IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This task watches for changes in the list of DCs, and creates a bind9
formatted file that grants update permission to all DCs, plus to the
administration, and machines update for their own names.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
source4/param/param.h has a
param.h is a public header (and parmlist isn't, even if the relative path
could work), so I suggest making it a forward declaration in the header, and
including parmlist.h in the implementation.
(commit message included from e-mail by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon
that works out who will replicate with who in a AD domain. This
implements an extremely simple KCC task that just wants to replicate
with everyone :-)
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
This will allow distributions to hard-code this path, particularly for
selinux, and matches how we handle the winbind socket dir.
Andrew Bartlett
(This used to be commit c8b4416504)
I forgot one more place where I must specify the new config option. I
wish this was more templated...
Andrew Bartlett
(This used to be commit 5a740f4daa)
This fixes up some issues with testdir (was not honoured) and
increases test coverage.
We now check all the major provision modes. In doing so, to make it
possible to call from the multiple layers of 'sh', I have allowed 'dc'
to alias 'domain controller' and 'member' to alias 'member server'.
Fighting shell quoting in the test system was just too hard...
Also fix upgrade.py
Andrew Bartlett
(This used to be commit 0923de1228)
Default behaviour for "idmap trusted only" is "False", meaning idmap creates
ID mappings for all SIDs.
If set to "True", idmap will create SID mappings for trusted users only.
"idmap database" allows to set the database idmap uses, defaulting to
idmap,ldb
(This used to be commit ed8178b110)
To use, run 'smbd -M prefork'
By default, only the smb service is preforked. 4 children are
created, and all listen for new connections. The Linux Kernel 'wake
one' behaviour should ensure that only one is given the oportunity to
accept. We need to look into the ideal number of worker children, as
well as load balancing behaviours.
To change, set:
prefork children : smb = 6
valid service names (smb in this example) match those in 'server services'.
Andrew Bartlett and David Disseldorp
(This used to be commit 35313c0aa3)
The Web 2.0, async client tools were really interesting, but without
developer backing they remain impossible to support into a release.
The most interesting app was the LDB browser, and I intend to replace
this with phpLdapAdmin, preconfigured for Apache during provision.
This also removes the need to 'compile' SWAT on SVN checkouts.
Andrew Bartlett
(This used to be commit cda965e908)
split out the auth methods.
This caused all SWAT logins to fail, except when using local system
authentication.
Andrew Bartlett
(This used to be commit b5a9d507a3)
using the new share_int_option() code from Simo
speaking of which, this is the first time I've looked closely at the
share_classic.c code. It is absolutely and completely braindead and
broken. Whatever drugs Simo was on at the time, he better not try to
cross a border with them on him!
Problems with it:
- if you actually set a value, it gets ignored, and the defvalue gets
used instead ('ret' is never returned). If you don't set a value,
then defvalue gets returned too. Sound useful?
- it means we now have to list parameters in source/param/ in lots
and lots of places, all of which have to match exactly. code like
this is supposed to reduce the likelyhood of errors, not increase
it!
- code which has a long line of if() statements with strcmp() should
cause your fingers to burn on the keyboard when you type it
in. That's what structure lists are for. Strangely enough, we have
all the info in loadparm.c in a structure list, but instead it gets
replicated in share_classic.c in this strange if() strcmp() form
expect some changes to this code shortly. I'll need a calming cup of
tea first though :-)
(This used to be commit 19a9fc2f44)
will now control the auth methods, but an override is still available,
ex:
auth methods:domain controller = <methods>
Andrew Bartlett
(This used to be commit b7e727186e)
way to setup a Samba4 DC is to set 'server role = domain controller'.
We use the fSMORoleOwner attribute in the base DN to determine the PDC.
This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.
Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.
We also now use the ldb database to determine if we should run the
global catalog service.
In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.
Andrew Bartlett
(This used to be commit 67d8365e83)
('configure.developer' or 'configure --enable-developer') may still have
problems as I'm not sure I got all of the paths right for that.
With the changes Tridge has made to the Main Menu in swat, given a
non-developer installation, you should be able to get to ldbbrowse via:
JSON/qooxdoo -> ldb browser
Derrell
(This used to be commit 2406af1079)
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77)
the service and global declarations were left as int. I tried to fix
this initially by fixing the service declarations, but it didn't
work. While I investigate why, this patch at least gets the use of int
right, and should give big-endian platforms a chance
(This used to be commit e12ae809ea)
- Collect the generic utility functions into a lib/util/ (a la GLib is
for the GNOME folks)
- Remove even more files from include/
(This used to be commit ba62880f5b)
in Samba4. This allows us to start winbindd by default, including in
'make test'.
This is via a new 'winbindd socket directory' parameter for utilities
linked against loadparm, as well as a --with-winbindd-socket-dir
option to configure (setting the default and the value for simple
clients).
I hope to add basic winbindd tests, to ensure continued correct
operation, but at least now I don't have to manually change my 'server
services' line.
The other problem with the hard-coded /tmp/.winbind is that RedHat has
moved this in Fedora (to /var/run I think). For this reason, this
functionality should probably be ported to Samba3 as well.
The default for Samba4 is PREFIX/var/run/winbind_pipe.
I have also re-added the paranoia checks from Samba3 for correct
permissions on the socket directory.
Andrew Bartlett
(This used to be commit 8866aa06ff)
From here we can add tests to Samba for kerberos, forcing it on and
off. In the process, I also remove the dependency of credentials on
GENSEC.
This also picks up on the idea of bringing 'set_boolean' into general
code from jpeach's cifsdd patch.
Andrew Bartlett
(This used to be commit 1ac7976ea6)
