IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The named.conf.update file will be filled in at runtime by Samba to
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.
This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one. It is easier to
just realise what he meant.
Andrew Bartlett
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
This enables the full schema during the rest of the provision, which
means indexing is enabled (along with index error checking, such as
duplicate SIDs)
We now create it automatically in the samldb module when the first
user is created.
The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The problem here is that as we start to get 'real users' they still
decide to do silly things, like load empty but existing smb.conf
files. Let's give them a better chance to discover what they did
wrong.
Andrew Bartlett
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Both modes weren't possible anymore since 1.) the secrets entry wasn't created,
2.) a lookup in winbindd was done using "lp_workgroup()" rather than
"lp_sam_name()" (since on the mentioned two configurations we use the netbios
name as domainname - and not the workgroup).
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators. In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.
(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)
Andrew Bartlett
This makes the member server much more like the DC, the objectGUID
module replaces the repl_meta_data module.
We also generally rework the construction of the list, building a full
list in python, and then transforming it into a string, rather than
playing string concatonation games
Andrew Bartlett
The schema needs to be loaded above the extended_dn_out modules as
otherwise we don't get an extended DN in the search results.
The reference split is to ensure we create references after the
objects they reference exist.
Andrew Bartlett
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
Rather than try and remove the records in the LDB files, make the
provision remove the whole file. This also removes the need to try
and carry forward the old ldb filenames.
Andrew Bartlett
By splitting the module this way, we can load the schema at startup, after
the partitions module is operational, but we leave the 'mess with details of
entries in the partitions' module to operate only on the partitions module.
Loading the schema later allows us to set the @ATTRIBUTES correctly on all
the databases.
Andrew Bartlett
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be
derived through "lp" calls.
- Substitute the "HOSTNAME" caption in the "smb.conf" templates with
"NETBIOS_NAME" which fits better.
- Now the "realm" and "domain" parameter of the provision are totally case
insensitive and the script itself up/downcases them appropriately depending
on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).
