1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

998 Commits

Author SHA1 Message Date
Douglas Bagnall
1a330443c6 fix blackbox_supported_features: mkdir -p its directory
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-10 05:09:08 +01:00
Andrew Bartlett
45df61e943 Switch on the sortedLinks Flag on new databases
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Feb  9 07:07:43 CET 2017 on sn-devel-144
2017-02-09 07:07:43 +01:00
Andrew Bartlett
8368e06ff6 samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB
This will allow us to introduce new database features that are
backward compatible from the point of view of older versions of Samba,
but which will be damaged by modifying the database with such a
version.

For example, if linked attributes are stored in sorted order in 4.7,
and this change, without any values in current_supportedFeatures is
itself included in 4.6, then our sortedLinks are backward compatible
to that release.

That is with 4.6 (including this patch) which doesn't care about
ordering -- but a downgraded 4.7 database used by 4.6 will be broken
when later used with 4.7.  If we add a 'sortedLinks' feature flag in
compatibleFeatures, we can detect that.

This will allow us to determine if the database still contains
unsorted links, as that information allows us to make the code
handling links much more efficient.

We won't add the actual flag until all the code is in place.

Andrew wrote the actual code and Douglas wrote the tests, and they
cross-reviewed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Piar-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: check for database features flags
2017-02-09 03:17:16 +01:00
Andrew Bartlett
207fa23318 python/schema: fix tests flapping due to oid collision
These tests would sometimes fail because the randomly generated OIDs
would collide. This fixes that by giving a unique OID to each attribute
and class.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12507

Pair-Programmed-With: Bob Campbell <bobcampbell@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 10 13:44:02 CET 2017 on sn-devel-144
2017-01-10 13:44:02 +01:00
Björn Jacke
ab8616f20c ad/provision: change http://samba.org to https://www.samba.org
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Fri Dec  9 16:57:31 CET 2016 on sn-devel-144
2016-12-09 16:57:31 +01:00
Stefan Metzmacher
4e1b965005 ldb:controls: add LDB_CONTROL_RECALCULATE_RDN_OID
This will be used by 'samba-tool dbcheck' to fix the rdn attribute name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12399

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

(Patch reduced by Andrew Bartlett to only allocate the OID)
2016-12-01 05:54:22 +01:00
Andrew Bartlett
035df7adbe dsdb: Add python hooks to allocate a RID set and allocate a RID pool
This will help us to correct errors during dbcheck

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
2016-11-04 04:41:18 +01:00
Amitay Isaacs
2959c8888d provision: Add support for BIND 9.11.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144
2016-10-28 03:42:25 +02:00
Andrew Bartlett
eb1cb17598 ldb-samba: Add new extended match rule DSDB_MATCH_FOR_EXPUNGE
This allows us to find links that need to be expunged
without passing the whole DB up in the search response.

While each message still needs to be examined, this code
only has to do memory allocation for entries with links

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-09-01 05:49:14 +02:00
Andrew Bartlett
3ce5ad1e6c selftest: Move repl_schema test to a distinct OID prefix
We also take the chance to make it clearer that the number
being passed in should be unique.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12128

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-08-11 00:49:15 +02:00
Douglas Bagnall
5ce969d0c7 dsdb: add vanish links control
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:28 +02:00
Bob Campbell
6e378546ce provision: Ignore duplicate attid and governsID check
During the provision this causes a huge performance hit as these two
attributes are unindexed.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2016-07-06 15:35:17 +02:00
Stefan Metzmacher
88b7cfa881 s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Stefan Metzmacher
e68a9d2fea s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
This will be used to let the "password_hash" module know that
the value of pwdLastSet was defaulted to 0 in the "samldb" module
on add.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Andrew Bartlett
8f1659e540 samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
This allows us to update the stub records as well as the zone itself.

