| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Testing against NetAPP showed that clients can object to being told a
larger max xmit fragment size than they negotiated. Choose the
minimum of the server and client values.
Andrew Bartlett
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC
request to another task in Samba4, with the return being handled
asynchronously.
This is useful for forwarding DRS requests to the repl or kcc tasks
|
|
The key DRS calls should only be allowed by administrators or domain
controllers
|
|
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
|
|
Guenther
|
|
a rename may have no attribute changes
|
|
At least on the command line the braces are needed. Strange.
|
|
It's useful seeing the object count without as much detail
|
|
Without this the client will not update its repsFrom highest_usn values
|
|
When the client tells us the highest_usn they have is N, then we want
to send them objects with usn>N, not>=N, as otherwise we end up
sending them the same object (the one with the highest uSN) again and
again.
|
|
uSNChanged>=N is good enough, and offers a possibility of a simple
optimisation where the partition module could look for that expression
and check the partitions sequence number, then avoid searching a
partition that doesn't have any records with a larger uSN.
|
|
We were relying on the uSNChanged>=n search always finding the DN of
the root of the partition, but this now doesn't happen very often as
we are now restricting when we change uSNChanged. This means we need
to always load the replUpToDateVector attribute from the NC root and
use it to populate the cursors in the return.
|
|
We now have dsdb_loadreps() and dsdb_savereps()
|
|
|
|
|
|
|
|
Guenther
|
|
An early return here didn't do any good :-)
|
|
When a DsAddEntry is used to create a nTDSDSA object we need to also
create the SPNs for the NTDS GUID in the servers machine account.
|
|
Right now parentGUID is a normal attribute in s4, but it should be
generated, which means we need to ask for it in a search if we want to
use it.
|
|
|
|
"LogonGetDomainInfo" call
They're needed only at the end.
|
|
This means we now get passwords vampired correctly for s4<->s4
replication.
|
|
Our vampire code sends a zero GUID in the updaterefs calls. Windows
seems to ignore the GUID and use the DN in the naming context instead,
so I have changed our UpdateRefs server implementation to do the same.
With this change we can now vampire from s4<->s4 successfully! Now to
see if all the attributes came across correctly.
|
|
|
|
|
|
thanks to metze for pointing this out
|
|
These two arrays need to be in sync, as they are walked in sync by the
client
|
|
It is easier to understand without the heavy nesting
|
|
DsAddEntry now seems to work for simple tests
|
|
These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow
|
|
This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.
This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.
|
|
Metze pointed out what the windows tool ldp.exe will examine repsTo
attributes on remote DCs, so we do in fact need to use the same format
that windows uses. This patch changes the server side implementation
of UpdateRefs to use the windows format
|
|
metze
|
|
metze
|
|
Vista and upper version use this value to check wether they should ask the DC
to change the msDS-SupportedEncryptionTypes attribute or not.
Declare the different value as a bitmap in Netlogon idl
|
|
|
|
This call is made by DCs to tell us we should notify them of directory
changes
|
|
|
|
|
|
|
|
This check is specified in Windows Server after release 2003.
The parameter "hostname" should match as prefix of the dns hostname given as
parameter in the "workstation" structure.
|
|
the right way
When doing some tests with the NT User Manager for Domains on s4 I noticed that the
handling of the primary group for a user wasn't correct. So I fixed this.
Also some cosmetic changes (tab indent corrections).
|
|
So far it returns the ctr6 responce without proper linked attributes
support and metadata. A couple of improvements are the filter in the search
uses '(uSNChanged>=N)', added extended dn search support, non-replicated attributes
are excluded from the result.
|
|
Guenther
|
|
Guenther
|
|
- Correctly use samdb_search_string to do a 'base' search
(this needs a NULL, not a "" argument for the format string)
- There is no need (and it caused a security hole) to use
talloc_asprintf() with the only argument being the string to
duplicate.
Andrew Bartlett
|
|
This addresses bug #4888 and #6596 in SAMBA 4 Bugzilla
- It implements the call in the complete form as specified in the MSPP/WSPP docs
and on the discussion on the "cifs-protocol" list
- Therefore client informations (OS name, OS version, "servicePrincipalName"...)
are now saved in the AD each time the client invokes the call
|
