1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

71 Commits

Author SHA1 Message Date
Andrew Bartlett
f4ff81f579 dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
This is the final part of the fix for the issue in Samba 4.1
pre-release tree where we would wrongly delete the Deleted Objects
container during a join.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104
2013-09-24 09:31:37 +02:00
Andrew Bartlett
bcd535e95c dbcheck: Ensure to always increase the error_count
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-24 07:44:29 +02:00
Nadezhda Ivanova
5805b7abc8 s4-openldap: Added an -H option to delegation script
Also calling delegation locally without credentials, as this is not really
necessary and causes selftest errors against the openldap backend.

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23 18:40:25 -07:00
Andrew Bartlett
8d8872ae0a python-samba-tool fsmo: Do not give an error on a successful role transfer
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9461

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 23 12:00:24 CEST 2013 on sn-devel-104
2013-09-23 12:00:24 +02:00
Andrew Bartlett
9e1dde15f9 dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 14:39:50 -07:00
Andrew Bartlett
a623359fb8 python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:25:41 -07:00
Howard Chu
31ca4fc674 OpenLDAP provisioning tweaks
Remove BerkeleyDB-specific setup.
Streamline cn=samba partition initialization - allow any backend type for it.
Use back-mdb instead of back-ldif for cn=samba partition

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18 21:39:51 +02:00
Howard Chu
743d4a474e Use SASL/EXTERNAL over ldapi://
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18 19:47:55 +02:00
Howard Chu
ff88694027 Give slapd a second to startup
Moving the sleep to the beginning of the loop avoids most
occurrences of the "connection failed" message

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
2013-09-18 07:43:09 +02:00
Howard Chu
dcbd4ede2f Fix OpenLDAP partition configs
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17 05:56:56 +02:00
Andrew Bartlett
4dacaef2ea dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-17 01:41:41 +02:00
Andrew Bartlett
68f7cd1724 samba-tool domain provision: Make ldap_backend_startup.sh +x and take optional arguments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16 14:43:44 -07:00
Andrew Bartlett
ef830f7e71 samba-tool domain join: Set server role correctly to "active directory domain controller"
We changed the magic string when we reworked the list of server roles.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
2013-09-16 23:33:40 +02:00
Andrew Bartlett
1d92d5b19b samba-tool domian join: Only print adminpass warning on subdomain creation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:12 +02:00
Andrew Bartlett
84dc9f8cc1 samba-tool domain join: Add --quite and --verbose
This means we now use logger consistently between doimin join, domain dcpromo
and domain provision.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:04 +02:00
Andrew Bartlett
650eca0e06 join.py: Restore support for joining as a subdomain
This set of patches fixes up the errors that were introduced into the partial support
during the past couple of years.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:45 +02:00
Andrew Bartlett
3af4f0377e join.py: Handle more error cases with useful exceptions
This will help track down strange failures in the future.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:28 +02:00
Andrew Bartlett
a5e4c4520a samba-tool domain join subdomain: Set "reveal_internals:0" control so we can see the ncName
The issue here is that we create the ncName remotely with DsAddEntry,
and then replicate it back.  However, at this point the naming context
pointed at by the ncName does not exist!  The issue is that the
extended_dn_out module then hides the link, because it points to a
missing object.  The reveal_internals control forces this link to be
returned, and so we can then find the GUID, to create the domain with
the right GUID.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:18 +02:00
Andrew Bartlett
bbeca62ccf join.py: Show which database we failed to find the DN on (clarify local v remote)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:30 +02:00
Andrew Bartlett
ccb1beb9a3 join.py: Handle exceptions when looking for GUID in a DN
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:21 +02:00
Andrew Bartlett
b106d9090e scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-09-04 07:06:05 +02:00
Stefan Metzmacher
3430448fc0 python/provision: remove unused linklocal=False argument from interface_ips_v6()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104
2013-08-30 17:33:58 +02:00
Stefan Metzmacher
0e6aca4041 python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
2013-08-30 15:35:18 +02:00
Andrew Bartlett
7615b2549d samba-tool dbcheck: Correctly remove deleted DNs in dbcheck
The previous pattern never matched, as it was a typo.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 30 12:55:00 CEST 2013 on sn-devel-104
2013-07-30 12:55:00 +02:00
Andrew Bartlett
eec29db7c2 python samba-tool drs: Correctly print KCC references to deleted servers
Tested against Windows 2008R2, presumably before the KCC ran.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-12 10:02:07 +02:00
Andrew Bartlett
c0cbf5936f Remove remaining references to "password level" in the tree
Reviewed-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104
2013-06-11 16:25:54 +02:00
Kai Blin
8b24c43b38 dns: Delete dnsNode objects when they are empty
If an update leaves the dnsNode without any entries, the dnsNode object
should be deleted. Thanks to Günter Kukkukk for his excellent debugging
work on this one.