Based on a proposed syntax by metze.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
e3822497c8 dns_update_list: Add in NS records
This is as suggested by metze in 4383ec5b83

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
5c6a97769c selftest: Use random OIDs from under the Samba OID arc
The urgent_replication.py test used the OID of uid, and this caused
other tests to fail

The other random OIDs should have been from under our arc, not under
iso.member-body.us

We split up the range a little to avoid some of the birthday paradox,
in the tests that create multiple OIDs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 08:50:08 +02:00
Thomas Nagy
7c0575d7ba build:wafsamba: Install named.conf only once
The wildcard *.conf already lists named.conf. Adding files
more than once will cause unnecessary rebuilds and raise
errors in later Waf versions.

Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-16 11:48:14 +01:00
Andrew Bartlett
2766bad5ef dbcheck: Add explict tests for unknown and unsorted attributeID values
Unknown attributeID values would cause an exception previously, and
unsorted attributes cause a failure to replicate with Samba 4.2.

In commit 61b978872f we started
to sort these values correctly, but previous versions of Samba
did not sort them correctly (we sorted high-bit-set values as
negative), and then after 9c9df40220
we stoped accepting these.

To ensure we are allowed to make this unusual change to the
replPropertyMetaData, a new OID is allocated and checked
for in repl_meta_data.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-24 23:46:22 +02:00
Andreas Schneider
86652c0208 s4-setup: Add saltPrincipal to secrets_dns.ldif
This adds the correct salt principal to the secretsdb so that we
generate a valid keytab entries for AES and DES keys. The test doesn't
fails with Heimdal cause it always uses RC4 which doesn't have a salt.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 24 13:02:37 CEST 2015 on sn-devel-104
2015-04-24 13:02:37 +02:00
Kamen Mazdrashki
039646b3cb s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requests
Tombstone reanimation requries some special handling which is going
to affect several modules. Most notably:
 - a bit different access checks in acl.c
 - restore certain attributes during modify requests in samldb.c

Control added also to schema_samba4.ldif by Andrew Bartlett
hence the "pair programmed with" tag.

Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-03 05:02:11 +01:00
Andrew Bartlett
ef7fb904a9 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
This requires an additional control to be used in the
LSA server to add domain trust account objects.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
2015-01-15 14:54:47 +01:00
Amitay Isaacs
faa3423d1a s4-dns: Add support for BIND 9.10
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Matthieu Patou <mat@matws.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Oct 25 05:42:19 CEST 2014 on sn-devel-104
2014-10-25 05:42:19 +02:00
Amitay Isaacs
58334eb58e s4-dns: Update template variables, change BIND98 --> BIND9_8
This makes it easier to add suport for BIND 9.10.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Matthieu Patou <mat@matws.net>
2014-10-25 03:21:04 +02:00
Marc Muehlfeld
1c7b81e768 selftest: Fix test samba4.blackbox.group.py
The test created two users and in later steps it tried adding two
non-existend users to groups. This fix adds now the two created
accounts to the groups instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10871

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-10-23 15:56:04 +02:00
Stefan Metzmacher
4383ec5b83 s4:setup/dns_update_list: make use of the new substitution variables
This let us register the same names as Windows Servers.

We only exception are the NS records. In future we could add them
by using something like this:

  samba-tool dns add ${HOSTNAME} ${DNSDOMAIN} @ NS ${HOSTNAME}
  samba-tool dns add ${HOSTNAME} _msdcs.${DNSFOREST} @ NS ${HOSTNAME}
  samba-tool dns add ${HOSTNAME} ${DNSFOREST} _msdcs NS ${HOSTNAME}

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 26 11:38:54 CEST 2014 on sn-devel-104
2014-08-26 11:38:54 +02:00
Andrew Bartlett
6f8297d3cf selftest: make blackbox_setpassword.sh test run independently
Change-Id: I8f3cdfc2c66800f9a1e11aec4f25a42752b6b205
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:45 +02:00
Garming Sam
cff0f8e75f samba-tool: make provision check for bind version
(small corrections and TODO added following Jelmer's review by abartlet)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar  9 02:52:50 CET 2014 on sn-devel-104
2014-03-09 02:52:49 +01:00
Andrew Bartlett
af3138e9b6 samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only
This skips handling the ForestDNSZone when we are setting up a subdomain.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
2013-10-11 10:27:49 +02:00
Andrew Bartlett
48b979c4fe provision: Remove --username and --password options from samba-tool domain provision
This avoids confusion, because the LDAP backend does not use these,
and they do not set the password for the administrator account either!

