Stefan Metzmacher
bf1f067b0c
s4:dsdb: add validate_update module
...
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
b20707c11a
s4:dsdb/schema: add inftrastructure for dsdb_validate_ldb()
...
metze
2010-01-13 16:03:54 +01:00
Stefan Metzmacher
61589085c4
s4:dsdb/schema: add dsdb_syntax_DN_STRING_* wrappers
...
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
24ecd19b30
s4:dsdb/resolve_oids: also resolve oid in search attribute list
...
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
f715414afa
s4:dsdb/schema_load: add a TODO about schema reloading
...
metze
2010-01-13 16:03:53 +01:00
Stefan Metzmacher
7d41afece7
s4:ldb/tests: do a "schemaUpdateNow" after creating a new attribute in ldap_schema.py
...
It seems that windows doesn't need that.
And we should think about a check for reloading the schema
at the start of each "write" operation.
metze
2010-01-13 16:03:52 +01:00
Stefan Metzmacher
92b87eb474
s4:dsdb/repl: reorder dreplsrv_op_notify* functions
...
This make the whole async dreplsrv_op_notify_send/recv()
readable.
metze
2010-01-13 16:00:20 +01:00
Stefan Metzmacher
e886b6e240
s4:dsdb/repl: change dreplsrv_op_notify_send/recv() to tevent_req
...
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
232197e9ab
s4:dsdb/common: fix major bug in lsa_BinaryString to ldb_val conversation.
...
In lsa_BinaryString length and size are byte counts!
TODO: we may need to do byte order conversion in this functions too...
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
ca9bc96b96
s4:ldb_msg: first try to decode integers as signed and then fallback to unsigned
...
LDAP only knowns about signed integers, so let
ldb_msg_find_attr_as_uint() and ldb_msg_find_attr_as_uint64() cope
with it.
metze
2010-01-13 14:52:00 +01:00
Stefan Metzmacher
5d08309204
s4:dsdb/common: let samdb_msg_add_uint() call samdb_msg_add_int()
...
This is important as LDAP servers always play with int32 values
and we have to encode 0x80000000 as "-2147483648" instead of "2147483648".
metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
2d7ad938d0
s4:dsdb/common: let samdb_msg_add_uint64() call samdb_msg_add_int64()
...
This is important as LDAP servers always play with int64 values
and we have to encode 0x8000000000000000LL as "-9223372036854775808"
instead of "9223372036854775808".
metze
2010-01-13 14:51:59 +01:00
Stefan Metzmacher
8d4b913ce2
s4:ldb: be more strict in parsing ldb time strings
...
metze
2010-01-13 14:51:59 +01:00
Andreas Schneider
129c15c083
s4-ntp_signd: Migrate to tsocket.
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-13 14:51:58 +01:00
Nadezhda Ivanova
a4eaa11134
Fixed a problem with incorrect default SD owner/group.
2010-01-13 15:16:38 +02:00
Zahari Zahariev
5d1aa4c5b7
Comparison tool for LDAP servers (using Ldb)
...
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).
Added functionality for two sets of credentials.
2010-01-13 12:06:17 +02:00
Simo Sorce
3d184399a5
Strip trailing spaces
2010-01-12 13:50:24 -05:00
Günther Deschner
3b82254903
s4-selftest: RPC-SAMR-PASSWORDS-BADPWDCOUNT fails against s4.
...
Seems like account lockout is not implemented at all yet.
Guenther
2010-01-12 12:34:55 +01:00
Günther Deschner
13dad38930
s4-smbtorture: fix GetAliasMembership test in RPC-SAMR.
...
Guenther
2010-01-12 12:12:05 +01:00
Günther Deschner
a744dbcf2b
s4-smbtorture: add RPC-SAMR-PASSWORDS-BADPWDCOUNT torture test.
...
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.
Michael, please check. This should help verifiying Bug #4347 .
