sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
134,053 Commits 60 Branches 1,144 Tags 452 MiB
f34ef1ef50
Commit Graph

991 Commits

Author SHA1 Message Date
Kai Blin
292554c396 s4 provision: Rename bind9 flatfile backend to BIND9_FLATFILE 2011-10-17 08:16:12 +02:00
Matthieu Patou
009b97d6f3 provision: fix the doc 
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Oct 16 01:31:21 CEST 2011 on sn-devel-104
 2011-10-16 01:31:21 +02:00
Matthieu Patou
a1767f74af s4: check that the xattr are supported in the folder where we want to provision 
By default we were checking this on the default folder for
tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted
on tmpfs (which didn't support xattr currently). Now we should check on
the filesystem where the provision will be done.
 2011-10-16 00:01:36 +02:00
Stefan Metzmacher
bcb02129c3 s4:dsdb/password_hash: add DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 
Which allows the caller to pass a given 'pwdLastSet' value
(every useful for migrations).

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct  7 15:28:13 CEST 2011 on sn-devel-104
 2011-10-07 15:28:13 +02:00
Andrew Tridgell
c2d70af1a7 s4-dsdb: added DSDB_CONTROL_DBCHECK 
this will be used for overrides by the dbcheck validator

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-10-06 14:34:22 +11:00
Andrew Tridgell
60cbc98051 s4-dsdb: added new control DSDB_MODIFY_PARTIAL_REPLICA 
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-10-04 15:08:57 +11:00
Kai Blin
5c890ad17f s4 provision: Set server role default when called from command line to 'dc' 2011-10-02 11:59:19 +02:00
Andrew Tridgell
00ef18f19c s4-dsdb: added NO_GLOBAL_CATALOG control 
this control is used to ask samdb to not return searches with a basedn
in partial repica partitions, which is needed to support the
difference between a search on the 3268 GC ldap port and the non-GC
389 port
 2011-09-22 10:00:48 +10:00
Andrew Bartlett
c6cf070df0 s4-s3-upgrade Improve samba-tool domain samba3upgrade behaviour 
The --realm argument is again optional (the previous code would take the default
from the default smb.conf, not the one specified) and --targetdir is now a
named argument much like it is to provision.

We now test the --testparm option to ensure it behaves the way we expect.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Sep 13 16:30:31 CEST 2011 on sn-devel-104
 2011-09-13 16:30:31 +02:00
Andrew Bartlett
c271b71420 s4-provision Perform 'modify' operations as system 
We need this so that we can modify the cn=configuration partition when
we are setting up a new subdomain.

The serverReference on our ${SERVERDN} is in that partition, and
without this change creating a new subdomain fails due to ACLs.

Andrew Bartlett
 2011-09-13 15:37:12 +10:00
Andrew Bartlett
846e342648 s4-provision Split addition of users and well known principals 
If we are provisioning a subdomain, then these are already in
cn=configuration.

Andrew Bartlett
 2011-09-13 15:37:12 +10:00
Andrew Bartlett
6635bb70d3 s4-provision Add initial support for joining as a new subdomain 
To do this we need to reorganise a lot of the provision code, so that
we can create the framework for the inbound replicaton of the config
and schema partitions and then add in the new subdomain locally.

Andrew Bartlett
 2011-09-13 15:37:11 +10:00
Jelmer Vernooij
0ee22a2dec s4-python: Fix some formatting issues. 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104
 2011-09-13 03:51:13 +02:00
Andrew Bartlett
8268c2d4e2 s4-s3-upgrade Remove upgrade_from_s3 script, use samba-tool domain samba3upgrade 2011-09-12 20:52:00 +10:00
Amitay Isaacs
9a5524e00a s4-provision: Add named.conf template for BIND9 with DLZ support 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-12 20:42:14 +10:00
Amitay Isaacs
41e9f9d504 s4-provision: Add Seperate instructions for BIND 9.7.x and 9.8.x. 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-12 20:42:13 +10:00
Amitay Isaacs
1860e6b1a3 s4-provision: Enable SPNs for DNS 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-12 20:42:12 +10:00
Amitay Isaacs
7800a501cd s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning 
This attribute is required by the hosting requirement.
[MS_ADTS].pdf 7.1.2.3.1 DC and Application NC Replica

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Sep  8 02:04:51 CEST 2011 on sn-devel-104
 2011-09-08 02:04:51 +02:00
Amitay Isaacs
b36e9de863 s4-provision: LDIF files to set up AD DNS schema 
This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-08 00:35:37 +02:00
Amitay Isaacs
595b9c4cc6 s4-provision: Add DNS backend option to provision 
This option is introduced temporarily to test bind9 backend with
and without dlz_dlopen module.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-08 00:35:37 +02:00
Amitay Isaacs
92169e9deb s4-provision: exit is not imported directed, use sys.exit 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-08 00:35:37 +02:00
Amitay Isaacs
14664fac34 s4-provision: Extract dns account creation as separate ldif 
MicrosoftDNS container and LDAP entries for root servers will be
added by sambadns.py directly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-09-08 00:35:37 +02:00
Andrew Bartlett
3d05a0856f s4-provision Use ProvisioningError and the eadb 
The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).

The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.

Andrew Bartlett
 2011-09-05 11:25:38 +10:00
Andrew Bartlett
5c8bf1434d s4-provision Add realm to DC configuration in upgrade_from_s3 test 2011-09-05 11:25:37 +10:00
Amitay Isaacs
76ff9bffd8 s3_upgrade: Set lock directory to correct directory 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-08-26 10:07:36 +10:00
Amitay Isaacs
d8465f2a91 s3_upgrade: Update commandline options and use updated samba3 python module 
upgrade_from_s3 script now requires samba3 configuration file and target
directory for samba4 database. In addition, it either uses --libdir option
or --testparm option to correctly guess the paths for samba3 databases
(private dir and state directory).