This may break support for the 'existing' backend LDAP backend, but
that is nothing more than a stub for future development anyway, and
new work in this area should use EXTERNAL in any case.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11 08:32:10 +02:00
Nadezhda Ivanova
fc486d861c s4-openldap: Restored openldap-related options to the provision script
At the moment they are only available if TEST_LDAP=yes to avoid accidental use
as the openldap backend is still failing some tests

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
2013-09-26 07:31:05 +02:00
Howard Chu
31ca4fc674 OpenLDAP provisioning tweaks
Remove BerkeleyDB-specific setup.
Streamline cn=samba partition initialization - allow any backend type for it.
Use back-mdb instead of back-ldif for cn=samba partition

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18 21:39:51 +02:00
Howard Chu
743d4a474e Use SASL/EXTERNAL over ldapi://
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18 19:47:55 +02:00
Howard Chu
dcbd4ede2f Fix OpenLDAP partition configs
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17 05:56:56 +02:00
Andrew Bartlett
b106d9090e scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-09-04 07:06:05 +02:00
Andrew Bartlett
0ca9c74f91 provision: Rewrite named.txt to be more useful
We already chown the dns.keytab file, so remove the suggestion to do that,
and instead explain why we can not use chroot (an often-requested feature).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Björn Jacke <bj@sernet.de>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Aug 29 13:53:25 CEST 2013 on sn-devel-104
2013-08-29 13:53:25 +02:00
Andrew Bartlett
b9b6375699 selftest: Remove output directories to save disk space
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:35:05 +01:00
Andrew Bartlett
d7936ee20c selftest: Add ldapcmp to ensure upgradeprovision of a fresh DB is a no-op
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:32:21 +01:00
Stefan Metzmacher
5cf98823cc provision: fix nTSecurityDescriptor of containers in the DnsZones (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27 20:14:21 +11:00
Stefan Metzmacher
a477649e56 provision: fix nTSecurityDescriptor attributes of CN=*,${CONFIGDN} (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27 20:14:21 +11:00
Stefan Metzmacher
1de5c2f785 provision: fix nTSecurityDescriptor of CN={LostAndFound,System},${DOMAINDN} (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27 20:14:21 +11:00
Matthieu Patou
f70d0ac739 Tests: remove redondent testsuites in provision
Removed provision are already tested somewhere else.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
2013-01-21 09:59:43 +01:00
Stefan Metzmacher
914a61d9e5 s4:provision: set the correct nTSecurityDescriptor on CN=Domain Controllers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
2012-12-11 07:05:39 +01:00
Stefan Metzmacher
8eb359c23c s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:20:32 +01:00
Stefan Metzmacher
19b03834f0 s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:04:48 +01:00
Stefan Metzmacher
e1301fef73 s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:04:44 +01:00
Stefan Metzmacher
ebb0a88722 s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 05:02:03 +01:00
Stefan Metzmacher
999c068113 s4:provision: set the correct nTSecurityDescriptor on CN=Sites,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:56:39 +01:00
Stefan Metzmacher
649fb5b614 s4:provision: set the correct nTSecurityDescriptor on CN=Partitions,CN=Configuration... (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:56:07 +01:00
Stefan Metzmacher
2101400af2 s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30 17:17:21 +01:00
Stefan Metzmacher
60f0e172e3 s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30 17:17:21 +01:00
Stefan Metzmacher
ffaf9bb98b s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30 17:17:21 +01:00
Ricky Nance
d09ac9636a Removed phpldapadmin inclusion for Samba 4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
2012-10-17 12:55:44 +02:00
Stefan Metzmacher
2c4255084a s4:scripting: rename upgradeprovision -> samba_upgradeprovision
metze
2012-09-12 07:07:27 +02:00
Stefan Metzmacher
a0baaf2064 s4:setup: remove standalone 'provision'
metze
2012-09-12 07:07:27 +02:00
Stefan Metzmacher
fdd2a7e65f s4:setup/tests: make use of samba-tool domain provision
metze
2012-09-11 08:35:56 +02:00
Stefan Metzmacher
06809f4ba9 s4:provision: ask the admin about the desired DNS implementation
In interactive mode we should let the admin confirm which
implementation he wants.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 10 11:45:08 CEST 2012 on sn-devel-104
2012-09-10 11:45:08 +02:00
Andrew Bartlett
24f3147019 selftest: Fix comment in blackbox_s3upgrade.sh 2012-08-28 07:57:30 +10:00
Andrew Bartlett
c1012c6817 selftest: Specify --use-ntvfs when testing the group code
We do not need to set filesystem ACLs in this case.

