1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

23 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
e592deeb1a s4:AD content - Add the DFSR objects which exist on Windows Server >= 2008
Those replace the FRS ones.
2010-02-21 21:19:56 +01:00
Matthias Dieter Wallnöfer
fca0c4de2a s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs 2010-01-08 18:18:21 +01:00
Andrew Tridgell
53d10d139e s4-provision: don't hard wire the creation of the RID Set object
We now create it automatically in the samldb module when the first
user is created. 

The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:03:00 +11:00
Andrew Tridgell
5eb3b919c5 s4-provision: the DC object itself needs a fixed objectSID
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Andrew Tridgell
a1362492ab s4-provision: added an initial RID Set
We will allocate RIDs from this set

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08 13:02:58 +11:00
Matthieu Patou
8bf517d340 s4: Improve provisioning: use relax control
Give the possibility to specify controls when loading ldif files.
  Relax control is specified by default for all ldb_add_diff (request Andrew B).
  Set domainguid if specified at the creation of object instead of modifying afterward
  Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
2009-10-02 12:45:01 +02:00
Matthias Dieter Wallnöfer
fa4023d6f7 s4:provision - Some rework (continuation)
- Fix up "servicePrincipalNames" attributes on the DC object
- Add some informative comments (most in "provision_self_join.ldif")
- Add also comments where objects are missing which we may add later when we
  support the feature (mainly for FRS)
- Add "domain updates" objects also under "CN=Configuration" (they exist twice)
- Add the default services under "Services" to allow interoperability with some
  MS client tools
- Smaller changes
2009-09-17 21:19:24 +02:00
Matthias Dieter Wallnöfer
c73984a5c9 s4:AD LDIFs - More refactoring
This commit includes:
- Additional static object data in SAMBA 4's AD to start supporting of
  - forest updates, - lost and found, - quotas on DS, - physical locations,
  - licensing of sites, - subnets, - policies for WMI, - DNS entries in AD
- Reordering of provision*.ldif files to be able to find entries and make future
  additions easier
- Add comments in provision*.ldif files to point out where subentries are located
  when they are based in other LDIFs
- Removations of autogenerated "cn" attributes
2009-08-11 12:59:13 +02:00
Matthias Dieter Wallnöfer
2fc5331e5c [SAMBA 4 directory] Refactoring and clean up of directory structure
- Adds more system objects which make sense to have them in SAMBA 4 also to
  have them when we add more and more services related to the directory (volume
  support, DFS, replication service, COM...)
- Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes
  are set correctly on each object
2009-07-20 14:21:09 +10:00
Andrew Bartlett
271b5af92e s4:dsdb Handle dc/domain/forest functional levels properly
Rather than have the functional levels scattered in 4 different,
unconnected locations, the provision script now sets it, and the
rootdse module maintains it's copy only as a cached view onto the
original values.

We also use the functional level to determine if we should store AES
Kerberos keys.

Andrew Bartlett
2009-07-16 09:23:35 +10:00
Matthias Dieter Wallnöfer
d4a969530d [SAMBA 4 directory] Adds the complete "objectclass path" to our self-created DC object
Found after some comparisons against Windows Server 2003 R2.
2009-07-01 14:50:42 +10:00
Andrew Bartlett
44ea6a26fd rename sambaPassword -> userPassword.
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.

This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.

Andrew Bartlett
(This used to be commit 1cf0d75149)
2008-07-12 15:26:42 +10:00
Andrew Bartlett
e8a3621a8f Be consistant in using ${SEVERDN}.
This ensures we don't fall out of sync with the provision scripts.

Andrew Bartlett
(This used to be commit 566c60b464)
2008-04-09 14:51:22 +10:00
Andrew Bartlett
2ab6dd9ea5 Remove references to setting the host GUID, as the repl_meta_data
module prohibits it anyway.

Andrew Bartlett
(This used to be commit c5b287c056)
2008-04-02 11:38:58 +11:00
Andrew Bartlett
446fb38765 Users and computers now share the same template.
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system.  samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.

Andrew Bartlett
(This used to be commit 447d5a7954)
2008-02-28 08:43:10 +11:00
Andrew Bartlett
b39676089e Remove default 'showInAdvancedViewOnly' values.
This means we only show and set the values when they are not the
values the schema and objectclass module would impose.

Andrew Bartlett
(This used to be commit c2f2e01357)
2008-01-18 18:10:18 +11:00
Andrew Bartlett
873c7457c6 Don't manually specify instanceID in the template files.
The instanceid module creates this automaticlly, so we don't need this
any more.

Andrew Bartlett
(This used to be commit f6dbdf34e8)
2008-01-18 13:30:20 +11:00
Andrew Bartlett
f5860b5a85 r26298: Use metze's schema loading code to pre-initialise the schema into the
samdb before we start writing entries into it.

In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).

We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.

When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works.  This required some ejs
glue.

Andrew Bartlett
(This used to be commit b0de08916e)
2007-12-21 05:48:15 +01:00
Andrew Bartlett
999d47e41e r25452: Move the creation of the server entry to the self join, as this makes
no sense on a member server.

Andrew Bartlett
(This used to be commit 70467fa4c5)
2007-10-10 15:07:37 -05:00
Andrew Bartlett
ee257e902a r25299: Modify the provision script to take an additional argument: --server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.

The default for the provision now changes to 'standalone'.

This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.

We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.

Andrew Bartlett
(This used to be commit 4cc4ed7719)
2007-10-10 15:07:09 -05:00
Andrew Bartlett
f681306335 r24760: Ensure we base64 encode any password being put into LDIF, to avoid
provision failures when some of the random password values are illigal
LDIF.

Andrew Bartlett
(This used to be commit 876003f6c6)
2007-10-10 15:03:05 -05:00
Andrew Bartlett
1cc770fc58 r23815: Thanks to Matthias Wallnoefer <mwallnoefer@yahoo.de> for pointing out
that we had the wrong objectClass for OU=Domain
Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN})

This fixes both the SAMR server and the LDIF templates.

Andrew Bartlett
(This used to be commit 625a9e6c04)
2007-10-10 14:59:22 -05:00
Andrew Bartlett
967866f170 r23720: Allow the member server to work against an LDAP Backend. Another case
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal.  (Easier to just skip the useless self-join).

Andrew Bartlett
(This used to be commit 49ff929be6)
2007-10-10 14:59:08 -05:00