Usage: upgrade_from_s3 [options] <configuration_file> <targetdir>

Input arguments are:
  <configuration_file> - path to existing smb.conf
  <targetdir>          - directory in which samba4 database will be created

In addition, specify either samba3 database directory (with --libdir) or
samba3 testparm utility (with --testparm).

Before using passdb interface, initialize s3 loadparm context using
correct path settings for private dir and state directory.

Export account policy from s3 to s4.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2011-08-26 10:06:33 +10:00
Andrew Tridgell
b2c6b0122f s4-dns: fixed dns_update_list for multi-domain forests 
this should now match the DNS entries of w2k8r2c 

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
 2011-08-25 07:39:39 +10:00
Andrew Tridgell
42ae193e3f s4-dns: fixed DNS and SPN update lists for multi-domain support 
fixed DNS to point at forest root

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
 2011-08-25 07:39:38 +10:00
Andrew Bartlett
399eae13a1 s4-provision set passdb backend to 'samba4' in template smb.conf files 
This will allow smbpasswd, net sam and pdbedit to 'just work' against
the newly created databases.

Andrew Bartlett
 2011-08-22 09:00:59 +10:00
Amitay Isaacs
305cb567f4 upgrade: Add missing bits for the s3 to s4 upgrade script 
Use passdb backend to import/export users

Remove unused options for upgrade_from_s3 command (--blank) and credentials options
Config file is specified with -s/--configfile option and no need to specify as an argument.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-13 20:18:40 +10:00
Amitay Isaacs
64ec42d64f tests: Update test for s3 to s4 upgrade with two cases 
S3-member to S4-member and S3-dc to S4-dc

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-13 20:18:40 +10:00
Andrew Bartlett
93e8d3b381 s4-scripting Rename passdb upgrade routine to avoid conflict with upgradeprovision 2011-08-13 12:30:49 +10:00
Andrew Tridgell
d79ee18f98 s4-provision: create dsServiceName in @ROOTDSE in GUID form 
this allows for handling of server renames as the GUID doesn't change

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-12 04:00:07 +02:00
Andrew Tridgell
849d042dd8 ldb: added a new always-fail ldap extended match OID 
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-04 16:17:25 +10:00
Giampaolo Lauria
901959d9ca samba-tool: updated test suite to account for newuser change 
Updated test suite invocations of newuser to "user add" as
the newuser functionality is now being moved to "user add"

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-07-28 15:20:51 +10:00
Andrew Tridgell
57b796d435 samba-tool: fixed samba-tool user syntax 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-07-21 11:44:29 +10:00
Giampaolo Lauria
8c7718ac16 samba-tool: update test suite for the new domain object 
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-07-21 10:32:23 +10:00
Giampaolo Lauria
c4a92292c1 samba-tool: update test suite for add setpassword 
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-07-21 10:32:22 +10:00
Stefan Metzmacher
c0eb56d159 s4:param: add "state dir" and "cache dir" options 
metze
 2011-07-12 14:58:34 +02:00
Kai Blin
749d022a0c s4 provision: Add some of the AD-specific DNS records to the directory 
Signed-off-by: Kai Blin <kai@samba.org>

Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Jul  7 02:29:53 CEST 2011 on sn-devel-104
 2011-07-07 02:29:53 +02:00
Kai Blin
a8d3bdb48d s4 provision: split up DNS provisioning into generic and samba-specific ldifs 
Signed-off-by: Kai Blin <kai@samba.org>
 2011-07-07 00:10:27 +02:00
Matthieu Patou
15637206b9 s4-provision: Remove hard coded SD for CN=Sites container 
With the fix introduced by Nadya in changeset
622ef6aed8 we are now able to generate
correct SD (at least the same as W2k3R2 with a Forest Level of 2003), so
there is no need for this fix anymore as it makes SDs for Forest Level
2003 and lower incorrect.
 2011-06-19 23:21:08 +02:00
Andrew Tridgell
6ea8db1bd4 s4-build: install a build link bin/provision 2011-06-07 15:48:42 +10:00
Andrew Bartlett
a18efb1490 s4-param Remove 'sid generator' 
This was only used by the Fedora DS backend for Samba4.  We agreed to
no longer support external LDAP backends.

Andrew Bartlett
 2011-06-06 17:37:50 +10:00
Andrew Tridgell
7d59e9c549 s4-ipv6: added IPv6 support to samba_dnsupdate 2011-06-06 12:26:10 +10:00
Theresa Halloran
23177b5f44 s4:samba-tool: Move samba-tool setexpiry to samba-tool user setexpiry <user> 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-06-01 17:24:36 +10:00
Theresa Halloran
726ee12bb4 s4/samba-tool: Move samba-tool enableaccount to samba-tool user enable command. 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-06-01 17:24:36 +10:00
Andrew Bartlett
53b0c44d8c s4-provision Use correct tkey-gssapi-credential 
We changed to ${DNSNAME} (the fully qualified domain name) a while
back, and while it's usually functionally idential to the previous
setting, this breaks down if there is more than one DNS server.

Andrew Bartlett
 2011-05-25 12:12:53 +10:00
Matthieu Patou
f1873382da upgradeprovision: add hostname in the blackbox tests 2011-05-21 08:41:07 +02:00
Matthieu Patou
535a9b3133 Make the purge first so that the provision can reused during tests 2011-05-21 08:41:07 +02:00
Matthieu Patou
da2e34a134 provision: reorganize attributes so that we don't attribute with DN syntax that depends on non present object 
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Apr 30 14:51:16 CEST 2011 on sn-devel-104
 2011-04-30 14:51:16 +02:00
Matthias Dieter Wallnöfer
7aa0219be8 s4:setup/provision - fix an output message 
Mention that Windows 2000 function level is supported as well.
 2011-03-10 11:12:04 +01:00
Andrew Bartlett
d1e5a73806 s4-provision Remove setup_path, setup_dir and find_setup_dir 
We now have a reliable way to know the current location of the
templates: dyn_SETUPDIR, which is updated for both the in-build and
installed binaries.

This replaces the function arguments and the distributed resolution of
the setup directory with one 'global' function (imported as required).

