1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

998 Commits

Author SHA1 Message Date
Stefan Metzmacher
60f0e172e3 s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30 17:17:21 +01:00
Stefan Metzmacher
ffaf9bb98b s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30 17:17:21 +01:00
Ricky Nance
d09ac9636a Removed phpldapadmin inclusion for Samba 4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
2012-10-17 12:55:44 +02:00
Stefan Metzmacher
2c4255084a s4:scripting: rename upgradeprovision -> samba_upgradeprovision
metze
2012-09-12 07:07:27 +02:00
Stefan Metzmacher
a0baaf2064 s4:setup: remove standalone 'provision'
metze
2012-09-12 07:07:27 +02:00
Stefan Metzmacher
fdd2a7e65f s4:setup/tests: make use of samba-tool domain provision
metze
2012-09-11 08:35:56 +02:00
Stefan Metzmacher
06809f4ba9 s4:provision: ask the admin about the desired DNS implementation
In interactive mode we should let the admin confirm which
implementation he wants.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 10 11:45:08 CEST 2012 on sn-devel-104
2012-09-10 11:45:08 +02:00
Andrew Bartlett
24f3147019 selftest: Fix comment in blackbox_s3upgrade.sh 2012-08-28 07:57:30 +10:00
Andrew Bartlett
c1012c6817 selftest: Specify --use-ntvfs when testing the group code
We do not need to set filesystem ACLs in this case.

Andrew Bartlett
2012-08-23 15:02:25 +02:00
Andrew Bartlett
b2ff36566b selftest: Specify --use-ntvfs when testing the newuser code
We do not need to set filesystem ACLs in this case.

Andrew Bartlett
2012-08-23 15:02:25 +02:00
Andrew Bartlett
2fc6760d5a selftest: Specify --use-ntvfs when testing the LDAP backend init code
We do not need to set filesystem ACLs in this case.

Andrew Bartlett
2012-08-23 15:02:25 +02:00
Andrew Bartlett
9170f9ce95 selftest: Specify --use-ntvfs to provision in test scripts
Because these run as non-root, we need to avoid doing things that will
fail during the provision.  The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.

Andrew Bartlett
2012-08-22 01:31:57 +02:00
Andrew Bartlett
e4001a78c1 dsdb: Allocate new OID to allow updates of a read-only replica
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.

Andrew Bartlett
2012-07-18 09:32:53 +02:00
Geza Gemes
70de501d6a s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs
When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC

(commit message adjusted by abartlet)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-13 06:00:17 +02:00
Andrew Bartlett
d31f55b297 s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
This support is too painful to use.

Andrew Bartlett
2012-07-03 08:13:02 +10:00
Andrew Bartlett
5de841f6f2 s4-dns: Remove dynamic DNS instructions for bind 9.7
This version of BIND only ever caused pain when trying to do dynamic DNS.

If users are using this version, simply treat it as a static server.

Andrew Bartlett
2012-07-03 08:13:02 +10:00
Andrew Bartlett
2b50e8c534 s4-provision: Remove --slapd-path option
This just leaves a default enough for the test code to still check the start
of the provision.  This may well be removed in future, and we wish to reduce
the extra options to provision.

Andrew Bartlett
2012-06-20 16:22:41 +10:00
Andrew Bartlett
d9f7195a1f s4-classicupgrade: Use "samba classic" description for samba3 NT4-like domains in samba3upgrade 2012-06-16 08:18:10 +02:00
Andrew Bartlett
61f7f01554 s4-s3upgrade: Add my wins.dat and fix the parsing error
The issue was that the numbers at the end of the lines are space
padded.

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
abb2c7fef4 s4-provision: Make s3fs the default way to install a new Samba4 DC
With s3fs now well settled into master, we now throw the swtich and make
it the default.

There is still much to do, but we need to be using s3fs by default to
find out exactly what that is.

Andrew Bartlett
2012-05-24 09:59:04 +02:00
Jelmer Vernooij
7ed9ebab83 provision: remove reference to no longer existing template files. 2012-05-03 13:41:24 +02:00
Lukasz Zalewski
9cd664b2e9 Extension to the samba-tool group subcommand functionality to allow listing of the members of an AD group 2012-05-03 08:09:09 +10:00
Andrew Bartlett
63f2d1060e s4-provision: Fix --use-s3fs to parse correctly 2012-05-02 10:53:51 +10:00
Andrew Bartlett
0615cf5f85 s4-provision: Always give the warning if we are using eadb. It really should be for testing only 2012-04-19 19:15:05 +02:00
Michael Adam
9e9887d323 s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modify
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.

