| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
At present the command supports only addition of control access rigts, done
so DRS access checks can be tested. It will be expanded to deal with most
ways to modify and view a DS ACL.
Shifted commands a bit. What used to be net acl is now "net acl nt" as apposed
to this, which is "net acl ds"
./bin/net acl ds set --help
Usage: set --objectdn=objectdn --car=control right --action=[deny|allow] --trusteedn=trustee-dn
Options:
-h, --help show this help message and exit
--host=HOST LDB URL for database or target server
--car=CAR The access control right to allow or deny
--action=ACTION Deny or allow access
--objectdn=OBJECTDN DN of the object whose SD to modify
--trusteedn=TRUSTEEDN
DN of the entity that gets access
Samba Common Options:
-s FILE, --configfile=FILE
Configuration file
Credentials Options:
--simple-bind-dn=DN
DN to use for a simple bind
--password=PASSWORD
Password
-U USERNAME, --username=USERNAME
Username
-W WORKGROUP, --workgroup=WORKGROUP
Workgroup
-N, --no-pass Don't ask for a password
-k KERBEROS, --kerberos=KERBEROS
Use Kerberos
|
|
This choses an appropriate talloc context to attach the schema too,
long enough lived to ensure it does not go away before the operation
compleates.
Andrew Bartlett
|
|
|
|
The backtraces were too confusing for our users, and didn't tell them
what to do to fix the problem. By printing the string (rather than a
backtrace), and including in the error what to do, and what file to
remove, we give them a chance.
Andrew Bartlett
|
|
For the testsuite to use DNS like names, we need to write these names
to a file.
Also, to have this run in 'make test' the usual rules about 'no 127.*'
IP addresses in DNS must be skipped, so glue.interface_ips takes two
arguments now
|
|
|
|
This library is not installed on enough systems for us to rely
on it being available. We use the system copy if possible, and
fallback to this local copy
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
For python libraries like dns.resolver it is useful to be able to install
a copy of the library with Samba. This set of functions allows us to do that
while using the locally installed version if it is available
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
host IPv4 address
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
|
|
init().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
implementation.
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
rmall.
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
metze
|
|
metze
|
|
rndc command is now a list
|
|
We need the list when joining a windows domain, so we can
automatically maintain the right DNS entries on the Windows DNS server
|
|
This file is substituted at runtime by samba_dnsupdate
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We don't generally want loopback addresses in the python code
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This allows a python script to query the internal network interface
lists from Samba
|
|
On production systems a user for sure strongly disagrees to use local IP
addresses (how should the server be accessible?). Therefore if the user didn't
specify an IP as provision option and in the "/etc/hosts" file we have at
least one not-local IP which resolves to our hostname use this or one of them.
Notice: if a host has more public IP addresses with the same name assigned the
behaviour is non-deterministic (well, okay - by the entries order it is). But
then the user is invited to specify the host IP manually.
This should address bug #5484.
|
|
This prevents bind from getting confused if it has a journal for the
zone.
|
|
The zone file needs to be writeable by bind to allow for it to flush
its journal on dynamic updates
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Returns both uSNHighest and uSNUrgent as a dict object in Python
from a given partition dn.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Previously the "no_pass" and "no_pass2" variables weren't handled correctly.
Since at the initialisation of the "CredentialsOptions" we don't have any
password at all. Only afterwards we could get one through "set_password".
If a password is specified, use it. If no password is specified, consider the
use fo an input mask on STDOUT. But if the loadparm context contains one prefer
it over the input.
|
|
this makes it easier to modify the script to set us at R2 level in
provision. We should make this a parameter.
|
|
emacs creates symlinks to .py files while you are editing them. This
could cause build failures.
|
|
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
of sysvol files (GPO objects and netlogon folders).
This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
from_sddl function.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This allow to be able to run net acl set xxx yyy on DC, but also on domain
member.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