This also removes the ability to specify an alternate setup directory
on the command line, as this was rarely if ever used and never tested.

Andrew Bartlett
 2011-02-07 13:22:01 +11:00
Andrew Tridgell
b038aca5c8 s4-loadparm: removed "setup directory" option 
the correct setup directory is known at both build time and install
time using dyn_SETUPDIR, so we no longer have any need to override it

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-02-07 13:22:00 +11:00
Andrew Tridgell
b2a080fb1d s4-test: fixed more assumptions of ./setup for setup directory 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-02-07 13:22:00 +11:00
Andrew Tridgell
a940d5d344 s4-provision: remove the disabled bit in the dns-$HOSTNAME account 2010-12-01 16:09:57 +11:00
Andrew Tridgell
5e8cb67605 s4-provision: fixed eadb automatic and manual setting in provision 
we should not set posix:eadb in lp in the acl native test code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-11-26 03:08:21 +01:00
Andrew Bartlett
5d65025fde s4-setup correct the require BIND version for Dynamic DNS 2010-11-24 17:48:04 +11:00
Matthias Dieter Wallnöfer
d218472310 s4:provision_rootdse_add.ldif - add all possible LDAP policy values but outcommented for the moment 
It would be nice if someone could activate them as needed.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 21 14:41:53 CET 2010 on sn-devel-104
 2010-11-21 14:41:53 +01:00
Andrew Tridgell
1645190b1c s4-provision: don't test for xattrs if posix:eadb is set 
when it is set in smb.conf or on the command line, obey the setting
and don't try to test for system xattr support
 2010-11-17 23:55:39 +11:00
Andrew Tridgell
333975d84f s4-provision: setup posix:eadb using lp.set() 
this allows it to override a setting made during the automatic testing
of xattr support
 2010-11-17 23:55:39 +11:00
Andrew Tridgell
d7ea449049 s4-provision: don't try to autodetect xattr is posix:eadb is set 
when posix:eadb is set then we know we should be using an eadb
 2010-11-17 23:55:39 +11:00
Andrew Tridgell
1887ce87e4 s4-provision: use the command line lp in provision 
this ensures that provision options are stored in the generated
smb.conf
 2010-11-17 23:55:38 +11:00
Andrew Bartlett
ebd8e66ed0 samba-tool Add test for --store-plaintext 
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 16 06:29:04 UTC 2010 on sn-devel-104
 2010-11-16 06:29:04 +00:00
Matthias Dieter Wallnöfer
3c8283da41 s4:provision_self_join.ldif - the object SID in AD is called "objectSid" 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov  9 13:18:29 UTC 2010 on sn-devel-104
 2010-11-09 13:18:29 +00:00
Matthias Dieter Wallnöfer
bd5039546e s4:provision - switch to "clearTextPassword" for setting passwords 
This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.
 2010-11-09 13:22:00 +01:00
Matthias Dieter Wallnöfer
05d7524736 s4:setup/spn_update_list - the DNS SPN is only used in DNS mode 
Not all DCs are automatically DNS servers.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  1 12:20:36 UTC 2010 on sn-devel-104
 2010-11-01 12:20:36 +00:00
Matthias Dieter Wallnöfer
7578e04fb8 s4:provision - adapt the "provision" so that SIDs are only set on entry creation 
SID modifications are denied.
 2010-11-01 12:25:24 +01:00
Matthias Dieter Wallnöfer
572774a7a0 s4:provision - remove the "servicePrincipalName" creation on the DC object 
This is now done by the "samba_spnupdate" script.
 2010-10-31 18:44:07 +00:00
Matthias Dieter Wallnöfer
01e7cc607c s4:setup/spn_update_list - reorder and update with other SPNs 2010-10-31 18:44:06 +00:00
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net 
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
 2010-10-28 07:25:16 +00:00
Matthias Dieter Wallnöfer
8c4d023cc9 s4:setup/schema_samba4.ldif - this control isn't used anymore 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 27 16:32:28 UTC 2010 on sn-devel-104
 2010-10-27 16:32:28 +00:00
Matthias Dieter Wallnöfer
6e407a3c1c s4:provision_*_references.ldif - "add" and do not "replace" the "wellKnownObjects" 
This is the correct AD operation in this case. Multi-valued replaces are
generally denied most of the time.
 2010-10-25 12:51:52 +02:00
Matthias Dieter Wallnöfer
8b9a08e10f s4:provision.py - add the correct "CN=Sites" security descriptor 
This should help to fix bug #7403.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
 2010-10-23 20:16:59 +00:00
Matthias Dieter Wallnöfer
f9a6ff482c s4/ldb:introduce the LDB_CONTROL_PROVISION_OID control 
This control is exactly thought for the actions which previously were performed
using the RELAX one.

We agreed that the RELAX control will only remain for interactions with OpenLDAP.
 2010-10-23 16:37:29 +02:00
Matthias Dieter Wallnöfer
89c42a96fc ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into LDB_CONTROL_BYPASS_OPERATIONAL_OID 
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
 2010-10-23 16:37:29 +02:00
Andrew Bartlett
f9c7365e53 s4-provisionbackend Allow a fixed URI to be specified for LDAP backend 
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.

Andrew Bartlett
 2010-10-19 18:57:06 +11:00
Andrew Bartlett
ce01e36d8c s4-openldap-backend Don't set 'dbnosync' on cn=config 
This isn't valid in current OpenLDAP versions.

Andrew Bartlett
 2010-10-18 11:13:04 +00:00
Andrew Bartlett
ba9e787c7d s4-provision Use --ldap-backend-nosync rather than just --nosync 
For some reason we had both options, and --ldap-backend-nosync is
the better name.