Guenther
2010-01-12 12:09:47 +01:00
Günther Deschner
c9e84ad397
s4-smbtorture: allow test_SamLogon to test interactive samlogon in RPC-SAMR family of tests.
...
Guenther
2010-01-12 12:09:25 +01:00
Simo Sorce
e0e255fb24
Fix comment/debug messages
2010-01-11 11:55:28 -05:00
Andrew Bartlett
c32b0b6b02
Merge remote branch 'origin/master' into alpha11release
2010-01-11 17:10:32 +11:00
Andrew Bartlett
f6b10596ca
and we move on towards Samba4 alpha12!
2010-01-11 17:05:06 +11:00
Andrew Bartlett
1a76c80466
This is Samba4 alpha11!
2010-01-11 14:58:11 +11:00
Steven Danneman
5323fe99c3
s4/torture: Parameterize output in LOCK tests based off server support
...
Two new torture parameters:
* smbexit_pdu_support: if the Server supports the Exit command
* range_not_locked_on_file_close: whether the server returns the
NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
pending lock request. Windows returns this error, though per the
spec, this error should only be returned to an unlock request.
2010-01-10 16:12:44 -08:00
Andrew Tridgell
73422e7dd8
Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
...
This reverts commit 5c174c68cc
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde
Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
...
This reverts commit 61dfd3dc1d
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d
Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
...
This reverts commit 9ee895fcf6
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a
Revert "s4:provision_users.ldif - Add objects for IIS"
...
This reverts commit 91e2100287
.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
2cedefabc9
s4:upgradeprovision - fix up the script regarding linked attributes
...
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.
The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.
I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
2010-01-10 22:48:06 +01:00
Matthias Dieter Wallnöfer
e0d6b0977e
s4:upgradeprovision - Reformat comments
...
Make them break at line 80 (better readability).
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
601ea3a442
s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
91e2100287
s4:provision_users.ldif - Add objects for IIS
...
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af
s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific
2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6
s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group
2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d
s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now
...
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc
s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode
...
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
2010-01-10 10:50:46 +01:00
Andrew Tridgell
a3e089db19
s4-ldb: display security descriptors with correct SDL for known SIDs
...
This makes it much easier to compare SDs
2010-01-10 13:23:38 +11:00
Andrew Tridgell
d5091a1dd9
s4-dsdb: added samdb_domain_sid_cache_only()
2010-01-10 13:23:37 +11:00
Andrew Tridgell
c03a101e6d
s4-drs: instanceType is always sent, regardless of UDV values
2010-01-09 22:08:36 +11:00
Andrew Tridgell
a894eeab77
s4-debug: lower the verbosity of a couple of common log messages
2010-01-09 21:59:34 +11:00
Andrew Tridgell
93fefefea8
s4-samldb: fixed primaryGroupID when promoting a machine to a DC
...
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
8a09dc1266
s4-schema: fixed the SDDL for the schema root security descriptor
...
This was preventing a DCPROMO client from allowing outgoing
replication
2010-01-09 21:59:33 +11:00
Andrew Tridgell
45f49d0a58
s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
...
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
2010-01-09 21:59:33 +11:00
Andrew Tridgell
b37bec8e06
s4-drs: give DN of failed replication partition
2010-01-09 21:59:32 +11:00
Andrew Tridgell
04e82370db
s4-drs: base is_nc_prefix on instanceType
...
for extended operations comparing to the ncRoot_dn is not correct
2010-01-09 18:56:30 +11:00
Andrew Tridgell
67d8518f2c
s4-drs: having no SPNs to change is not an error
2010-01-09 18:56:30 +11:00
Andrew Tridgell
ba745a4356
s4-drs: fixed writespn to ignore add/delete errors
...
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
2010-01-09 18:56:30 +11:00
Andrew Tridgell
8c2d7ae19e
s4-dsdb: added samdb_ldb_val_case_cmp()
2010-01-09 18:56:29 +11:00