Signed-off-by: Matthieu Patou <mat@matws.net>

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
2012-04-18 02:48:28 +02:00
Jelmer Vernooij
1e949f3cd1 provision: Simplify handling of default for --server-role.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Apr 16 18:12:24 CEST 2012 on sn-devel-104
2012-04-16 18:12:24 +02:00
Jelmer Vernooij
8cd7cc33d9 provision: Simplify handling of default for --function-level. 2012-04-16 16:30:18 +02:00
Jelmer Vernooij
efa594820a provision: Simplify handling of default for --dns-backend option. 2012-04-16 16:30:18 +02:00
Matthieu Patou
f35d20119a Add an option to have s3fs as file server for samba4
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 16 09:38:18 CEST 2012 on sn-devel-104
2012-04-16 09:38:17 +02:00
Amitay Isaacs
06a0101082 s4-provision: Update configuration lines for dlz_bind9
This adds configuration lines for BIND versions 9.8.x and 9.9.x.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Apr 16 03:52:14 CEST 2012 on sn-devel-104
2012-04-16 03:52:14 +02:00
Matthias Dieter Wallnöfer
d6fde2d4c2 LDB/s4 - deny the "(dn=...)" syntax on search filters when in AD mode
Achieve this by introducing a "disallowDNFilter" flag.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26 00:57:29 +02:00
Björn Baumbach
70e71240e2 s4-provision: don't ask only 3 times for passwd in interactive mode
Signed-off-by: Michael Adam <obnox@samba.org>
2012-03-21 16:11:25 +01:00
Björn Baumbach
0f35c4a242 s4-provision: add password verification in interactive mode
Since we do not print the password out (anymore), it is necessary to
verify the entered password.

Signed-off-by: Michael Adam <obnox@samba.org>
2012-03-21 16:11:24 +01:00
Matthieu Patou
256e2df9dc s4-selftest: create the st/provision if it didn't exists already
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Thu Mar  8 00:25:24 CET 2012 on sn-devel-104
2012-03-08 00:25:24 +01:00
Jelmer Vernooij
687e065036 provision: Write configuration without help of templates.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 27 00:52:46 CET 2012 on sn-devel-104
2012-02-27 00:52:46 +01:00
Jelmer Vernooij
21f443eb82 provision: Leave result reporting up to caller. 2012-02-26 16:27:06 +01:00
Jelmer Vernooij
f2903e0c4f provision: Make sure target directory is created early.
This is necessary when using the target directory to store temporary
files.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Feb  7 02:45:37 CET 2012 on sn-devel-104
2012-02-07 02:45:36 +01:00
Horacio G. de Oro
7e02757dfc Use named argument 'dir' instead of 'prefix' on NamedTemporaryFile for source4/setup/provision
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2012-02-07 01:11:07 +01:00
Andrew Bartlett
eecf2ac4c8 selftest: Remove unused support for --exeext 2012-02-01 02:45:07 +01:00
Amitay Isaacs
1f0298dd1b python: Change except: statement to except Exception:
This way we only catch true exceptions and keyboard interrupts
are not caught here.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
2012-01-24 03:32:40 +01:00
Michael Adam
83c149de4d s4:provision: add a server services line to the smb.conf template for the dc
Signed-off-by: Kai Blin <kai@samba.org>
2012-01-10 19:19:27 +01:00
Amitay Isaacs
0a10b32602 setup: Fix phpldapadmin configuration for version 1.2.x 2011-12-14 15:57:32 +11:00
Amitay Isaacs
1e935d1bdc s4-provision: Make BIND9_DLZ as the default backend for DNS 2011-11-29 16:00:36 +11:00
Amitay Isaacs
341979cc9a s4-provision: Create a samdb copy for access by dlz_bind9 module
This creates a copy of rootdse, configuration and schema partitions
for dlz_bind9 use in dns/ directory.  Since dlz_bind9 requires write
access to DNS partitions (DomainDnsZones and ForestDnsZones), those
partitions are hard-linked (or symlinked) to the actual partitions.
An empty domain partition is created so samdb layer can work.
2011-11-29 16:00:36 +11:00
Andrew Bartlett
47d34997e8 s4-s3-upgrade Test getdomainsid as well 2011-11-17 00:34:09 +01:00
Andrew Bartlett
29cd8ae6fd s4-provision permit server role to be the ROLE_ strings from s3
Also convert between the aliases in one single place.

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17 00:34:09 +01:00
Andrew Bartlett
b8c119f3ba s4-s3-upgrade Add test of net getlocalsid after the upgrade
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17 00:34:08 +01:00
Amitay Isaacs
8507adb8d0 provision: Set the security descriptor while creating partitions
With Matthieu's patch, the setting of security descriptor on
partition dn at create time works correctly.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104
2011-11-16 08:54:25 +01:00
Andrew Bartlett
ca52871541 s4-setup Remove servicePrincipalName: DNS/${DNSDOMAIN} from new installations
This servicePrincipalName is incorrect (windows does not use that
servicePrincipalName, as it targets the server it is updating, not the
root of the DNS tree), and now that we have multiple DNS backends that
use the internal database, it is quite incorrect (as it cannot exist
on more than one account).