Andrew Bartlett
 2010-10-18 11:13:04 +00:00
Matthias Dieter Wallnöfer
5cb99aa81a s4:setup/provision_self_join.ldif - let the samldb LDB module fill in "isCriticalSystemObject" 
It recognizes it now automatically.
 2010-10-13 13:35:21 +00:00
Matthieu Patou
6633a7b379 unit tests: do some cleanup after tests 
fix

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Oct 11 14:29:10 UTC 2010 on sn-devel-104
 2010-10-11 14:29:10 +00:00
Andrew Tridgell
c24240bcd2 waf: fixed some python3.x portability issues 
these have crept into the tree over time. Maybe we should add testing
of a range of python versions to autobuild?
 2010-10-06 11:13:05 +00:00
Matthias Dieter Wallnöfer
0fb9671a01 s4:setup/provision_rootdse_add.ldif - provide informations in the right order 
Doesn't change much - but nicer to read.

Btw: is the testdata/samba3 stuff still needed ("provision_samba3sam.ldif"...)?
It seems a bit outdated.
 2010-10-05 16:06:05 +00:00
Wilco Baan Hofman
927e4db090 Fix .reg file format parsing. 
* multiline data
 * doublequoted value name
 * handle windows format CRLF

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-10-03 15:31:37 +02:00
Matthias Dieter Wallnöfer
a01467913a s4:schema_samba4.ldif - update allocated controls list 
This needs always to be done after a control allocation otherwise we end up in
double-allocations and unexpected behaviour.
 2010-10-03 12:05:13 +02:00
Jelmer Vernooij
fbee3586fd selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py. 2010-10-01 01:31:06 +00:00
Andrew Tridgell
cc288603ce s4-provision: simplify our generated krb5.conf 
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-28 19:25:51 -07:00
Andrew Tridgell
c7f6ab890e s4-provision: fixed the authority response for our SOA record 
some clients rely on this being the hostname, not the domain

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
 2010-09-28 06:39:19 +00:00
Matthieu Patou
a8f8f277ff s4 provision: start with gpo of version 0 and be consistent between different policies 2010-09-26 06:22:43 +04:00
Andrew Tridgell
e8fec1d3c6 s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only 2010-09-26 01:21:50 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns 
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 01:21:49 +00:00
Andrew Bartlett
c9b19d9b69 s4-kerberos Rework keytab handling to export servicePrincipalName entries 
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.

Andrew Bartlett
 2010-09-24 15:07:56 +10:00
Matthias Dieter Wallnöfer
76c346dfc1 s4:provision - rootdse - remove static "ldapServiceName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
ccc67a03d6 s4:provision - rootdse - remove static "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5f60f5e5e7 s4:provision - rootdse - remove the static attribute "serverName" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
4fd8ce42ce s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account 2010-09-12 19:23:06 +02:00
Stefan Metzmacher
0ad2890c4e s4:provision: remember the setup directory if it wasn't the default 
This fixes make test without a make install.

metze
 2010-09-10 17:21:31 +02:00
Andrew Bartlett
22d5a96550 s4-setup Make krb5.conf use DNS by default 
We set up our DNS pretty well these days, and I think the previous setting
was only there because Andrew Kroeger copied this out of our selftest code
in bf3f3af926.

Andrew Bartlett
 2010-09-09 21:39:24 +10:00
Jelmer Vernooij
3c58fb27b0 setup: Use standard octal ints rather than harcoding. 2010-09-08 22:11:55 +02:00
Matthieu Patou
2cadfe8f2a unit tests: debug to ease locating pb, remove dir if exists to avoid error 2010-08-19 15:59:05 +04:00
Matthias Dieter Wallnöfer
bbb9dc806e s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" 
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
 2010-08-17 18:45:32 +02:00
Stefan Metzmacher
76e5d41d6a s4:blackbox/newuser: use test specific user names 
As this test doesn't delete the user accounts at the end,
we should use test specific user names. That lowers the
chance of conflicts with other tests.

metze
 2010-07-31 11:35:31 +02:00
Matthieu Patou
d861ebbd81 s4 dsdb: create a new control: changereplmetadata 
This control is designed to allow replmetadata to be specified

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:20 +10:00
Stefan Metzmacher
23f810041b s4:provision: remove --policy-guid and --policy-guid-dc cmdline options 
metze
 2010-07-10 11:18:19 +02:00
Matthieu Patou
e962e7e956 s4 unittests: remove the provision directory before (re)generating 2010-07-10 11:18:18 +02:00
Matthieu Patou
cad04dabbb s4 net: Add spn module to list/add/remove spn on objects 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-07-10 11:18:17 +02:00
Stefan Metzmacher
6d7b9648e5 s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 
When importing users from Samba3 we need to control all values.

metze
 2010-07-05 18:00:14 +02:00
Matthias Dieter Wallnöfer
43b0c314d8 s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value 
Now we should have fixed all password related tests to cooperate with this value
 2010-07-03 11:38:54 +02:00
Stefan Metzmacher
50da834f13 s4:provision: add entries for root dns servers 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
6ab234cec9 s4:provision: move Samba4 specific DNS stuff to its own file 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
c6b21931c6 s4:provision: add --next-rid option 
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.

metze
 2010-06-26 09:50:55 +02:00
Stefan Metzmacher
712a149802 s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' 
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.

The initlal rIDAvailablePool starts at nextRid + 100.

I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
 check box).

After provision we should have this (assuming nextRid=1000):

rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100

rIDAvailablePool: 1600-1073741823

Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!

metze
 2010-06-26 09:50:54 +02:00
Matthias Dieter Wallnöfer
8ad01613f6 Revert "s4:provision.ldif - fix the number of available RIDs" 
This reverts commit 41cdcd54b7.

