sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-05 04:59:08 +03:00
Code Activity
64,623 Commits 62 Branches 1,161 Tags
f97c90c9cd124314b4a0862e702dd021bd2df9a0
Commit Graph

358 Commits

Author SHA1 Message Date
Matthieu Patou
f16007430a s4 provision: use correct GUID for default policies 
The value of GUID for policy is not random for default policies, it is
described here ("How Core Group Policy Works"):
http://technet.microsoft.com/en-us/library/cc784268%28WS.10%29.aspx
at paragraph System\Policies Container.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-07-10 11:18:18 +02:00
Andrew Bartlett
94637e5fe4 s4:provision Add an msDS-SupportedEncryptionTypes entry to our DC 
This ensures that our DC will use all the available encyption types.

(The KDC reads this entry to determine what the server supports)

Andrew Bartlett
 2010-06-29 16:59:22 +10:00
Matthias Dieter Wallnöfer
c7b52b233e s4:provision.py - fix comment regarding DNS entries 
I think this should mean partially Samba4 specified (all beside the "dns"
account is standard)
 2010-06-26 11:11:46 +02:00
Stefan Metzmacher
6ab234cec9 s4:provision: move Samba4 specific DNS stuff to its own file 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
c6b21931c6 s4:provision: add --next-rid option 
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.

metze
 2010-06-26 09:50:55 +02:00
Stefan Metzmacher
712a149802 s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' 
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.

The initlal rIDAvailablePool starts at nextRid + 100.

I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
 check box).

After provision we should have this (assuming nextRid=1000):

rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100

rIDAvailablePool: 1600-1073741823

Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!

metze
 2010-06-26 09:50:54 +02:00
Stefan Metzmacher
89f94a43d8 s4:provision: pass relax control also to modify_ldif 
metze
 2010-06-26 09:50:54 +02:00
Andrew Bartlett
d0f52ddac2 s4:provision Raise default max functional level to 2008R2 
We don't support many of the extra features, but that applies across many
other parts of AD.  Allow the admin to join a 2008R2 domain if he or she wants.

This also makes it possible to test 2008R2 domain code in 'make test'

Andrew Bartlett
 2010-06-23 20:10:06 +10:00
Andrew Bartlett
b26125b7d3 s4:provision Remove am_rodc from Schema 
The SamDB created in the schema code isn't real enough to care if it's an
rodc or not.
 2010-06-23 20:10:05 +10:00
Andrew Bartlett
c4482bf53e libds:common Remove DS_DC_* domain functionality flags 
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other.  Just make them one set.

Andrew Bartlett
 2010-06-23 20:10:03 +10:00
Jelmer Vernooij
0714e23971 provision: Look for Samba prefix a bit harder. 2010-06-20 17:46:39 +02:00
Jelmer Vernooij
5f3d5a3ad8 provision: Properly cancel transactions on the secrets ldb. 2010-06-20 14:24:54 +02:00
Jelmer Vernooij
3795358aca Use standard Python syntax, booleans and set()'s where appropriate. 2010-06-20 12:06:50 +02:00
Jelmer Vernooij
94e06fe203 Some more formatting fixes, move schema related functions from Ldb to Schema. 2010-06-20 02:46:57 +02:00
Jelmer Vernooij
afad634207 Formatting cleanups; use True/False for booleans, unnecessary backslashes, spacing. 2010-06-20 01:57:11 +02:00
Matthieu Patou
9c808c47fc s4: Add comments about setup_secrets 
Comments are to inform people that this function should not handle
transaction within the function as it is mainly used in provision and
that we want to commit secrets only if all the action on secrets have
worked.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
e2df3c2510 s4 provision: Add information about provisioned usn range in sam.ldb 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Stefan Metzmacher
cadca1f6ba s4:provision: don't use hardcoded 'Default-First-Site-Name' 
metze

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-19 21:32:43 +02:00
Jelmer Vernooij
f36a9afc2f s4-python: Use sys.prefix rather than guessing prefix from current 
file path.
 2010-06-19 13:41:48 +02:00
Matthias Dieter Wallnöfer
5779c21e41 s4:provision.py - we do now support the "Windows 2000 Native" domain function level 2010-06-16 15:34:41 +02:00
Jelmer Vernooij
8c88c9c500 Attempt to fix SamDB test infrastructure (not used in Samba anywhere, only in OpenChange). 2010-06-15 17:21:39 +02:00
Andrew Kroeger
352fb5c7e4 s4:provision: Make gc._msdcs DNS entries A/AAAA records 
When adding an additional DC as a GC server, the new DC attempts to register its
own gc._msdcs records.  If the existing gc._msdcs record is a CNAME, BIND fails
the update with the message "attempt to add non-CNAME alongside CNAME ignored",
and the new DC is not registered as a GC server.