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Nov 10 01:11:46 CET 2011 on sn-devel-104
2011-11-10 01:11:46 +01:00
Amitay Isaacs
0c2f91c6b2 s4-provision: Create ldap records for DNS partitions similar to windows
this allows easy comparison between windows and samba ldap trees

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov  9 08:27:46 CET 2011 on sn-devel-104
2011-11-09 08:27:46 +01:00
Andrew Bartlett
696a70c9fa s4-provision Remove options for LDAP backend to reduce user confusion
We do not support the LDAP backend any more, but keep the code in case someone
comes up with an interesting use case that could leverage this in a very
particular situation.  In order to keep the code, we must test it, so
we keep just this much of the support around.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov  8 04:33:49 CET 2011 on sn-devel-104
2011-11-08 04:33:49 +01:00
Theresa Halloran
b26a4f6232 s4: samba-tool subcommand rename - change samba-tool user add to samba-tool user create
Signed-off-by: Theresa Halloran <thallora@linux.vnet.ibm.com>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2011-10-23 15:23:28 -07:00
Geza Gemes
a0f7c990f4 s4:wscript - install the two missing files "dlz_bind9.so" and "named.conf.dlz"
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct 27 20:27:32 CEST 2011 on sn-devel-104
2011-10-27 20:27:32 +02:00
Andrew Bartlett
43f23b55c4 s4-s3-upgrade rename samba-tool domain samba3upgrade --libdir to --dbdir for clarity
The things pointed at are not typically in a directory called lib,
so avoid confusing our administrators.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Oct 19 15:43:04 CEST 2011 on sn-devel-104
2011-10-19 15:43:04 +02:00
Andrew Bartlett
036b23a106 s4-s3-upgrade test upgrade without a wins.dat 2011-10-19 14:13:09 +02:00
Kai Blin
b42b81249c s4 provision: Default to win2k3 domain function level 2011-10-17 08:16:12 +02:00
Kai Blin
41d48626e2 s4 provision: Reword opinionated dns backend help text, add NONE backend 2011-10-17 08:16:12 +02:00
Kai Blin
292554c396 s4 provision: Rename bind9 flatfile backend to BIND9_FLATFILE 2011-10-17 08:16:12 +02:00
Matthieu Patou
009b97d6f3 provision: fix the doc
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Oct 16 01:31:21 CEST 2011 on sn-devel-104
2011-10-16 01:31:21 +02:00
Matthieu Patou
a1767f74af s4: check that the xattr are supported in the folder where we want to provision
By default we were checking this on the default folder for
tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted
on tmpfs (which didn't support xattr currently). Now we should check on
the filesystem where the provision will be done.
2011-10-16 00:01:36 +02:00
Stefan Metzmacher
bcb02129c3 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct  7 15:28:13 CEST 2011 on sn-devel-104
2011-10-07 15:28:13 +02:00
Andrew Tridgell
c2d70af1a7 s4-dsdb: added DSDB_CONTROL_DBCHECK
this will be used for overrides by the dbcheck validator

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:22 +11:00
Andrew Tridgell
60cbc98051 s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Kai Blin
5c890ad17f s4 provision: Set server role default when called from command line to 'dc' 2011-10-02 11:59:19 +02:00
Andrew Tridgell
00ef18f19c s4-dsdb: added NO_GLOBAL_CATALOG control
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
2011-09-22 10:00:48 +10:00
Andrew Bartlett
c6cf070df0 s4-s3-upgrade Improve samba-tool domain samba3upgrade behaviour
The --realm argument is again optional (the previous code would take the default
from the default smb.conf, not the one specified) and --targetdir is now a
named argument much like it is to provision.

We now test the --testparm option to ensure it behaves the way we expect.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Sep 13 16:30:31 CEST 2011 on sn-devel-104
2011-09-13 16:30:31 +02:00
Andrew Bartlett
c271b71420 s4-provision Perform 'modify' operations as system
We need this so that we can modify the cn=configuration partition when
we are setting up a new subdomain.

The serverReference on our ${SERVERDN} is in that partition, and
without this change creating a new subdomain fails due to ACLs.

Andrew Bartlett
2011-09-13 15:37:12 +10:00
Andrew Bartlett
846e342648 s4-provision Split addition of users and well known principals
If we are provisioning a subdomain, then these are already in
cn=configuration.

Andrew Bartlett
2011-09-13 15:37:12 +10:00
Andrew Bartlett
6635bb70d3 s4-provision Add initial support for joining as a new subdomain
To do this we need to reorganise a lot of the provision code, so that
we can create the framework for the inbound replicaton of the config
and schema partitions and then add in the new subdomain locally.