As per request of metze revert this (cause written on the mailing list).
 2010-06-24 15:13:40 +02:00
Matthias Dieter Wallnöfer
41cdcd54b7 s4:provision.ldif - fix the number of available RIDs 
There should be 4611686014132422209 and not 4611686014132422109.
 2010-06-24 10:04:53 +02:00
Matthias Dieter Wallnöfer
fec489bd87 s4:provision.ldif - this Win2003 revision level seems always to be "9" on Windows Server 2008 machines 2010-06-24 10:04:53 +02:00
Matthias Dieter Wallnöfer
64e19ef9fb s4:provision_users.ldif - change a group description to be correct 2010-06-24 10:04:52 +02:00
Matthias Dieter Wallnöfer
e88f37daa0 s4:setup/provision.reg - raise version to Windows Server 2008 R2 2010-06-24 10:04:50 +02:00
Jelmer Vernooij
237ab66f6c selftest: Use scripted testparm. 2010-06-20 14:14:47 +02:00
Lukasz Zalewski
e55c012acc make test modules for net group set of commands and modification to the newuser to include additional parameters 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 01:29:03 +02:00
Matthieu Patou
3ebe560622 ldb: add a new control bypassioperationnal 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Andrew Bartlett
d523e946b1 s4:provision Add import for DS_DOMAIN_FUNCTION_2000 2010-06-16 09:57:51 +10:00
Andrew Bartlett
814cb8895d s4:provision Allow functional level 2000 to be chosen 2010-06-16 09:57:51 +10:00
Andrew Bartlett
ecfce7365c s4:dsdb Add control for signaling between repl_meta_data and linked_attributes 
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.

Andrew Bartlett
 2010-06-16 09:57:51 +10:00
Andrew Kroeger
352fb5c7e4 s4:provision: Make gc._msdcs DNS entries A/AAAA records 
When adding an additional DC as a GC server, the new DC attempts to register its
own gc._msdcs records.  If the existing gc._msdcs record is a CNAME, BIND fails
the update with the message "attempt to add non-CNAME alongside CNAME ignored",
and the new DC is not registered as a GC server.

The A & AAAA record types for gc._msdcs have been verified against the DNS
server of a W2K8 DC.
 2010-06-14 12:14:46 +02:00
Matthias Dieter Wallnöfer
4b6ce8efc0 s4:fix allocated control OIDs for "password_hash" LDB module 
The password hash module controls overlapped others. Sorry, but the
"schema_samba4.ldif" hasn't been kept up-to-date.
 2010-06-13 18:35:19 +02:00
Jelmer Vernooij
74ed48aa1c Friendlier message. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
d9d0d54475 upgradeprovision: Use logging infrastructure. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
956a256faa s4-python: Start using standard python logging infrastructure rather 
than simple messaging callbacks.
 2010-06-13 18:19:03 +02:00
Matthias Dieter Wallnöfer
b8ea2e0757 s4:provision - fix typo in substitution variable 2010-06-06 20:42:19 +02:00
Matthias Dieter Wallnöfer
40ced1a3be s4:setup/*.ldif - remove unneeded "cn" attributes 
Should be generated automatically
 2010-05-24 14:01:05 +02:00
Matthias Dieter Wallnöfer
38e9a7f577 s4:domain functional level - it is also specified in the domain object under partitions 
Discovered by the "ldapcmp" tool
 2010-05-13 15:14:06 +02:00
Matthias Dieter Wallnöfer
92aa194145 s4:provision_configuration.ldif - add more extended rights objects 2010-05-13 15:06:35 +02:00
Matthias Dieter Wallnöfer
9005227e72 s4:provision_users.ldif - fix up and reorder the well-known security principals 2010-05-13 14:51:10 +02:00
Matthias Dieter Wallnöfer
c715f6d3f9 s4:provision_configuration.ldif - add more Windows 2008 forest operations 2010-05-13 14:47:32 +02:00
Matthias Dieter Wallnöfer
eaea676916 s4:provision_configuration.ldif - the revision level of "Windows2003Update" should obviously be 10 
Compared against my Windows Server 2008 and Zahari's output.
 2010-05-13 14:47:31 +02:00
Matthias Dieter Wallnöfer
025eaceb5c s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" operation is of version 3 2010-05-13 14:47:30 +02:00
Matthias Dieter Wallnöfer
47818b19fc s4:provision*.ldif - always set the "msDS-NcType" attribute correctly 2010-05-13 14:47:30 +02:00
Matthias Dieter Wallnöfer
1885327b30 s4:provision_configuration.ldif - set the right schedule on the default site in the NTDS site settings 2010-05-13 14:47:29 +02:00
Matthias Dieter Wallnöfer
8acd8b97a6 s4:provision_configuration.ldif - The "NTDS Quotas" object is system-critical 2010-05-13 14:47:29 +02:00
Matthias Dieter Wallnöfer
79ac53eb3b s4:provision_configuration.ldif - "sites" object 
- The default site doesn't contain a licensing object
- Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
 2010-05-13 14:10:02 +02:00
Matthias Dieter Wallnöfer
f57bcc92b5 s4:provision.ldif - add IP security objects as they exist on Windows Server 2010-05-13 13:03:47 +02:00
Matthias Dieter Wallnöfer
44e05dfb73 s4:provision.ldif - add more Windows 2008 domain operations 2010-05-13 13:03:46 +02:00
Matthias Dieter Wallnöfer
cc2bd1f777 s4:provision_users.ldif - On Windows Server >= 2008 security principal S-1-5-20 doesn't exist anymore 2010-05-13 13:03:45 +02:00
Matthias Dieter Wallnöfer
350c61922e s4:provision.ldif - "passwordSettingsContainer" add "showInAdvancedViewOnly" 2010-05-13 13:03:44 +02:00
Matthias Dieter Wallnöfer
bbb5825a6f s4:provision.ldif - fix up "NTDS Quotas" "systemFlags" 2010-05-13 13:03:43 +02:00
Matthias Dieter Wallnöfer
b2bd02e11e s4:provision_users.ldif - fix up Administrator's "userAccountControl" 2010-05-13 13:03:43 +02:00
Matthias Dieter Wallnöfer
8c796715c1 s4:provision_basedn_modify.ldif - fix up "maxPwdAge" 2010-05-13 13:03:31 +02:00
Matthias Dieter Wallnöfer
5e4d91f7aa s4:provision_users.ldif - Fix typos in user/group objects 2010-05-13 11:17:52 +02:00
Matthias Dieter Wallnöfer
726fb35f9f s4:dsdb: add new controls 
- Add a new control for getting status informations (domain informations,
  password change status) directly from the module
- Add a new control for allowing direct hash changes
- Introduce an addtional control "change_old password checked" for the password
 2010-05-10 17:54:15 +02:00
Stefan Metzmacher
1913e03bd4 s4:setup: mark DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4 as allocated 
metze
 2010-05-10 17:54:15 +02:00
Stefan Metzmacher
6ee53309a1 s4:blackbox password tests - more complex passwords 2010-05-10 12:20:26 +02:00
Matthias Dieter Wallnöfer
e4ce727c8d s3:provision_basedn_modify.ldif - add "msDS-NcType" attribute and fix comments 2010-05-10 09:21:17 +02:00
Marcel Ritter
e6f59613fe Install spn_update_list to setup/ dir 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-04-27 21:05:00 +02:00
Andrew Tridgell
fa26383884 s4-dsdb: added samba_spnupdate 
this script adds all our required servicePrincipalName entries at
runtime. The admin can add more entries to spn_update_list as needed
 2010-04-27 19:27:18 +10:00
Andrew Tridgell
570c89287e s4-dns: explain what the file is for 2010-04-27 19:27:18 +10:00
Andrew Tridgell
be35a40e03 s4-dns: fixed dc.dc duplication in DNS update list 2010-04-27 11:01:23 +10:00
Andrew Bartlett
bd08249d68 s4:provision Remove moduleload for 'hdb' (wrong name). 
The backends are not normally modules anyway
 2010-04-22 19:55:06 +10:00
Andrew Bartlett
e11f92ba73 s4:provision Make OpenLDAP backend more robust 
With the extra moduleload lines (which succeed if it's already
staticly linked), we now work with OpenLDAP overlays as modules.