The A & AAAA record types for gc._msdcs have been verified against the DNS
server of a W2K8 DC.
 2010-06-14 12:14:46 +02:00
Jelmer Vernooij
7b7213f1ee s4-provision: Use logger in provision backends. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
956a256faa s4-python: Start using standard python logging infrastructure rather 
than simple messaging callbacks.
 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
c446fbc3bf s4-python: Fix formatting. 2010-06-11 01:47:55 +02:00
Matthias Dieter Wallnöfer
b8ea2e0757 s4:provision - fix typo in substitution variable 2010-06-06 20:42:19 +02:00
Anatoliy Atanasov
d040658e1a s4-rodc: Set am_rodc flag during provision 2010-05-17 13:30:27 +03:00
Matthias Dieter Wallnöfer
38e9a7f577 s4:domain functional level - it is also specified in the domain object under partitions 
Discovered by the "ldapcmp" tool
 2010-05-13 15:14:06 +02:00
Anatoliy Atanasov
7200c25646 Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in provision" 
This reverts commit c3cbb846d0.
The fix is not correct, we should cache a bool to answer amIRODC
 2010-05-11 12:54:18 +03:00
Anatoliy Atanasov
c3cbb846d0 s4-rodc: Fix provision warnings by creating ntds objectGUID in provision 2010-05-10 17:24:02 +03:00
Kamen Mazdrashki
5bf12e101a Revert "s4/dsdb: Set schemaInfo attribute value during provisioning" 
This reverts commit 8149094edd.

Windows implementation does not set schemaInfo attribute value
until first Schema update request.
This way, newly provisioned forest returns no schemaInfo value.

I think it won't be bad for us to have this value preset, but
I want to mimic Win AD behavior as close as possible.
 2010-04-29 04:54:05 +03:00
Andrew Tridgell
ef13264125 s4-provision: setup spn_update_list in provision 2010-04-27 19:27:19 +10:00
Andrew Bartlett
ea5cf7ce05 s4:provision Pass in the invoication ID and NTDS Settings DN to Schema() 
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.

Andrew Bartlett
 2010-04-20 12:11:18 +10:00
Nadezhda Ivanova
83312a9e50 Fixed a problem with provision missing the default_dir/etc directory. 2010-04-12 16:06:06 +03:00
Kamen Mazdrashki
8149094edd s4/dsdb: Set schemaInfo attribute value during provisioning 
After provisioning new Forest, schemaInfo should be set
to a value with revision=1 and current invocation_id
 2010-04-09 12:21:34 +03:00
Jelmer Vernooij
dd4ef4e106 s4-python: More cleanups. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
cc6e2b8a81 s4-python: Fix formatting, import of FLG_NOSYNC. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
d7a46ee129 s4-python: Simplify code, improve formatting. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
feeedf49cf s4-provision: Proper handling of exceptions, use SamDB class but skip global schema. 2010-04-07 17:39:59 +02:00
Jelmer Vernooij
21ab06f8a2 s4-python: Move samdb_ntds_objectGUID to pydsdb. 2010-04-07 17:39:59 +02:00
Matthias Dieter Wallnöfer
fa4d91e1e0 s4:provision - add a comment which explains why "paths.dns_keytab" is stored without path reference 2010-04-07 15:05:18 +02:00
Jelmer Vernooij
449bdf3543 s4-python: Move set_session_info to PySambaLdb. 2010-04-06 13:12:43 +02:00
Jelmer Vernooij
ccd954f2a7 s4-python: Avoid importing glue directly. 2010-04-04 00:30:34 +02:00
Jelmer Vernooij
31a517e172 s4-python: Move dsdb constants to a separate python module. 2010-04-04 00:14:23 +02:00
Jelmer Vernooij
ba74823c8f upgradeprovision: Fix formatting, syntax error. 2010-03-28 22:58:36 +02:00
Matthieu Patou
ec48d3693d provision: make gpo related function more reusable for upgradeprovision 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-03-28 22:54:08 +02:00
Jelmer Vernooij
66375cfba2 provision: Remove unnecessary whitespace. 2010-03-28 22:42:31 +02:00
Andrew Tridgell
83aaf4829e s4-provision: FreeBSD uses 'staff' for users 2010-03-24 07:11:38 +01:00
Andrew Tridgell
de2b841935 s4-provision: solaris uses the group "other" 2010-03-24 07:11:38 +01:00
Matthias Dieter Wallnöfer
31b0417f7d s4:provision.py - small output improvement 2010-03-12 21:04:22 +01:00