Andrew Bartlett
2011-09-13 15:37:11 +10:00
Jelmer Vernooij
0ee22a2dec s4-python: Fix some formatting issues.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104
2011-09-13 03:51:13 +02:00
Andrew Bartlett
8268c2d4e2 s4-s3-upgrade Remove upgrade_from_s3 script, use samba-tool domain samba3upgrade 2011-09-12 20:52:00 +10:00
Amitay Isaacs
9a5524e00a s4-provision: Add named.conf template for BIND9 with DLZ support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-12 20:42:14 +10:00
Amitay Isaacs
41e9f9d504 s4-provision: Add Seperate instructions for BIND 9.7.x and 9.8.x.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-12 20:42:13 +10:00
Amitay Isaacs
1860e6b1a3 s4-provision: Enable SPNs for DNS
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-12 20:42:12 +10:00
Amitay Isaacs
7800a501cd s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning
This attribute is required by the hosting requirement.
[MS_ADTS].pdf 7.1.2.3.1 DC and Application NC Replica

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Sep  8 02:04:51 CEST 2011 on sn-devel-104
2011-09-08 02:04:51 +02:00
Amitay Isaacs
b36e9de863 s4-provision: LDIF files to set up AD DNS schema
This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Amitay Isaacs
595b9c4cc6 s4-provision: Add DNS backend option to provision
This option is introduced temporarily to test bind9 backend with
and without dlz_dlopen module.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Amitay Isaacs
92169e9deb s4-provision: exit is not imported directed, use sys.exit
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Amitay Isaacs
14664fac34 s4-provision: Extract dns account creation as separate ldif
MicrosoftDNS container and LDAP entries for root servers will be
added by sambadns.py directly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Andrew Bartlett
3d05a0856f s4-provision Use ProvisioningError and the eadb
The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).

The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.

Andrew Bartlett
2011-09-05 11:25:38 +10:00
Andrew Bartlett
5c8bf1434d s4-provision Add realm to DC configuration in upgrade_from_s3 test 2011-09-05 11:25:37 +10:00
Amitay Isaacs
76ff9bffd8 s3_upgrade: Set lock directory to correct directory
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-26 10:07:36 +10:00
Amitay Isaacs
d8465f2a91 s3_upgrade: Update commandline options and use updated samba3 python module
upgrade_from_s3 script now requires samba3 configuration file and target
directory for samba4 database. In addition, it either uses --libdir option
or --testparm option to correctly guess the paths for samba3 databases
(private dir and state directory).

Usage: upgrade_from_s3 [options] <configuration_file> <targetdir>

Input arguments are:
  <configuration_file> - path to existing smb.conf
  <targetdir>          - directory in which samba4 database will be created

In addition, specify either samba3 database directory (with --libdir) or
samba3 testparm utility (with --testparm).

Before using passdb interface, initialize s3 loadparm context using
correct path settings for private dir and state directory.

Export account policy from s3 to s4.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-26 10:06:33 +10:00
Andrew Tridgell
b2c6b0122f s4-dns: fixed dns_update_list for multi-domain forests
this should now match the DNS entries of w2k8r2c 

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25 07:39:39 +10:00
Andrew Tridgell
42ae193e3f s4-dns: fixed DNS and SPN update lists for multi-domain support
fixed DNS to point at forest root

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25 07:39:38 +10:00
Andrew Bartlett
399eae13a1 s4-provision set passdb backend to 'samba4' in template smb.conf files
This will allow smbpasswd, net sam and pdbedit to 'just work' against
the newly created databases.

Andrew Bartlett
2011-08-22 09:00:59 +10:00
Amitay Isaacs
305cb567f4 upgrade: Add missing bits for the s3 to s4 upgrade script
Use passdb backend to import/export users

Remove unused options for upgrade_from_s3 command (--blank) and credentials options
Config file is specified with -s/--configfile option and no need to specify as an argument.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13 20:18:40 +10:00
Amitay Isaacs
64ec42d64f tests: Update test for s3 to s4 upgrade with two cases
S3-member to S4-member and S3-dc to S4-dc

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13 20:18:40 +10:00
Andrew Bartlett
93e8d3b381 s4-scripting Rename passdb upgrade routine to avoid conflict with upgradeprovision 2011-08-13 12:30:49 +10:00
Andrew Tridgell
d79ee18f98 s4-provision: create dsServiceName in @ROOTDSE in GUID form
this allows for handling of server renames as the GUID doesn't change

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12 04:00:07 +02:00
Andrew Tridgell
849d042dd8 ldb: added a new always-fail ldap extended match OID
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04 16:17:25 +10:00
Giampaolo Lauria
901959d9ca samba-tool: updated test suite to account for newuser change
Updated test suite invocations of newuser to "user add" as
the newuser functionality is now being moved to "user add"

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:51 +10:00
Andrew Tridgell
57b796d435 samba-tool: fixed samba-tool user syntax
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:29 +10:00
Giampaolo Lauria
8c7718ac16 samba-tool: update test suite for the new domain object
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Giampaolo Lauria
c4a92292c1 samba-tool: update test suite for add setpassword
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:22 +10:00
Stefan Metzmacher
c0eb56d159 s4:param: add "state dir" and "cache dir" options
metze
2011-07-12 14:58:34 +02:00
Kai Blin
749d022a0c s4 provision: Add some of the AD-specific DNS records to the directory
Signed-off-by: Kai Blin <kai@samba.org>

Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Jul  7 02:29:53 CEST 2011 on sn-devel-104
2011-07-07 02:29:53 +02:00
Kai Blin
a8d3bdb48d s4 provision: split up DNS provisioning into generic and samba-specific ldifs
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-07 00:10:27 +02:00
Matthieu Patou
15637206b9 s4-provision: Remove hard coded SD for CN=Sites container
With the fix introduced by Nadya in changeset
622ef6aed8 we are now able to generate
correct SD (at least the same as W2k3R2 with a Forest Level of 2003), so
there is no need for this fix anymore as it makes SDs for Forest Level
2003 and lower incorrect.
2011-06-19 23:21:08 +02:00
Andrew Tridgell
6ea8db1bd4 s4-build: install a build link bin/provision 2011-06-07 15:48:42 +10:00
Andrew Bartlett
a18efb1490 s4-param Remove 'sid generator'
This was only used by the Fedora DS backend for Samba4.  We agreed to
no longer support external LDAP backends.

Andrew Bartlett
2011-06-06 17:37:50 +10:00
Andrew Tridgell
7d59e9c549 s4-ipv6: added IPv6 support to samba_dnsupdate 2011-06-06 12:26:10 +10:00
Theresa Halloran
23177b5f44 s4:samba-tool: Move samba-tool setexpiry to samba-tool user setexpiry <user>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-01 17:24:36 +10:00
Theresa Halloran
726ee12bb4 s4/samba-tool: Move samba-tool enableaccount to samba-tool user enable command.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-01 17:24:36 +10:00
Andrew Bartlett
53b0c44d8c s4-provision Use correct tkey-gssapi-credential
We changed to ${DNSNAME} (the fully qualified domain name) a while
back, and while it's usually functionally idential to the previous
setting, this breaks down if there is more than one DNS server.

Andrew Bartlett
2011-05-25 12:12:53 +10:00
Matthieu Patou
f1873382da upgradeprovision: add hostname in the blackbox tests 2011-05-21 08:41:07 +02:00
Matthieu Patou
535a9b3133 Make the purge first so that the provision can reused during tests 2011-05-21 08:41:07 +02:00
Matthieu Patou
da2e34a134 provision: reorganize attributes so that we don't attribute with DN syntax that depends on non present object
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Apr 30 14:51:16 CEST 2011 on sn-devel-104
2011-04-30 14:51:16 +02:00
Matthias Dieter Wallnöfer
7aa0219be8 s4:setup/provision - fix an output message
Mention that Windows 2000 function level is supported as well.
2011-03-10 11:12:04 +01:00
Andrew Bartlett
d1e5a73806 s4-provision Remove setup_path, setup_dir and find_setup_dir
We now have a reliable way to know the current location of the
templates: dyn_SETUPDIR, which is updated for both the in-build and
installed binaries.

This replaces the function arguments and the distributed resolution of
the setup directory with one 'global' function (imported as required).

This also removes the ability to specify an alternate setup directory
on the command line, as this was rarely if ever used and never tested.

Andrew Bartlett
2011-02-07 13:22:01 +11:00
Andrew Tridgell
b038aca5c8 s4-loadparm: removed "setup directory" option
the correct setup directory is known at both build time and install
time using dyn_SETUPDIR, so we no longer have any need to override it