Andrew Bartlett
 2010-04-22 18:37:19 +10:00
Andrew Bartlett
466fbe278a s4:provison Pass nosync in for the OpenLDAP cn=config too 2010-04-22 18:37:19 +10:00
Andrew Bartlett
cbb818222a s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP 
This is rather than rdn_name, which tries to do the job on the client
side.  We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).

Andrew Bartlett
 2010-04-22 18:37:18 +10:00
Andrew Bartlett
a50f6aad85 s4:provision Use more reasonable values for DB_CONFIG 
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort
on startup, and was very inefficient.  This new one, kindly supplied
by Matthew Backes <mbackes@symas.com> uses a more reasonable set of
buffer sizes.

Andrew Bartlett
 2010-04-22 18:37:18 +10:00
Andrew Tridgell
5e695dec2a s4-upgradeprovision: fixed --realm option duplicate in upgrade_from_s3 2010-04-21 13:35:56 +10:00
Andrew Tridgell
8fdfcde56c s4-provision: cope with --realm being in getopt.py 
we still need to allow for interactive querying of the realm

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-21 13:35:56 +10:00
Matthieu Patou
b8d6f1ce89 s4 provision: Remove hard coded ACL for GPO objects 
It is no longer needed to hard code ACL for GPO object as we have now code
that calculate ACL from defaultSecurityDescriptor and inheritance correctly.

In fact the resulting ACL returned by this hard coded value is a bit wrong as
some ACE are duplicated.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-04-15 18:45:40 +02:00
Stefan Metzmacher
f1ecdb980b s4:setup/wscript_build: install dns_update_list into ${SETUPDIR} 
metze
 2010-04-15 18:37:40 +02:00
Jelmer Vernooij
dd4ef4e106 s4-python: More cleanups. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
d7a46ee129 s4-python: Simplify code, improve formatting. 2010-04-08 23:20:36 +02:00
Thomas Nagy
7f3116a63d build: allow the waf build to work with python 3.0 and 3.1 
Python 3.x is a bit fussier about print statements and indentation.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-08 07:46:39 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
bd7bf0e1a9 s4-waf: install the rest of our python files 2010-04-06 20:27:10 +10:00
Andrew Tridgell
a2a4fee8c6 s4-waf: forgot these files 2010-04-06 20:27:09 +10:00
Jelmer Vernooij
31a517e172 s4-python: Move dsdb constants to a separate python module. 2010-04-04 00:14:23 +02:00
Andrew Tridgell
088096d1ba python: use '#!/usr/bin/env python' to cope with varying install locations 
this should be much more portable
 2010-03-25 14:37:19 +11:00
Oliver Liebel
752b2206cb Fixed --ol-mmr-url helpline 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-03-18 11:27:57 +11:00
Oliver Liebel
947560fe37 Fixed OL-MMR make test 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-03-18 11:27:51 +11:00
Matthias Dieter Wallnöfer
5e06110bc1 Reintroduce "s4:provision Improve the handling of provision errors"" 
This mainly reverts commit f0bc02d74c.

Jelmer pointed out a way how we can achieve the same error handling with an
older syntax also on Python 2.4+.
 2010-03-14 10:34:26 +01:00
Matthias Dieter Wallnöfer
f0bc02d74c Revert "s4:provision Improve the handling of provision errors" 
This reverts partially commit 027123199e.

Andrew, this is not Python 2.4+ compatible
 2010-03-13 12:37:45 +01:00
Endi S. Dewata
ade93755d5 s4:provision - Updated FDS schema mapping. 2010-03-11 15:30:25 +11:00
Andrew Bartlett
027123199e s4:provision Improve the handling of provision errors 
The backtraces were too confusing for our users, and didn't tell them
what to do to fix the problem.  By printing the string (rather than a
backtrace), and including in the error what to do, and what file to
remove, we give them a chance.