Andrew Bartlett
2012-08-23 15:02:25 +02:00
Andrew Bartlett
b2ff36566b selftest: Specify --use-ntvfs when testing the newuser code
We do not need to set filesystem ACLs in this case.

Andrew Bartlett
2012-08-23 15:02:25 +02:00
Andrew Bartlett
2fc6760d5a selftest: Specify --use-ntvfs when testing the LDAP backend init code
We do not need to set filesystem ACLs in this case.

Andrew Bartlett
2012-08-23 15:02:25 +02:00
Andrew Bartlett
9170f9ce95 selftest: Specify --use-ntvfs to provision in test scripts
Because these run as non-root, we need to avoid doing things that will
fail during the provision.  The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.

Andrew Bartlett
2012-08-22 01:31:57 +02:00
Andrew Bartlett
e4001a78c1 dsdb: Allocate new OID to allow updates of a read-only replica
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.

Andrew Bartlett
2012-07-18 09:32:53 +02:00
Geza Gemes
70de501d6a s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs
When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC

(commit message adjusted by abartlet)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-13 06:00:17 +02:00
Andrew Bartlett
d31f55b297 s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
This support is too painful to use.

Andrew Bartlett
2012-07-03 08:13:02 +10:00
Andrew Bartlett
5de841f6f2 s4-dns: Remove dynamic DNS instructions for bind 9.7
This version of BIND only ever caused pain when trying to do dynamic DNS.

If users are using this version, simply treat it as a static server.

Andrew Bartlett
2012-07-03 08:13:02 +10:00
Andrew Bartlett
2b50e8c534 s4-provision: Remove --slapd-path option
This just leaves a default enough for the test code to still check the start
of the provision.  This may well be removed in future, and we wish to reduce
the extra options to provision.

Andrew Bartlett
2012-06-20 16:22:41 +10:00
Andrew Bartlett
d9f7195a1f s4-classicupgrade: Use "samba classic" description for samba3 NT4-like domains in samba3upgrade 2012-06-16 08:18:10 +02:00
Andrew Bartlett
61f7f01554 s4-s3upgrade: Add my wins.dat and fix the parsing error
The issue was that the numbers at the end of the lines are space
padded.

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
abb2c7fef4 s4-provision: Make s3fs the default way to install a new Samba4 DC
With s3fs now well settled into master, we now throw the swtich and make
it the default.

There is still much to do, but we need to be using s3fs by default to
find out exactly what that is.

Andrew Bartlett
2012-05-24 09:59:04 +02:00
Jelmer Vernooij
7ed9ebab83 provision: remove reference to no longer existing template files. 2012-05-03 13:41:24 +02:00
Lukasz Zalewski
9cd664b2e9 Extension to the samba-tool group subcommand functionality to allow listing of the members of an AD group 2012-05-03 08:09:09 +10:00
Andrew Bartlett
63f2d1060e s4-provision: Fix --use-s3fs to parse correctly 2012-05-02 10:53:51 +10:00
Andrew Bartlett
0615cf5f85 s4-provision: Always give the warning if we are using eadb. It really should be for testing only 2012-04-19 19:15:05 +02:00
Michael Adam
9e9887d323 s4:samdb:rootdse: implement the schemaUpgradeInProgress operation in ldap modify
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.