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-07 13:22:00 +11:00
Andrew Tridgell
b2a080fb1d s4-test: fixed more assumptions of ./setup for setup directory
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-07 13:22:00 +11:00
Andrew Tridgell
a940d5d344 s4-provision: remove the disabled bit in the dns-$HOSTNAME account 2010-12-01 16:09:57 +11:00
Andrew Tridgell
5e8cb67605 s4-provision: fixed eadb automatic and manual setting in provision
we should not set posix:eadb in lp in the acl native test code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-26 03:08:21 +01:00
Andrew Bartlett
5d65025fde s4-setup correct the require BIND version for Dynamic DNS 2010-11-24 17:48:04 +11:00
Matthias Dieter Wallnöfer
d218472310 s4:provision_rootdse_add.ldif - add all possible LDAP policy values but outcommented for the moment
It would be nice if someone could activate them as needed.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 21 14:41:53 CET 2010 on sn-devel-104
2010-11-21 14:41:53 +01:00
Andrew Tridgell
1645190b1c s4-provision: don't test for xattrs if posix:eadb is set
when it is set in smb.conf or on the command line, obey the setting
and don't try to test for system xattr support
2010-11-17 23:55:39 +11:00
Andrew Tridgell
333975d84f s4-provision: setup posix:eadb using lp.set()
this allows it to override a setting made during the automatic testing
of xattr support
2010-11-17 23:55:39 +11:00
Andrew Tridgell
d7ea449049 s4-provision: don't try to autodetect xattr is posix:eadb is set
when posix:eadb is set then we know we should be using an eadb
2010-11-17 23:55:39 +11:00
Andrew Tridgell
1887ce87e4 s4-provision: use the command line lp in provision
this ensures that provision options are stored in the generated
smb.conf
2010-11-17 23:55:38 +11:00
Andrew Bartlett
ebd8e66ed0 samba-tool Add test for --store-plaintext
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 16 06:29:04 UTC 2010 on sn-devel-104
2010-11-16 06:29:04 +00:00
Matthias Dieter Wallnöfer
3c8283da41 s4:provision_self_join.ldif - the object SID in AD is called "objectSid"
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov  9 13:18:29 UTC 2010 on sn-devel-104
2010-11-09 13:18:29 +00:00
Matthias Dieter Wallnöfer
bd5039546e s4:provision - switch to "clearTextPassword" for setting passwords
This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.
2010-11-09 13:22:00 +01:00
Matthias Dieter Wallnöfer
05d7524736 s4:setup/spn_update_list - the DNS SPN is only used in DNS mode
Not all DCs are automatically DNS servers.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  1 12:20:36 UTC 2010 on sn-devel-104
2010-11-01 12:20:36 +00:00
Matthias Dieter Wallnöfer
7578e04fb8 s4:provision - adapt the "provision" so that SIDs are only set on entry creation
SID modifications are denied.
2010-11-01 12:25:24 +01:00
Matthias Dieter Wallnöfer
572774a7a0 s4:provision - remove the "servicePrincipalName" creation on the DC object
This is now done by the "samba_spnupdate" script.
2010-10-31 18:44:07 +00:00
Matthias Dieter Wallnöfer
01e7cc607c s4:setup/spn_update_list - reorder and update with other SPNs 2010-10-31 18:44:06 +00:00
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-28 07:25:16 +00:00
Matthias Dieter Wallnöfer
8c4d023cc9 s4:setup/schema_samba4.ldif - this control isn't used anymore
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 27 16:32:28 UTC 2010 on sn-devel-104
2010-10-27 16:32:28 +00:00
Matthias Dieter Wallnöfer
6e407a3c1c s4:provision_*_references.ldif - "add" and do not "replace" the "wellKnownObjects"
This is the correct AD operation in this case. Multi-valued replaces are
generally denied most of the time.
2010-10-25 12:51:52 +02:00
Matthias Dieter Wallnöfer
8b9a08e10f s4:provision.py - add the correct "CN=Sites" security descriptor
This should help to fix bug #7403.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
2010-10-23 20:16:59 +00:00
Matthias Dieter Wallnöfer
f9a6ff482c s4/ldb:introduce the LDB_CONTROL_PROVISION_OID control
This control is exactly thought for the actions which previously were performed
using the RELAX one.

We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23 16:37:29 +02:00
Matthias Dieter Wallnöfer
89c42a96fc ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-23 16:37:29 +02:00
Andrew Bartlett
f9c7365e53 s4-provisionbackend Allow a fixed URI to be specified for LDAP backend
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.

Andrew Bartlett
2010-10-19 18:57:06 +11:00
Andrew Bartlett
ce01e36d8c s4-openldap-backend Don't set 'dbnosync' on cn=config
This isn't valid in current OpenLDAP versions.

Andrew Bartlett
2010-10-18 11:13:04 +00:00
Andrew Bartlett
ba9e787c7d s4-provision Use --ldap-backend-nosync rather than just --nosync
For some reason we had both options, and --ldap-backend-nosync is
the better name.

Andrew Bartlett
2010-10-18 11:13:04 +00:00
Matthias Dieter Wallnöfer
5cb99aa81a s4:setup/provision_self_join.ldif - let the samldb LDB module fill in "isCriticalSystemObject"
It recognizes it now automatically.
2010-10-13 13:35:21 +00:00
Matthieu Patou
6633a7b379 unit tests: do some cleanup after tests
fix

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Oct 11 14:29:10 UTC 2010 on sn-devel-104
2010-10-11 14:29:10 +00:00
Andrew Tridgell
c24240bcd2 waf: fixed some python3.x portability issues
these have crept into the tree over time. Maybe we should add testing
of a range of python versions to autobuild?
2010-10-06 11:13:05 +00:00
Matthias Dieter Wallnöfer
0fb9671a01 s4:setup/provision_rootdse_add.ldif - provide informations in the right order
Doesn't change much - but nicer to read.

