| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This avoids asking for attributes that will not be used, and looks only for the
expected exceptions, rather than all exceptions.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is the default...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 06:06:03 CEST 2013 on sn-devel-104
|
|
or Dn
This avoids the need to fix it up again in samba_upgradedns.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
|
|
This helps avoid a dependency loop when we use get_diff_sds in dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.
Andrew Bartlett
|
|
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
objects
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow us to call this from dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
SD propogation is handled by an LDB module, we do not need to touch each
and every DN to make it happen.
Now that we do not need to put this via a hash, the dnToRecalculate
list is changed to be a list of Dn objects, not strings so that:
if dn in listWellknown
is handled using a schema comparison (avoiding different case forms
tripping it up).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
We only need a boolean indication, not the actual values.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This is a potentially destructive routine, and should not be run by default.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
I am unclear on why this was added, but the idea that we ever always reset data
in the directory is not reasonable to me, so I am removing it.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
lastProvisionUSNs is never None, instead the code requries the administrator to populate this
attribute in the directory.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
These are incredibly rare, and administrators running such databases
not only ask the Samba Team for help personally, they can read --help.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This has been superceded by a check for link-local
addresses in get_interfaces()
Signed-Off-By: Landon Fuller <landonf@bikemonkey.org>
Reviewed-By: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 08:38:54 CET 2013 on sn-devel-104
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
|
|
This is really important, because copying a file will both ignore
locks held by another process and break any locks we hold (due to
POSIX brain-damage regarding multiple fds on one file in a process).
By leaving this to tdbbackup in a child, both of these issues are avoided.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 19 07:48:18 CET 2013 on sn-devel-104
|
|
since 2009)
This update was only a total oblitoration of the existing database
and not a merge, and the shutil.copy would both disregard and break
locks on the database that are held at this point.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
|
|
This will allow samba_upgradeprovision to also call it.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
|
|
samba-tool ntacl sysvolreset handles this better, and makes this tool
much less confusing internally.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 19 06:06:41 CET 2013 on sn-devel-104
|
|
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend
and fix errors in the ForestDnsZone and DomainDnsZone partitions.
Note: this should work fine also for SAMBA_INTERNAL.
If the current setup doesn't use dns specific partitions (e.g. alpha13 setups)
we pass dns_backend=BIND9_FLATFILE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
#9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
objects
Without this schema_data_modify() will reject updates to schema objects
by default.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
'nTSecurityDescriptor'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
them
This allows the script to be used to create/remove the samba-specific dns-SERVER account
when we do not need to create the in-directory partition.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
|
|
Let nslookup use krb5.conf, which is set in our KRB5_CONFIG.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The sd_flags:1:15 control together with an empty security_descriptor
has the same effect as the recalculate_sd:0 control (which is samba only).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
The issue here is that if we set S-1-5-32-544 (administrators) to a
GID only, then users cannot force a mandetory profile to be owned by
administrators (which is a requirement).
There is no particularly useful reason for us to enforce this matching
a system group.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
* Trailing whitespace
* use of "==" where "is" should be used
* double spaces
|
|
This avoids unlocked writes to the dns_hosts_file, and may fix some of our
issues on the build farm where large numbers of tests fail due to failed name resolution.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 05:48:25 CEST 2012 on sn-devel-104
|
|
consistent
This may be the cause of some of the large failure modes on the build farm.
Andrew Bartlett
|
|
Override the SIGINT handler in a few select cases only, rather than
doing so in one of the samba Python modules. I've done this where it
matters most; we can add this code to other scripts too if necessary.
This means that importing the 'samba' module from a third party
application does not have side-effects on the state of the signal
handlers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9068
|
|
server
metze
|
|
|
|
metze
|
|
Some subcommands may use sys.exit(0), which shouldn't be reported
as an error to the caller.
metze
|
|
We need to check if we have hasMasterNCs. If we are RODC we have
hasFullReplicaNCs instead of hasMasterNCs.
TODO: maybe check for hasFullReplicaNCs, too?
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The internal DNS server does not need the samba-only NAME-dns
account.
Andrew Bartlett
|
|
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
This replaces "bin/python" with the correct path for python libraries. The
pattern requires double quotes (") instead of single quotes (').
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue May 15 05:19:46 CEST 2012 on sn-devel-104
|
|
This fixes the issue of ldb 'Operations Error' when trying to modify
hasPartialReplicaNCs attribute.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue May 1 05:28:04 CEST 2012 on sn-devel-104
|
|
mastering the NC
For RW DC the impact is pretty small but for RODC the whole SPN set is
rejected by the target DC as RODC hasn't the right to register DNS SPN
if it is not mastering this NC.
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Apr 2 10:56:10 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Mar 28 10:27:40 CEST 2012 on sn-devel-104
|
|
Make it AD-compatible using "(distinguishedName=...)".
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