This should fix bug #9559

Signed-off-by: Kai Blin <kai@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-01 18:48:11 +10:00
Amitay Isaacs
05578dcdbf samba-tool/dns: Set secure zone update flag after creating new zone
Windows DC ignores the secure update flag while creating new zone.  Windows
performs another operation to set the secure update flag.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30 10:44:13 +10:00
Amitay Isaacs
c22eb103d8 samba-tool/dns: Pass on additional flags when creating zones
Windows DCs require additional flags to be set when creating zones.

This fixes bug #9599.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30 10:44:11 +10:00
Amitay Isaacs
612fbc18c3 s4-dns: Support update of SOA records
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30 10:44:08 +10:00
Amitay Isaacs
5a633dd6bb s4-dns: Print/Set minimumTTL value in SOA record
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 28 08:47:56 CEST 2013 on sn-devel-104
2013-05-28 08:47:56 +02:00
Andrew Bartlett
3482060271 python-samba-tool domain classicupgrade: Use transactions when adding users/groups/members
This should make things a bit faster when importing very large numbers of users
as we will not constantly rewrite the indicies on disk.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
ef895fe9e4 samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than the literal value
This is better practice.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
9c5756c077 python-samba-tool domain classicupgrade: Correct message about re-promoting BDCs
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
2c047198ca python-samba-tool domain classicupgrade: Actually Skip domain trust accounts
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:01 +02:00
Andrew Bartlett
2e1f14355c python-samba-tool domain classicupgrade: Skip machine accounts that do not end in $
These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:01 +02:00
Kai Blin
46e98cf20b dns: Fix allocation of txt_record in txt record tests
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 16 15:39:15 CEST 2013 on sn-devel-104
2013-05-16 15:39:14 +02:00
Kai Blin
223cf7fb30 dns: more debug debug options in the tests
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:42 +10:00
Kai Blin
4364a3faf6 dns: Add support for MX queries
Due to an oversight, the internal DNS server supports MX record updates,
but not MX record queries. Add support for MX queries and tests.

This should fix bug #9485

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:35 +10:00
Karolin Seeger
948ef97f08 samba_tool/base.py: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Karolin Seeger
86a58b01e0 netcmd/group.py: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Matthieu Patou
fbb12b574d samba-tool/tests: Force the gecos of the user to a fixed value.
When --gecos is not specified samba-tool user add will try to read the
gecos field from a getpw call. And if user's GECOS is empty (like the
build user on sn-devel-104) then the test will fail because we can't add
an empty gecos.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 15 16:19:23 CEST 2013 on sn-devel-104
2013-05-15 16:19:23 +02:00
Matthieu Patou
fffbdf01fa selftest: Output error when samba_tool user command fails
It should help to debug why is it failing on some hosts in the build
farm (ie. sn-devel)
Signed-off-by: Matthieu Patou <mat@matws.net>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-06 21:05:29 +12:00
Amitay Isaacs
8543a7b9b3 samba-tool/dns: Fix a typo in ttl variable name
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-19 12:30:17 -07:00
David Disseldorp
bb7c6a0bd0 netcmd/dns: fix typo
Fix provided by Tobias Florek.

Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 18 12:40:33 CEST 2013 on sn-devel-104
2013-04-18 12:40:33 +02:00
Rusty Russell
1cf46d2e35 source4/scripting/python/samba/samba3: handle ntdb files.
Upgrading old Samba 3 instances seems like a place where we don't have
to read ntdb files, but Andrew Bartlett points out that you can run a
Samba 4.0 and even a 4.1 'classic' domain and desire to migrate that
to the AD DC.

So make this upgrade code generic: if it finds an ntdb file, read
that, otherwise read the tdb file.

Cc: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-12 14:59:16 -07:00
Andrew Bartlett
f7756137e8 scripting-provision: Do not enforce domain != realm if we are joining an existing domain
This will allow us users to join existing oddly named domains without
objection from provision.

Andrew Bartlett

Reviewed-by: Matthieu Patou <mat@matws.net>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
2013-04-11 10:41:02 +02:00
Andrew Bartlett
e7e37b3b90 python-samba-tool domain classicupgrade: Make failure to connect directly to the LDAP backend fatal
This is better than failing just a little further down the stack with a useless error
about use-before-set.

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
2013-04-10 00:13:45 +02:00
Andrew Bartlett
30adf0cdba scripting: Fill the ProvisionNames hash with strings, not ldb.MessageElement or Dn
This avoids the need to fix it up again in samba_upgradedns.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
2013-03-25 13:25:30 +01:00
Andrew Bartlett
5d42260eec samba-tool ldapcmp: Remove the GUID -> name mappings
These mappings are very convenient, however because they are not
one-to-one, they lead to differences being reported when none exist,
dependent only on the order the schema searches return results in.

Sadly the time saved by the names is offset by the time wasted chasing
the 'differences' that don't exist.

This in turn fixes some tests that were previously knownfail

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:35:04 +01:00