused pain when trying to do dynamic DNS.
If users are using this version, simply treat it as a static server.
Andrew Bartlett
This just leaves a default enough for the test code to still check the start
of the provision. This may well be removed in future, and we wish to reduce
the extra options to provision.
Andrew Bartlett
With s3fs now well settled into master, we now throw the swtich and make
it the default.
There is still much to do, but we need to be using s3fs by default to
find out exactly what that is.
Andrew Bartlett
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
This adds configuration lines for BIND versions 9.8.x and 9.9.x.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Apr 16 03:52:14 CEST 2012 on sn-devel-104
Achieve this by introducing a "disallowDNFilter" flag.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This is necessary when using the target directory to store temporary
files.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Feb 7 02:45:37 CET 2012 on sn-devel-104
This way we only catch true exceptions and keyboard interrupts
are not caught here.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
This creates a copy of rootdse, configuration and schema partitions
for dlz_bind9 use in dns/ directory. Since dlz_bind9 requires write
access to DNS partitions (DomainDnsZones and ForestDnsZones), those
partitions are hard-linked (or symlinked) to the actual partitions.
An empty domain partition is created so samdb layer can work.
With Matthieu's patch, the setting of security descriptor on
partition dn at create time works correctly.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104
This servicePrincipalName is incorrect (windows does not use that
servicePrincipalName, as it targets the server it is updating, not the
root of the DNS tree), and now that we have multiple DNS backends that
use the internal database, it is quite incorrect (as it cannot exist
on more than one account).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Nov 10 01:11:46 CET 2011 on sn-devel-104
this allows easy comparison between windows and samba ldap trees
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 9 08:27:46 CET 2011 on sn-devel-104
We do not support the LDAP backend any more, but keep the code in case someone
comes up with an interesting use case that could leverage this in a very
particular situation. In order to keep the code, we must test it, so
we keep just this much of the support around.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 8 04:33:49 CET 2011 on sn-devel-104
The things pointed at are not typically in a directory called lib,
so avoid confusing our administrators.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Oct 19 15:43:04 CEST 2011 on sn-devel-104
By default we were checking this on the default folder for
tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted
on tmpfs (which didn't support xattr currently). Now we should check on
the filesystem where the provision will be done.
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 7 15:28:13 CEST 2011 on sn-devel-104
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
The --realm argument is again optional (the previous code would take the default
from the default smb.conf, not the one specified) and --targetdir is now a
named argument much like it is to provision.
We now test the --testparm option to ensure it behaves the way we expect.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Sep 13 16:30:31 CEST 2011 on sn-devel-104
We need this so that we can modify the cn=configuration partition when
we are setting up a new subdomain.
The serverReference on our ${SERVERDN} is in that partition, and
without this change creating a new subdomain fails due to ACLs.
Andrew Bartlett
To do this we need to reorganise a lot of the provision code, so that
we can create the framework for the inbound replicaton of the config
and schema partitions and then add in the new subdomain locally.
Andrew Bartlett
This attribute is required by the hosting requirement.
[MS_ADTS].pdf 7.1.2.3.1 DC and Application NC Replica
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Sep 8 02:04:51 CEST 2011 on sn-devel-104
This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).
The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.
Andrew Bartlett
upgrade_from_s3 script now requires samba3 configuration file and target
directory for samba4 database. In addition, it either uses --libdir option
or --testparm option to correctly guess the paths for samba3 databases
(private dir and state directory).
Usage: upgrade_from_s3 [options] <configuration_file> <targetdir>
Input arguments are:
<configuration_file> - path to existing smb.conf
<targetdir> - directory in which samba4 database will be created
In addition, specify either samba3 database directory (with --libdir) or
samba3 testparm utility (with --testparm).
Before using passdb interface, initialize s3 loadparm context using
correct path settings for private dir and state directory.
Export account policy from s3 to s4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Use passdb backend to import/export users
Remove unused options for upgrade_from_s3 command (--blank) and credentials options
Config file is specified with -s/--configfile option and no need to specify as an argument.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Updated test suite invocations of newuser to "user add" as
the newuser functionality is now being moved to "user add"
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
With the fix introduced by Nadya in changeset
622ef6aed8 we are now able to generate
correct SD (at least the same as W2k3R2 with a Forest Level of 2003), so
there is no need for this fix anymore as it makes SDs for Forest Level
2003 and lower incorrect.
We changed to ${DNSNAME} (the fully qualified domain name) a while
back, and while it's usually functionally idential to the previous
setting, this breaks down if there is more than one DNS server.
Andrew Bartlett
We now have a reliable way to know the current location of the
templates: dyn_SETUPDIR, which is updated for both the in-build and
installed binaries.
This replaces the function arguments and the distributed resolution of
the setup directory with one 'global' function (imported as required).
This also removes the ability to specify an alternate setup directory
on the command line, as this was rarely if ever used and never tested.
Andrew Bartlett
the correct setup directory is known at both build time and install
time using dyn_SETUPDIR, so we no longer have any need to override it
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
It would be nice if someone could activate them as needed.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 21 14:41:53 CET 2010 on sn-devel-104
This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.
Not all DCs are automatically DNS servers.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 1 12:20:36 UTC 2010 on sn-devel-104
This should help to fix bug #7403.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.
Andrew Bartlett
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
some clients rely on this being the hostname, not the domain
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
We set up our DNS pretty well these days, and I think the previous setting
was only there because Andrew Kroeger copied this out of our selftest code
in bf3f3af926.
Andrew Bartlett
As this test doesn't delete the user accounts at the end,
we should use test specific user names. That lowers the
chance of conflicts with other tests.
metze
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.
metze
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.
The initlal rIDAvailablePool starts at nextRid + 100.
I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
check box).
After provision we should have this (assuming nextRid=1000):
rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100
rIDAvailablePool: 1600-1073741823
Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!
metze
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.
Andrew Bartlett
When adding an additional DC as a GC server, the new DC attempts to register its
own gc._msdcs records. If the existing gc._msdcs record is a CNAME, BIND fails
the update with the message "attempt to add non-CNAME alongside CNAME ignored",
and the new DC is not registered as a GC server.
The A & AAAA record types for gc._msdcs have been verified against the DNS
server of a W2K8 DC.