Signed-off-by: Matthieu Patou <mat@matws.net>

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
2012-04-18 02:48:28 +02:00
Jelmer Vernooij
1e949f3cd1 provision: Simplify handling of default for --server-role.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Apr 16 18:12:24 CEST 2012 on sn-devel-104
2012-04-16 18:12:24 +02:00
Jelmer Vernooij
8cd7cc33d9 provision: Simplify handling of default for --function-level. 2012-04-16 16:30:18 +02:00
Jelmer Vernooij
efa594820a provision: Simplify handling of default for --dns-backend option. 2012-04-16 16:30:18 +02:00
Matthieu Patou
f35d20119a Add an option to have s3fs as file server for samba4
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 16 09:38:18 CEST 2012 on sn-devel-104
2012-04-16 09:38:17 +02:00
Amitay Isaacs
06a0101082 s4-provision: Update configuration lines for dlz_bind9
This adds configuration lines for BIND versions 9.8.x and 9.9.x.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Apr 16 03:52:14 CEST 2012 on sn-devel-104
2012-04-16 03:52:14 +02:00
Matthias Dieter Wallnöfer
d6fde2d4c2 LDB/s4 - deny the "(dn=...)" syntax on search filters when in AD mode
Achieve this by introducing a "disallowDNFilter" flag.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26 00:57:29 +02:00
Björn Baumbach
70e71240e2 s4-provision: don't ask only 3 times for passwd in interactive mode
Signed-off-by: Michael Adam <obnox@samba.org>
2012-03-21 16:11:25 +01:00
Björn Baumbach
0f35c4a242 s4-provision: add password verification in interactive mode
Since we do not print the password out (anymore), it is necessary to
verify the entered password.

Signed-off-by: Michael Adam <obnox@samba.org>
2012-03-21 16:11:24 +01:00
Matthieu Patou
256e2df9dc s4-selftest: create the st/provision if it didn't exists already
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Thu Mar  8 00:25:24 CET 2012 on sn-devel-104
2012-03-08 00:25:24 +01:00
Jelmer Vernooij
687e065036 provision: Write configuration without help of templates.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 27 00:52:46 CET 2012 on sn-devel-104
2012-02-27 00:52:46 +01:00
Jelmer Vernooij
21f443eb82 provision: Leave result reporting up to caller. 2012-02-26 16:27:06 +01:00
Jelmer Vernooij
f2903e0c4f provision: Make sure target directory is created early.
This is necessary when using the target directory to store temporary
files.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Feb  7 02:45:37 CET 2012 on sn-devel-104
2012-02-07 02:45:36 +01:00
Horacio G. de Oro
7e02757dfc Use named argument 'dir' instead of 'prefix' on NamedTemporaryFile for source4/setup/provision
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2012-02-07 01:11:07 +01:00
Andrew Bartlett
eecf2ac4c8 selftest: Remove unused support for --exeext 2012-02-01 02:45:07 +01:00
Amitay Isaacs
1f0298dd1b python: Change except: statement to except Exception:
This way we only catch true exceptions and keyboard interrupts
are not caught here.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
2012-01-24 03:32:40 +01:00
Michael Adam
83c149de4d s4:provision: add a server services line to the smb.conf template for the dc
Signed-off-by: Kai Blin <kai@samba.org>
2012-01-10 19:19:27 +01:00
Amitay Isaacs
0a10b32602 setup: Fix phpldapadmin configuration for version 1.2.x 2011-12-14 15:57:32 +11:00
Amitay Isaacs
1e935d1bdc s4-provision: Make BIND9_DLZ as the default backend for DNS 2011-11-29 16:00:36 +11:00
Amitay Isaacs
341979cc9a s4-provision: Create a samdb copy for access by dlz_bind9 module
This creates a copy of rootdse, configuration and schema partitions
for dlz_bind9 use in dns/ directory.  Since dlz_bind9 requires write
access to DNS partitions (DomainDnsZones and ForestDnsZones), those
partitions are hard-linked (or symlinked) to the actual partitions.
An empty domain partition is created so samdb layer can work.
2011-11-29 16:00:36 +11:00
Andrew Bartlett
47d34997e8 s4-s3-upgrade Test getdomainsid as well 2011-11-17 00:34:09 +01:00
Andrew Bartlett
29cd8ae6fd s4-provision permit server role to be the ROLE_ strings from s3
Also convert between the aliases in one single place.