Andrew Bartlett
 2010-03-11 15:28:53 +11:00
Matthias Dieter Wallnöfer
73e7aa863b s4:provision.reg - call us Windows 2008 from the current version point of view 2010-03-06 18:51:41 +01:00
Endi S. Dewata
c54699faf2 s4:provision - Moved default FDS SASL mappings deletion from post_setup() to init(). 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-03-02 14:07:15 +11:00
Endi S. Dewata
02533c9f1b s4:provision - Use netbios name for FDS instance name. 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-03-02 14:07:01 +11:00
Matthias Dieter Wallnöfer
2caa2a045d s4:provision.zone - fix port of "_ldap._tcp.gc._msdcs" 2010-02-26 21:00:10 +01:00
Andrew Tridgell
336ebeabad s4-provision: added dns_update_list 
This contains the list of DNS names we should have as a DC
 2010-02-26 14:27:39 +11:00
Andrew Tridgell
c796b6c52e s4-provision: fixed port number for gc ldap DNS SRV entry 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-02-26 13:59:17 +11:00
Andrew Tridgell
9a72806dc9 Revert "s4:AD content - adequate some revision levels to match Windows Server 2008" 
This reverts commit 973ea19867.

This change breaks DRS dcpromo.
 2010-02-26 13:22:12 +11:00
Matthias Dieter Wallnöfer
017e401ded s4:AD content - Implement the new password settings container 2010-02-21 21:19:57 +01:00
Matthias Dieter Wallnöfer
973ea19867 s4:AD content - adequate some revision levels to match Windows Server 2008 2010-02-21 21:19:56 +01:00
Matthias Dieter Wallnöfer
e592deeb1a s4:AD content - Add the DFSR objects which exist on Windows Server >= 2008 
Those replace the FRS ones.
 2010-02-21 21:19:56 +01:00
Eduardo Lima
9c46f425a2 s4-drs: enable the recyclebin optional feature 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-02-16 00:12:09 +11:00
Andrew Tridgell
4aaa7fe43b s4-provision: fixed --function-level option to provision 
we need the DS_DOMAIN_* levels imported
 2010-02-12 01:08:11 +11:00
Andrew Tridgell
c986bfb22e s4-provision: pre-create a named.conf.update file 
The named.conf.update file will be filled in at runtime by Samba to 
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.
 2010-02-11 21:04:12 +11:00
Andrew Tridgell
5a72eca574 s4-provision: move zone file to dns subdirectory 
This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-02-11 21:04:11 +11:00
Andrew Bartlett
f299fe565a s4:provision Just 'do the right thing' with empty smb.conf files 
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one.  It is easier to
just realise what he meant.

Andrew Bartlett
 2010-02-10 16:18:21 +11:00
Jelmer Vernooij
0b7910b8bf upgrade_from_s3: Remove unused imports. 2010-01-25 15:18:01 +01:00
Endi S. Dewata
d69d07ce62 s4-provision: Added msDS-NcType into samba4Top object class 
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
 2010-01-23 22:41:28 +01:00
Endi S. Dewata
ce709389e6 s4-provision: Disable populating FDS during instance creation. 
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
 2010-01-23 22:40:51 +01:00
Matthieu Patou
c637c52876 provision: use message and do not display warning if the user choosed delibarately posix:eadb 2010-01-21 07:11:17 +13:00
Matthieu Patou
d4514a6539 provision: introduce use-xattr parameter for defining where to store attributes 
This option allow simple user (non root) to invoke provision without facing an error
  while insuring that ACL on shared files will always be set
 2010-01-21 07:11:17 +13:00
Matthieu Patou
e78626dc2e s4: Set acls correctly on all sysvol and scripts shares 2010-01-21 07:11:15 +13:00
Matthieu Patou
028c9b1c15 s4: regroup gpo modification in one function, set acl on files accordingly with ACL in LDAP 2010-01-21 07:11:14 +13:00
Andrew Tridgell
84b47d3334 s4-provision: added w2k8r2 ldap capabilities 2010-01-16 14:10:44 +11:00
Andrew Tridgell
a9808ae83d s4-provision: added "check-names ignore;" to allow for _msdcs A records 2010-01-16 14:10:44 +11:00
Matthias Dieter Wallnöfer
b1d2bb3e51 s4:provision_users.ldif - Add a comment that some objects under "Users" are now located elsewhere 
This is needed due to the new RID/SID distribution system
 2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
face5d3030 s4:provision_users.ldif - Add objects for IIS 
Some WSPP locations point out that beginning with Windows Server 2008 they're
also per default present.

Compared against Windows Server 2008
 2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
9ac39b659f s4:provision_users.ldif - Add additional BUILTIN objects 
Compared against Windows Server 2008
 2010-01-14 10:58:08 +01:00
Matthias Dieter Wallnöfer
2a05dd6fcc s4:provision_users.ldif - add the restant part of the objects needing for RODC support 
RODC = Read Only Domain Controllers

Compared against Windows Server 2008
 2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
71357053bb s4:provision_users.ldif - Fix up errors on existing entries 
Compared against Windows Server 2008
 2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
81053e9124 s4:provision_users.ldif - Simple reordering 
Sorted according the SID - easier for later enhancements.
 2010-01-14 10:58:07 +01:00
Matthias Dieter Wallnöfer
a0d7f3e344 s4:provision_users.ldif - Remove system objects from the wrong place 
Objects like the "Cryptographic Operators", "Event Log Readers" don't belong
here but into the builtin domain.
 2010-01-14 10:58:06 +01:00
Andrew Tridgell
73422e7dd8 Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode" 
This reverts commit 5c174c68cc.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:08:30 +11:00
Andrew Tridgell
3af84c1cde Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now" 
This reverts commit 61dfd3dc1d.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:07:53 +11:00
Andrew Tridgell
306de3051d Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group" 
This reverts commit 9ee895fcf6.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:06:58 +11:00
Andrew Tridgell
aa4501538a Revert "s4:provision_users.ldif - Add objects for IIS" 
This reverts commit 91e2100287.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.
 2010-01-11 10:05:50 +11:00
Matthias Dieter Wallnöfer
91e2100287 s4:provision_users.ldif - Add objects for IIS 
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
 2010-01-10 22:48:05 +01:00
Matthias Dieter Wallnöfer
e72787f0af s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
9ee895fcf6 s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group 2010-01-10 22:48:04 +01:00
Matthias Dieter Wallnöfer
61dfd3dc1d s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now 
This belongs to the AD IIS stuff where I don't know yet if we should import it.
 2010-01-10 11:07:16 +01:00
Matthias Dieter Wallnöfer
5c174c68cc s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode 
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
 2010-01-10 10:50:46 +01:00
Matthias Dieter Wallnöfer
fca0c4de2a s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs 2010-01-08 18:18:21 +01:00
Andrew Tridgell
ad11deb9bd s4-schema: fixes for W2K8-R2 schema 
The schema from WSPP had a number of typos that prevented it from
working. These changes allow it to work with Samba, and allow w2k8r2
to run DCPROMO against Samba successfully