Btw: is the testdata/samba3 stuff still needed ("provision_samba3sam.ldif"...)?
It seems a bit outdated.
2010-10-05 16:06:05 +00:00
Wilco Baan Hofman
927e4db090 Fix .reg file format parsing.
* multiline data
 * doublequoted value name
 * handle windows format CRLF

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-10-03 15:31:37 +02:00
Matthias Dieter Wallnöfer
a01467913a s4:schema_samba4.ldif - update allocated controls list
This needs always to be done after a control allocation otherwise we end up in
double-allocations and unexpected behaviour.
2010-10-03 12:05:13 +02:00
Jelmer Vernooij
fbee3586fd selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py. 2010-10-01 01:31:06 +00:00
Andrew Tridgell
cc288603ce s4-provision: simplify our generated krb5.conf
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28 19:25:51 -07:00
Andrew Tridgell
c7f6ab890e s4-provision: fixed the authority response for our SOA record
some clients rely on this being the hostname, not the domain

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
2010-09-28 06:39:19 +00:00
Matthieu Patou
a8f8f277ff s4 provision: start with gpo of version 0 and be consistent between different policies 2010-09-26 06:22:43 +04:00
Andrew Tridgell
e8fec1d3c6 s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only 2010-09-26 01:21:50 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26 01:21:49 +00:00
Andrew Bartlett
c9b19d9b69 s4-kerberos Rework keytab handling to export servicePrincipalName entries
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.

Andrew Bartlett
2010-09-24 15:07:56 +10:00
Matthias Dieter Wallnöfer
76c346dfc1 s4:provision - rootdse - remove static "ldapServiceName" attribute
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
ccc67a03d6 s4:provision - rootdse - remove static "dnsHostName" attribute
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5f60f5e5e7 s4:provision - rootdse - remove the static attribute "serverName"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
4fd8ce42ce s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account 2010-09-12 19:23:06 +02:00
Stefan Metzmacher
0ad2890c4e s4:provision: remember the setup directory if it wasn't the default
This fixes make test without a make install.

metze
2010-09-10 17:21:31 +02:00
Andrew Bartlett
22d5a96550 s4-setup Make krb5.conf use DNS by default
We set up our DNS pretty well these days, and I think the previous setting
was only there because Andrew Kroeger copied this out of our selftest code
in bf3f3af926.

Andrew Bartlett
2010-09-09 21:39:24 +10:00
Jelmer Vernooij
3c58fb27b0 setup: Use standard octal ints rather than harcoding. 2010-09-08 22:11:55 +02:00
Matthieu Patou
2cadfe8f2a unit tests: debug to ease locating pb, remove dir if exists to avoid error 2010-08-19 15:59:05 +04:00
Matthias Dieter Wallnöfer
bbb9dc806e s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
2010-08-17 18:45:32 +02:00
Stefan Metzmacher
76e5d41d6a s4:blackbox/newuser: use test specific user names
As this test doesn't delete the user accounts at the end,
we should use test specific user names. That lowers the
chance of conflicts with other tests.

metze
2010-07-31 11:35:31 +02:00
Matthieu Patou
d861ebbd81 s4 dsdb: create a new control: changereplmetadata
This control is designed to allow replmetadata to be specified

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-15 22:08:20 +10:00
Stefan Metzmacher
23f810041b s4:provision: remove --policy-guid and --policy-guid-dc cmdline options
metze
2010-07-10 11:18:19 +02:00
Matthieu Patou
e962e7e956 s4 unittests: remove the provision directory before (re)generating 2010-07-10 11:18:18 +02:00
Matthieu Patou
cad04dabbb s4 net: Add spn module to list/add/remove spn on objects
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-07-10 11:18:17 +02:00
Stefan Metzmacher
6d7b9648e5 s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID
When importing users from Samba3 we need to control all values.

metze
2010-07-05 18:00:14 +02:00
Matthias Dieter Wallnöfer
43b0c314d8 s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value
Now we should have fixed all password related tests to cooperate with this value
2010-07-03 11:38:54 +02:00
Stefan Metzmacher
50da834f13 s4:provision: add entries for root dns servers
metze
2010-06-26 09:50:56 +02:00
Stefan Metzmacher
6ab234cec9 s4:provision: move Samba4 specific DNS stuff to its own file
metze
2010-06-26 09:50:56 +02:00
Stefan Metzmacher
c6b21931c6 s4:provision: add --next-rid option
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.

metze
2010-06-26 09:50:55 +02:00
Stefan Metzmacher
712a149802 s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool'
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.

The initlal rIDAvailablePool starts at nextRid + 100.

I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
 check box).

After provision we should have this (assuming nextRid=1000):

rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100

rIDAvailablePool: 1600-1073741823

Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!

metze
2010-06-26 09:50:54 +02:00
Matthias Dieter Wallnöfer
8ad01613f6 Revert "s4:provision.ldif - fix the number of available RIDs"
This reverts commit 41cdcd54b7.