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17 00:34:09 +01:00
Andrew Bartlett
b8c119f3ba s4-s3-upgrade Add test of net getlocalsid after the upgrade
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17 00:34:08 +01:00
Amitay Isaacs
8507adb8d0 provision: Set the security descriptor while creating partitions
With Matthieu's patch, the setting of security descriptor on
partition dn at create time works correctly.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104
2011-11-16 08:54:25 +01:00
Andrew Bartlett
ca52871541 s4-setup Remove servicePrincipalName: DNS/${DNSDOMAIN} from new installations
This servicePrincipalName is incorrect (windows does not use that
servicePrincipalName, as it targets the server it is updating, not the
root of the DNS tree), and now that we have multiple DNS backends that
use the internal database, it is quite incorrect (as it cannot exist
on more than one account).

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Nov 10 01:11:46 CET 2011 on sn-devel-104
2011-11-10 01:11:46 +01:00
Amitay Isaacs
0c2f91c6b2 s4-provision: Create ldap records for DNS partitions similar to windows
this allows easy comparison between windows and samba ldap trees

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov  9 08:27:46 CET 2011 on sn-devel-104
2011-11-09 08:27:46 +01:00
Andrew Bartlett
696a70c9fa s4-provision Remove options for LDAP backend to reduce user confusion
We do not support the LDAP backend any more, but keep the code in case someone
comes up with an interesting use case that could leverage this in a very
particular situation.  In order to keep the code, we must test it, so
we keep just this much of the support around.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov  8 04:33:49 CET 2011 on sn-devel-104
2011-11-08 04:33:49 +01:00
Theresa Halloran
b26a4f6232 s4: samba-tool subcommand rename - change samba-tool user add to samba-tool user create
Signed-off-by: Theresa Halloran <thallora@linux.vnet.ibm.com>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2011-10-23 15:23:28 -07:00
Geza Gemes
a0f7c990f4 s4:wscript - install the two missing files "dlz_bind9.so" and "named.conf.dlz"
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Oct 27 20:27:32 CEST 2011 on sn-devel-104
2011-10-27 20:27:32 +02:00
Andrew Bartlett
43f23b55c4 s4-s3-upgrade rename samba-tool domain samba3upgrade --libdir to --dbdir for clarity
The things pointed at are not typically in a directory called lib,
so avoid confusing our administrators.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Oct 19 15:43:04 CEST 2011 on sn-devel-104
2011-10-19 15:43:04 +02:00
Andrew Bartlett
036b23a106 s4-s3-upgrade test upgrade without a wins.dat 2011-10-19 14:13:09 +02:00
Kai Blin
b42b81249c s4 provision: Default to win2k3 domain function level 2011-10-17 08:16:12 +02:00
Kai Blin
41d48626e2 s4 provision: Reword opinionated dns backend help text, add NONE backend 2011-10-17 08:16:12 +02:00
Kai Blin
292554c396 s4 provision: Rename bind9 flatfile backend to BIND9_FLATFILE 2011-10-17 08:16:12 +02:00
Matthieu Patou
009b97d6f3 provision: fix the doc
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Oct 16 01:31:21 CEST 2011 on sn-devel-104
2011-10-16 01:31:21 +02:00
Matthieu Patou
a1767f74af s4: check that the xattr are supported in the folder where we want to provision
By default we were checking this on the default folder for
tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted
on tmpfs (which didn't support xattr currently). Now we should check on
the filesystem where the provision will be done.
2011-10-16 00:01:36 +02:00
Stefan Metzmacher
bcb02129c3 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct  7 15:28:13 CEST 2011 on sn-devel-104
2011-10-07 15:28:13 +02:00
Andrew Tridgell
c2d70af1a7 s4-dsdb: added DSDB_CONTROL_DBCHECK
this will be used for overrides by the dbcheck validator