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:54 +11:00
Andrew Tridgell
ebec49965b s4-schema: added msDS-NcType to schema container 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:53 +11:00
Andrew Tridgell
ce21151d22 s4-schema: fixed attributes of aggregate schema 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 18:24:53 +11:00
Andrew Tridgell
9d296e6776 s4-provision: added W2K8-R2 schema as provided by WSPP 2010-01-08 18:24:52 +11:00
Andrew Tridgell
42f0bdae69 s4-provision: RID 1000 is consumed by the machine account 2010-01-08 13:03:03 +11:00
Andrew Tridgell
b1f97b7e60 s4-dsdb: added an extended operation for allocating a new RID pool 
This will be called by getncchanges when a client asks for a
DRSUAPI_EXOP_FSMO_RID_ALLOC operation

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:02 +11:00
Andrew Tridgell
53d10d139e s4-provision: don't hard wire the creation of the RID Set object 
We now create it automatically in the samldb module when the first
user is created. 

The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:03:00 +11:00
Andrew Tridgell
5eb3b919c5 s4-provision: the DC object itself needs a fixed objectSID 
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:02:58 +11:00
Andrew Tridgell
a1362492ab s4-provision: added an initial RID Set 
We will allocate RIDs from this set

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-01-08 13:02:58 +11:00
Jelmer Vernooij
9e5ef916d4 net: Move 'newuser' to 'net newuser' 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-31 17:33:27 +11:00
Jelmer Vernooij
73594c248f net: Fix tests and documentation of setexpiry. 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-31 17:33:25 +11:00
Jelmer Vernooij
345b25d059 net: Move setexpiry to 'net setexpiry' 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-31 17:33:24 +11:00
Jelmer Vernooij
b531696a5b net: Move 'setpassword' to 'net setpassword'. 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-12-31 17:33:22 +11:00
Jelmer Vernooij
e60a40e287 s4/net: Add domainlevel subcommand. 2009-12-29 16:26:20 +01:00
Jelmer Vernooij
eaf4a9afb2 s4/net: Make pwsettings a net subcommand. 2009-12-29 16:26:19 +01:00
Endi Sukma Dewata
f871de7def s4:provision - Remap conflicting thumbnailPhoto and thumbnailLogo OID's. 2009-12-15 10:04:04 +11:00
Andrew Bartlett
a88f086d96 s4:setup Adjust upgradeprovision blackbox test now we don't have --targetdir 2009-12-01 12:17:56 +11:00
Matthias Dieter Wallnöfer
b973c50836 s4:upgrade_from_s3 - Move it back to "setup" 
Suggested by Jelmer
 2009-11-28 19:25:12 +01:00
Matthias Dieter Wallnöfer
f0686645a9 s4:setup/provision - Rework 
- Revert change in "ask" - was previously correct
- Readd accidentally removed checks for non-null realm and domainname
- On interactive mode perform only one "ask" call per question
- Inform the user about the unset administrator password
 2009-11-28 18:59:33 +01:00
Matthieu Patou
db41a0afc6 s4: fix SD update and password change in upgrade script 
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2009-11-28 09:56:06 +11:00
Matthias Dieter Wallnöfer
6b835b0691 s4:setup/provision - make the interactive mode work again 2009-11-27 13:02:31 +01:00
Matthias Dieter Wallnöfer
fd313282a2 s4:upgrade script - rename it to "upgrade_from_s3" and do some rework 
- Give a better name to the script
- Move it to the location where also "upgradeprovision" resides
- Fix up trailing whitespaces and tabs
 2009-11-27 12:26:11 +01:00
Andrew Bartlett
731f560ecb s4:upgradeprovision add 'exit $failed' to blackbox test 2009-11-27 16:05:05 +11:00
Andrew Bartlett
6f0f82f7ed s4:selftest Add tests for upgradeprovision 2009-11-27 16:05:05 +11:00
Andrew Bartlett
5ea6f79775 s4:provision Don't bother with a template for the LDAP backend startup script. 2009-11-24 11:04:31 +11:00
Andrew Bartlett
625856f2cf s4:provision Move secrets.ldb over to .c file module lists, like sam.ldb 2009-11-24 10:41:45 +11:00
Andrew Bartlett
90d739990a s4:provision Remove 'operational' from secrets.ldb module list 2009-11-24 10:39:09 +11:00
Andrew Bartlett
401ba9c9cf s4:dsdb Move module configuration from each ldb into samba_dsdb.c 
This makes getting the module order correct, the obligation of Samba4
developers, and not system administrators.  In particular, once an ldb
is updated to use only the 'samba_dsdb' module, no further changes to the
ldb should be required when upgrading to later Samba4 versions.

(thanks to metze for the suggestion of samba_dsdb as a long-term
stable name for the module)

Andrew Bartlett
 2009-11-23 14:15:07 +01:00
Andrew Bartlett
e297af00fa s4:provision Simplify the module list 
This makes the member server much more like the DC, the objectGUID
module replaces the repl_meta_data module.

We also generally rework the construction of the list, building a full
list in python, and then transforming it into a string, rather than
playing string concatonation games

Andrew Bartlett
 2009-11-23 14:15:06 +01:00
Matthias Dieter Wallnöfer
5c6c2619fb s4:provision_users.ldif - Descriptions generally begin with a majuscle 2009-11-17 19:46:59 +01:00