Age | Commit message (Collapse) | Author | Files | Lines |
|
This can be used to form the partial_attribute_set list for
GetNCChanges
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
a RODC net join can now replicate the schame, config and base
partitions, by calling the net.replicate*() python hooks, and driving
the GetNCChanges calls from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This does the join using python code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
we need to actually return the SID!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
Also format in a pretty way the int64 ranges
|
|
This is used by upgradeprovision to readd this delta just before loading
a merged schema
|
|
fix
|
|
increment_calculated_keyversion
|
|
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The challenge here is to update the existing record if it already
exists, rather than deleting the old record. This ensures that the
secrets.keytab handling code keeps the previous password in the
keytab.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
calculating msds-keyversionnumber
This function change the version field of the unicodePwd in the
replPropertyMetaData so that the version is equal or
superior to the reference value passed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
replPropertyMetaData attribute
This change contains also helpers for attribute id to attribute oid
conversion and from attribute id to attribute name.
It brings also unit tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This control allow to specify the replPropertyMetaData attribute to
be specified on modify request. It can be used for very specific needs
to tweak the content of the replication data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is to allow reuse of this function and also unit tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
domain and domain controllers in tests
metze
|
|
The value of GUID for policy is not random for default policies, it is
described here ("How Core Group Policy Works"):
http://technet.microsoft.com/en-us/library/cc784268%28WS.10%29.aspx
at paragraph System\Policies Container.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
attribute
This does work per default on each AD-compatible DC. "userPassword" support on
Windows however has to be activated explicitly by the "dSHeuristics".
|
|
default
Which is one day.
|
|
This ensures that our DC will use all the available encyption types.
(The KDC reads this entry to determine what the server supports)
Andrew Bartlett
|
|
I think this should mean partially Samba4 specified (all beside the "dns"
account is standard)
|
|
metze
|
|
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.
metze
|
|
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.
The initlal rIDAvailablePool starts at nextRid + 100.
I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
check box).
After provision we should have this (assuming nextRid=1000):
rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100
rIDAvailablePool: 1600-1073741823
Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!
metze
|
|
metze
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Use "...".split(sep, 1) instead of "...".partition(sep).
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
|
|
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
We now support 2000 native mode, and so we just need to warn about mixed mode.
Andrew Bartlett
|
|
We don't support many of the extra features, but that applies across many
other parts of AD. Allow the admin to join a 2008R2 domain if he or she wants.
This also makes it possible to test 2008R2 domain code in 'make test'
Andrew Bartlett
|
|
The SamDB created in the schema code isn't real enough to care if it's an
rodc or not.
|
|
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
|
|
Seems to be a relict from the past.
|
|
|
|
private, to discourage them being called directly.
|
|
|
|
|
|
|
|
|
|
|