Age | Commit message (Collapse) | Author | Files | Lines |
|
This function is used in DRSUpdateRefs() implementation where we
get DSA's objectGUID rather than invocationId
|
|
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
No need to have "signed" counters at those places.
|
|
|
|
w2k8-r2 in dcpromo asks for a delete+add during its initial join.
|
|
|
|
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes.
This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
|
|
Now that the bind opens samdb with the right credentials, we no longer
need the re-open in updaterefs and getncchanges
|
|
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
|
|
|
|
The key DRS calls should only be allowed by administrators or domain
controllers
|
|
We now have dsdb_loadreps() and dsdb_savereps()
|
|
Our vampire code sends a zero GUID in the updaterefs calls. Windows
seems to ignore the GUID and use the DN in the naming context instead,
so I have changed our UpdateRefs server implementation to do the same.
With this change we can now vampire from s4<->s4 successfully! Now to
see if all the attributes came across correctly.
|
|
|
|
These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow
|
|
Metze pointed out what the windows tool ldp.exe will examine repsTo
attributes on remote DCs, so we do in fact need to use the same format
that windows uses. This patch changes the server side implementation
of UpdateRefs to use the windows format
|
|
This call is made by DCs to tell us we should notify them of directory
changes
|