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-06 14:34:22 +11:00
Andrew Tridgell
60cbc98051 s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-04 15:08:57 +11:00
Kai Blin
5c890ad17f s4 provision: Set server role default when called from command line to 'dc' 2011-10-02 11:59:19 +02:00
Andrew Tridgell
00ef18f19c s4-dsdb: added NO_GLOBAL_CATALOG control
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
2011-09-22 10:00:48 +10:00
Andrew Bartlett
c6cf070df0 s4-s3-upgrade Improve samba-tool domain samba3upgrade behaviour
The --realm argument is again optional (the previous code would take the default
from the default smb.conf, not the one specified) and --targetdir is now a
named argument much like it is to provision.

We now test the --testparm option to ensure it behaves the way we expect.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Sep 13 16:30:31 CEST 2011 on sn-devel-104
2011-09-13 16:30:31 +02:00
Andrew Bartlett
c271b71420 s4-provision Perform 'modify' operations as system
We need this so that we can modify the cn=configuration partition when
we are setting up a new subdomain.

The serverReference on our ${SERVERDN} is in that partition, and
without this change creating a new subdomain fails due to ACLs.

Andrew Bartlett
2011-09-13 15:37:12 +10:00
Andrew Bartlett
846e342648 s4-provision Split addition of users and well known principals
If we are provisioning a subdomain, then these are already in
cn=configuration.

Andrew Bartlett
2011-09-13 15:37:12 +10:00
Andrew Bartlett
6635bb70d3 s4-provision Add initial support for joining as a new subdomain
To do this we need to reorganise a lot of the provision code, so that
we can create the framework for the inbound replicaton of the config
and schema partitions and then add in the new subdomain locally.

Andrew Bartlett
2011-09-13 15:37:11 +10:00
Jelmer Vernooij
0ee22a2dec s4-python: Fix some formatting issues.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104
2011-09-13 03:51:13 +02:00
Andrew Bartlett
8268c2d4e2 s4-s3-upgrade Remove upgrade_from_s3 script, use samba-tool domain samba3upgrade 2011-09-12 20:52:00 +10:00
Amitay Isaacs
9a5524e00a s4-provision: Add named.conf template for BIND9 with DLZ support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-12 20:42:14 +10:00
Amitay Isaacs
41e9f9d504 s4-provision: Add Seperate instructions for BIND 9.7.x and 9.8.x.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-12 20:42:13 +10:00
Amitay Isaacs
1860e6b1a3 s4-provision: Enable SPNs for DNS
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-12 20:42:12 +10:00
Amitay Isaacs
7800a501cd s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning
This attribute is required by the hosting requirement.
[MS_ADTS].pdf 7.1.2.3.1 DC and Application NC Replica

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Sep  8 02:04:51 CEST 2011 on sn-devel-104
2011-09-08 02:04:51 +02:00
Amitay Isaacs
b36e9de863 s4-provision: LDIF files to set up AD DNS schema
This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Amitay Isaacs
595b9c4cc6 s4-provision: Add DNS backend option to provision
This option is introduced temporarily to test bind9 backend with
and without dlz_dlopen module.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Amitay Isaacs
92169e9deb s4-provision: exit is not imported directed, use sys.exit
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Amitay Isaacs
14664fac34 s4-provision: Extract dns account creation as separate ldif
MicrosoftDNS container and LDAP entries for root servers will be
added by sambadns.py directly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-09-08 00:35:37 +02:00
Andrew Bartlett
3d05a0856f s4-provision Use ProvisioningError and the eadb
The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).

The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.

Andrew Bartlett
2011-09-05 11:25:38 +10:00
Andrew Bartlett
5c8bf1434d s4-provision Add realm to DC configuration in upgrade_from_s3 test 2011-09-05 11:25:37 +10:00
Amitay Isaacs
76ff9bffd8 s3_upgrade: Set lock directory to correct directory
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-26 10:07:36 +10:00
Amitay Isaacs
d8465f2a91 s3_upgrade: Update commandline options and use updated samba3 python module
upgrade_from_s3 script now requires samba3 configuration file and target
directory for samba4 database. In addition, it either uses --libdir option
or --testparm option to correctly guess the paths for samba3 databases
(private dir and state directory).

