IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The backtraces were too confusing for our users, and didn't tell them
what to do to fix the problem. By printing the string (rather than a
backtrace), and including in the error what to do, and what file to
remove, we give them a chance.
Andrew Bartlett
For the testsuite to use DNS like names, we need to write these names
to a file.
Also, to have this run in 'make test' the usual rules about 'no 127.*'
IP addresses in DNS must be skipped, so glue.interface_ips takes two
arguments now
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
On production systems a user for sure strongly disagrees to use local IP
addresses (how should the server be accessible?). Therefore if the user didn't
specify an IP as provision option and in the "/etc/hosts" file we have at
least one not-local IP which resolves to our hostname use this or one of them.
Notice: if a host has more public IP addresses with the same name assigned the
behaviour is non-deterministic (well, okay - by the entries order it is). But
then the user is invited to specify the host IP manually.
This should address bug #5484.
The zone file needs to be writeable by bind to allow for it to flush
its journal on dynamic updates
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
of sysvol files (GPO objects and netlogon folders).
This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
from_sddl function.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
The named.conf.update file will be filled in at runtime by Samba to
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.
This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one. It is easier to
just realise what he meant.
Andrew Bartlett
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
This enables the full schema during the rest of the provision, which
means indexing is enabled (along with index error checking, such as
duplicate SIDs)
We now create it automatically in the samldb module when the first
user is created.
The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The problem here is that as we start to get 'real users' they still
decide to do silly things, like load empty but existing smb.conf
files. Let's give them a better chance to discover what they did
wrong.
Andrew Bartlett
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Both modes weren't possible anymore since 1.) the secrets entry wasn't created,
2.) a lookup in winbindd was done using "lp_workgroup()" rather than
"lp_sam_name()" (since on the mentioned two configurations we use the netbios
name as domainname - and not the workgroup).
