Age | Commit message (Collapse) | Author | Files | Lines |
|
This script checks a list of DNS names that we should have, and does
dynamic DNS updates using our machine account credentials to add any
missing DNS entries.
This allows us to correctly add all the DNS entries we need when we
join an existing domain as a DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The merge from metze of my dns tree means we now depend on this. This
is a placeholder until Andrew and I have finished the full script.
|
|
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
|
|
This allows it to work against our local ldb
|
|
|
|
handle properly the fact that missing object might depend on some other in order to be correctly created
debug change also if we are in debugall mode
|
|
|
|
|
|
This reverts commit 2cedefabc93c8a1fcb49d65a3f78a344e814f826.
|
|
|
|
|
|
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.
The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.
I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
|
|
Make them break at line 80 (better readability).
|
|
now we have nTDSConnections structures we can get more than 1 reply
|
|
This can be used to enable the recyclebin on a windows box. Once we
properly implement this feature in samba we will use this to enable
the feature on ourselves as well.
|
|
|
|
|
|
name attribute
Renaming not only helps when name attribute is not here
it also helps when the case is not the good one. So
in order to avoid problem and have as much as possible similar provision
we should use the rename whenever a name difference appear.
|
|
|
|
adapted -s smb.conf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
with the same domain level
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Suggested by Jelmer
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The quiet parameter was interpreted in the reverse manner.
|
|
- Give a better name to the script
- Move it to the location where also "upgradeprovision" resides
- Fix up trailing whitespaces and tabs
|
|
This balances the transaction_begin() and transactin_prepare_commit() calls
Andrew Bartlett
|
|
|
|
The rework corrects some duplication and errors in the original
script, found when preparing an automated test of the script.
The code to reset the machine account password avoids issues with AES
keys and salting, which may not otherwise be solved by the upgrade.
Andrew Bartlett
|
|
* Define a simple upgrade process mode (module storage change, file name change, copy of new file)
* Move the schema, configuration and current object upgrade into full upgrade mode
* Added the --full switch to select the full upgrade mode, and made simple upgrade mode the default
* Make updateprovision works without any switch (update the provision in the default location)
* Cleanup the messages
* Create the reference provision in a subdirectory of the updated provision
|
|
|
|
- define which modules we want to use when loading the ldb
- move partition in sam.ldb.d dir
Changes have been suggested by Andrew Bartlett.
(commit message clarified by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
- remove some useless comments
- remove hardcoded paths
(commit message clarified by Andrew Bartlett)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
since the initial provision
|
|
I think this is a better location for this script. Since the subdirectory
"script" of "source4" contains only scripts for "make install" and "make
uninstall".
|
|
|
|
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298.
abartlet claims that this patch could lead to data loss (look at technical
mailing list)
|
|
|
|
This script helps to reclaim waisted place.
|
|
This script can be used to upgrade a provision that didn't integrate extended dn.
It can also be used to add missing extended DN that weren't created during provision.
|
|
|
|
|
|
this is needed for the _msdcs zone
|
|
This is a perl script that does TSIG-GSS DNS updates against a AD
DC. The bind 9.5 nsupdate still doesn't seem to work with TSIG-GSS,
and we need a way to do DNS updates when we vampire a domain, so I
revived this ancient perl script and added a wrapper script that can
update DNS entries using our machine account credentials
|
|
|
|
|
|
|
|
This script walks the schema, configuration and domain partitions of the locally
installed Ldb and a remote hosts and compares the descriptors disregarding the
difference in domain SID. The goal is to make sure a freshly provisioned Samba
has the correct descriptors so ACLs work correctly. It outputs the descriptors
in short SDDL, where the correct SIDs are to be replaced during provisioning.
Optionally it can be output as an LDIF file with the current local domain and
domain SIDs.
|