Usage: upgrade_from_s3 [options] <configuration_file> <targetdir>

Input arguments are:
  <configuration_file> - path to existing smb.conf
  <targetdir>          - directory in which samba4 database will be created

In addition, specify either samba3 database directory (with --libdir) or
samba3 testparm utility (with --testparm).

Before using passdb interface, initialize s3 loadparm context using
correct path settings for private dir and state directory.

Export account policy from s3 to s4.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-08-26 10:06:33 +10:00
Andrew Tridgell
b2c6b0122f s4-dns: fixed dns_update_list for multi-domain forests
this should now match the DNS entries of w2k8r2c 

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25 07:39:39 +10:00
Andrew Tridgell
42ae193e3f s4-dns: fixed DNS and SPN update lists for multi-domain support
fixed DNS to point at forest root

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-08-25 07:39:38 +10:00
Andrew Bartlett
399eae13a1 s4-provision set passdb backend to 'samba4' in template smb.conf files
This will allow smbpasswd, net sam and pdbedit to 'just work' against
the newly created databases.

Andrew Bartlett
2011-08-22 09:00:59 +10:00
Amitay Isaacs
305cb567f4 upgrade: Add missing bits for the s3 to s4 upgrade script
Use passdb backend to import/export users

Remove unused options for upgrade_from_s3 command (--blank) and credentials options
Config file is specified with -s/--configfile option and no need to specify as an argument.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13 20:18:40 +10:00
Amitay Isaacs
64ec42d64f tests: Update test for s3 to s4 upgrade with two cases
S3-member to S4-member and S3-dc to S4-dc

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-13 20:18:40 +10:00
Andrew Bartlett
93e8d3b381 s4-scripting Rename passdb upgrade routine to avoid conflict with upgradeprovision 2011-08-13 12:30:49 +10:00
Andrew Tridgell
d79ee18f98 s4-provision: create dsServiceName in @ROOTDSE in GUID form
this allows for handling of server renames as the GUID doesn't change

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-12 04:00:07 +02:00
Andrew Tridgell
849d042dd8 ldb: added a new always-fail ldap extended match OID
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-04 16:17:25 +10:00
Giampaolo Lauria
901959d9ca samba-tool: updated test suite to account for newuser change
Updated test suite invocations of newuser to "user add" as
the newuser functionality is now being moved to "user add"

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-28 15:20:51 +10:00
Andrew Tridgell
57b796d435 samba-tool: fixed samba-tool user syntax
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-21 11:44:29 +10:00
Giampaolo Lauria
8c7718ac16 samba-tool: update test suite for the new domain object
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:23 +10:00
Giampaolo Lauria
c4a92292c1 samba-tool: update test suite for add setpassword
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 10:32:22 +10:00
Stefan Metzmacher
c0eb56d159 s4:param: add "state dir" and "cache dir" options
metze
2011-07-12 14:58:34 +02:00
Kai Blin
749d022a0c s4 provision: Add some of the AD-specific DNS records to the directory
Signed-off-by: Kai Blin <kai@samba.org>

Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Jul  7 02:29:53 CEST 2011 on sn-devel-104
2011-07-07 02:29:53 +02:00
Kai Blin
a8d3bdb48d s4 provision: split up DNS provisioning into generic and samba-specific ldifs
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-07 00:10:27 +02:00
Matthieu Patou
15637206b9 s4-provision: Remove hard coded SD for CN=Sites container
With the fix introduced by Nadya in changeset
622ef6aed8 we are now able to generate
correct SD (at least the same as W2k3R2 with a Forest Level of 2003), so
there is no need for this fix anymore as it makes SDs for Forest Level
2003 and lower incorrect.
2011-06-19 23:21:08 +02:00
Andrew Tridgell
6ea8db1bd4 s4-build: install a build link bin/provision 2011-06-07 15:48:42 +10:00