IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This provides an easy way to keep passwords in sync with
another account database, e.g. an OpenLDAP server.
It provides a functionality like the "passwd program"
for the "unix password sync" feature of a standalone, member
and classic (NT4) server, but for an active directory domain
controller.
The provided script is called for each account/password related
change.
Like the 'user getpassword' command it allows virtual attributes like:
virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
Note that this command should just run on a single domain controller
(typically the PDC-emulator).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This provides an easy way to get the passwords of a user
including the cleartext passwords (if stored) and derived
hashes. This is done by providing virtual attributes like:
virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
This is much easier than using ldbsearch and manually parsing
the supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This fixes any RW DCs with repsFrom without the corresponding link. On
any RODC, this just reports an error (and doesn't fix it).
(the knownfail entry is also now removed)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes it so that repsTo are always regenerated on the target DCs.
This also happens elsewhere in drepl_out, but is to be removed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This should never have done any real work, new code or not. This just removes
the initial KCC calls and bails out in the KCC if we actually ran it.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This in particular helps the docs.py test halve in time (at least on my machine)
NOTE: The removal of enable_null_tracking is required because we are no
longer importing join.py in every single samba-tool invocation. Without
removing this line, memory would be hanging from both the actual NULL
context and the talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 20 12:47:24 CEST 2016 on sn-devel-144
The removal of enable_null_tracking is required because we will no
longer importing join.py in every single samba-tool invocation. Without
removing this line, memory would be hanging from both the actual NULL
context and the talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These are not used for anything other than to print in the usage, but
it seems nicer to match normal invocation of these commands
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
In order to do this we need to use the reveal internals control, which
breaks the comparison against extended DNs. So we compare the
components instead.
Because this patch makes our code notice and fix stale one-way-links
(eg, after a rename) now, the renamedc test needs to be adjusted to
match.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This avoids fetching the same same schema things again and again.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we have dnsNode objects without dnsRecord attribute values we trigger
the following error triggered by 'samba-tool domain demote --remove-other-dead-server=server2'
ERROR(<type 'exceptions.TypeError'>): uncaught exception - __ndr_unpack__()
argument 1 must be string or read-only buffer, not dnsp.DnssrvRpcRecord
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175,
in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 720, in
run
remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 423, in
remove_dc
remove_dns_account=True)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 351, in
offline_remove_ntds_dc
remove_dns_account=remove_dns_account)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 266, in
offline_remove_server
remove_dns_references(samdb, logger, dnsHostName)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 186, in
remove_dns_references
for v in values if not to_remove(v) ]
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 160, in
to_remove
dnsRecord = ndr_unpack(dnsp.DnssrvRpcRecord, value)
File "/usr/lib64/python2.6/site-packages/samba/ndr.py", line 45, in ndr_unpack
object.__ndr_unpack__(data, allow_remaining=allow_remaining)
A transaction is still active in ldb context [0xe1f320] on
tdb:///var/lib/samba/private/sam.ldb
"next" is used in perl not in python!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 13 10:10:30 CEST 2016 on sn-devel-144
This matches the behaviour in the drsuapi server for DsReplicaSync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Jul 11 10:58:16 CEST 2016 on sn-devel-144
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 8 13:39:01 CEST 2016 on sn-devel-144
This mode avoids an issue with using -P on an RODC, instead using an IRPC message
to trigger online replication right away
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
During the provision this causes a huge performance hit as these two
attributes are unindexed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This matches the behavior of 'samba-tool user create' and 'samba-tool user password'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 24 18:08:44 CEST 2016 on sn-devel-144
This should be removed when we can run nsupdate on sn-devel
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 08:37:56 CEST 2016 on sn-devel-144
This flag is not implemented in Samba, however, on an RODC replicating from
Windows, failing to send this flag leaves out group memberships.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can be extended, but already checks the basic functionality
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
While the DC will eventually get back to the same state, it can take a
while, so try harder not to overwrite our already-working account
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This makes a clear seperation between data and display variables
and improves the tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This then makes SambaToolCmdTest based on BlackboxTestCase.
This allows us to use better command output testing in the fsmo tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 04:07:41 CEST 2016 on sn-devel-144
Per tests against Windows 2012R2 the RDN is not sorted last and is
instead sorted normally with all the other elements.
The RDN attribute, unlike name, is not replicated over DRS, so this
has no interopability impact.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