As per request of metze revert this (cause written on the mailing list).
2010-06-24 15:13:40 +02:00
Matthias Dieter Wallnöfer
41cdcd54b7 s4:provision.ldif - fix the number of available RIDs
There should be 4611686014132422209 and not 4611686014132422109.
2010-06-24 10:04:53 +02:00
Matthias Dieter Wallnöfer
fec489bd87 s4:provision.ldif - this Win2003 revision level seems always to be "9" on Windows Server 2008 machines 2010-06-24 10:04:53 +02:00
Matthias Dieter Wallnöfer
64e19ef9fb s4:provision_users.ldif - change a group description to be correct 2010-06-24 10:04:52 +02:00
Matthias Dieter Wallnöfer
e88f37daa0 s4:setup/provision.reg - raise version to Windows Server 2008 R2 2010-06-24 10:04:50 +02:00
Jelmer Vernooij
237ab66f6c selftest: Use scripted testparm. 2010-06-20 14:14:47 +02:00
Lukasz Zalewski
e55c012acc make test modules for net group set of commands and modification to the newuser to include additional parameters
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-06-20 01:29:03 +02:00
Matthieu Patou
3ebe560622 ldb: add a new control bypassioperationnal
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-06-20 00:43:08 +02:00
Andrew Bartlett
d523e946b1 s4:provision Add import for DS_DOMAIN_FUNCTION_2000 2010-06-16 09:57:51 +10:00
Andrew Bartlett
814cb8895d s4:provision Allow functional level 2000 to be chosen 2010-06-16 09:57:51 +10:00
Andrew Bartlett
ecfce7365c s4:dsdb Add control for signaling between repl_meta_data and linked_attributes
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.

Andrew Bartlett
2010-06-16 09:57:51 +10:00
Andrew Kroeger
352fb5c7e4 s4:provision: Make gc._msdcs DNS entries A/AAAA records
When adding an additional DC as a GC server, the new DC attempts to register its
own gc._msdcs records.  If the existing gc._msdcs record is a CNAME, BIND fails
the update with the message "attempt to add non-CNAME alongside CNAME ignored",
and the new DC is not registered as a GC server.

The A & AAAA record types for gc._msdcs have been verified against the DNS
server of a W2K8 DC.
2010-06-14 12:14:46 +02:00
Matthias Dieter Wallnöfer
4b6ce8efc0 s4:fix allocated control OIDs for "password_hash" LDB module
The password hash module controls overlapped others. Sorry, but the
"schema_samba4.ldif" hasn't been kept up-to-date.
2010-06-13 18:35:19 +02:00
Jelmer Vernooij
74ed48aa1c Friendlier message. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
d9d0d54475 upgradeprovision: Use logging infrastructure. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
956a256faa s4-python: Start using standard python logging infrastructure rather
than simple messaging callbacks.
2010-06-13 18:19:03 +02:00
Matthias Dieter Wallnöfer
b8ea2e0757 s4:provision - fix typo in substitution variable 2010-06-06 20:42:19 +02:00
Matthias Dieter Wallnöfer
40ced1a3be s4:setup/*.ldif - remove unneeded "cn" attributes
Should be generated automatically
2010-05-24 14:01:05 +02:00
Matthias Dieter Wallnöfer
38e9a7f577 s4:domain functional level - it is also specified in the domain object under partitions
Discovered by the "ldapcmp" tool
2010-05-13 15:14:06 +02:00
Matthias Dieter Wallnöfer
92aa194145 s4:provision_configuration.ldif - add more extended rights objects 2010-05-13 15:06:35 +02:00
Matthias Dieter Wallnöfer
9005227e72 s4:provision_users.ldif - fix up and reorder the well-known security principals 2010-05-13 14:51:10 +02:00
Matthias Dieter Wallnöfer
c715f6d3f9 s4:provision_configuration.ldif - add more Windows 2008 forest operations 2010-05-13 14:47:32 +02:00
Matthias Dieter Wallnöfer
eaea676916 s4:provision_configuration.ldif - the revision level of "Windows2003Update" should obviously be 10
Compared against my Windows Server 2008 and Zahari's output.
2010-05-13 14:47:31 +02:00
Matthias Dieter Wallnöfer
025eaceb5c s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" operation is of version 3 2010-05-13 14:47:30 +02:00
Matthias Dieter Wallnöfer
47818b19fc s4:provision*.ldif - always set the "msDS-NcType" attribute correctly 2010-05-13 14:47:30 +02:00
Matthias Dieter Wallnöfer
1885327b30 s4:provision_configuration.ldif - set the right schedule on the default site in the NTDS site settings 2010-05-13 14:47:29 +02:00
Matthias Dieter Wallnöfer
8acd8b97a6 s4:provision_configuration.ldif - The "NTDS Quotas" object is system-critical 2010-05-13 14:47:29 +02:00
Matthias Dieter Wallnöfer
79ac53eb3b s4:provision_configuration.ldif - "sites" object
- The default site doesn't contain a licensing object
- Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
2010-05-13 14:10:02 +02:00
Matthias Dieter Wallnöfer
f57bcc92b5 s4:provision.ldif - add IP security objects as they exist on Windows Server 2010-05-13 13:03:47 +02:00
Matthias Dieter Wallnöfer
44e05dfb73 s4:provision.ldif - add more Windows 2008 domain operations 2010-05-13 13:03:46 +02:00
Matthias Dieter Wallnöfer
cc2bd1f777 s4:provision_users.ldif - On Windows Server >= 2008 security principal S-1-5-20 doesn't exist anymore 2010-05-13 13:03:45 +02:00