Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously the "no_pass" and "no_pass2" variables weren't handled correctly.
Since at the initialisation of the "CredentialsOptions" we don't have any
password at all. Only afterwards we could get one through "set_password".
If a password is specified, use it. If no password is specified, consider the
use fo an input mask on STDOUT. But if the loadparm context contains one prefer
it over the input.
|
|
this makes it easier to modify the script to set us at R2 level in
provision. We should make this a parameter.
|
|
emacs creates symlinks to .py files while you are editing them. This
could cause build failures.
|
|
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
of sysvol files (GPO objects and netlogon folders).
This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
from_sddl function.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This allow to be able to run net acl set xxx yyy on DC, but also on domain
member.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
running as a non root user
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
The named.conf.update file will be filled in at runtime by Samba to
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.
|
|
This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Our testers put up with a lot of odd things when testing out Samba4.
Andrew Bartlett
|
|
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one. It is easier to
just realise what he meant.
Andrew Bartlett
|
|
This was needed only by Python 2.3 which we no longer support.
|
|
|
|
The command allows the user to transfer a fsmo role to the server to which
the connection is established. Roles can be transferred or seized. By default a
transfer is attempted even if seize option is chosen, as it is dangerous to
seize a role if the current owner is still running.
example use:
net fsmo show --host=hostnameoraddress --username=username --password=password
net fsmo transfer --role=role --host=hostnameoraddress --username=username --password=password
net fsmo seize --role=role --host=hostnameoraddress --username=username --password=password [--force]
Tested against Win2008. Does not work for samba 4 yet as we are missing the GetNCChanges extensions.
|
|
|
|
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
setntacl is able to set NTACL attribute from command line
getntacl now use getopt for parsing command line option and is also able to
dump the acl in the SDDL format.
|
|
This option allow simple user (non root) to invoke provision without facing an error
while insuring that ACL on shared files will always be set
|
|
make unit test emit a visible warning
|
|
|
|
|
|
storing xattr
|
|
|
|
Make unixid optional, if value not supplied next id from id pool will be used.
Create a function to get next id in id pool.
|
|
with ACL in LDAP
|
|
|
|
|
|
|
|
|
|
|
|
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).
Added functionality for two sets of credentials.
|
|
This was preventing a DCPROMO client from allowing outgoing
replication
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
These are missing from the WSPP schemas
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We need a machine account so the RID allocation code can work. It
seems better to use the same code paths for a domain controller and
standalone server to avoid testing headaches with little used code.
|
|
This enables the full schema during the rest of the provision, which
means indexing is enabled (along with index error checking, such as
duplicate SIDs)
|
|
We now create it automatically in the samldb module when the first
user is created.
The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
we need to recognise a changetype of 'add'
|
|
We can't allocate a objectSID until we have rIDSetReferences, but that
is in the DC object, so we have to force the objectSID of the DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Don't override user settings with current settings
|