summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2009-10-06s4:drs-development Scripts to assist testing of DRS replication with ADAndrew Bartlett6-0/+143
These scripts, originally by tridge, allow developers to easily reproduce the same domain join senerio time after time. They need documentation, and the template named.conf and zone files for hosting an AD domain are not provided. However, I hope to have the provision script provide these shortly. They assume a local 'bind' set up to read PREFIX/private/named.conf (as per the provision instructions). Ensure you edit the 'vars' file to match your local setup. Andrew Bartlett
2009-10-06s4:provision Remove unused parameters from provision scriptsAndrew Bartlett1-6/+4
2009-10-02s4:provision - Cosmetic - right indentationsMatthias Dieter Wallnöfer1-5/+6
2009-10-02s4:dsdb rework instanceType module - put instanceType in provisionAndrew Bartlett1-4/+5
The instanceType needs to be specified in future because that's how the partitions are actually created.
2009-10-02s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OIDAndrew Bartlett1-0/+1
This allows this control to be specified as critical. We support the control because we choose to always be durable in our transactions. We really, really need a 'duplicate request' API, as at the moment we can't do this without a large, error-prone set of code that cannot cope with new request fields or types. Andrew Bartlett
2009-10-02s4:provision Ensure we add the schema with the 'relax' controlAndrew Bartlett1-2/+4
(allows addition of systemOnly classes)
2009-10-02s4: Improve provisioning: use relax controlMatthieu Patou2-18/+22
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
2009-10-02s4:provision - Change the default forest/domain function level back to ↵Matthias Dieter Wallnöfer1-1/+1
Windows 2003 Native
2009-09-30s4:samba.tests.samdb - remove last relicts of the templatesMatthias Dieter Wallnöfer1-4/+2
2009-09-30Revert "python: create a script for reorgnizing an LDB file."Matthias Dieter Wallnöfer1-60/+0
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298. abartlet claims that this patch could lead to data loss (look at technical mailing list)
2009-09-30s4:provision - Lets the user choose between the supported forest/domain ↵Matthias Dieter Wallnöfer1-10/+23
function levels Adds a parameter "--function-level" which allows to specify the domain and forest function level.
2009-09-26samba.tests.provision: Remove broken become_dc test.Jelmer Vernooij1-25/+1
2009-09-24Add init file for DCE/RPC tests.Jelmer Vernooij1-0/+20
2009-09-24PEP8Jelmer Vernooij6-3/+6
2009-09-24Revert "s4:python fixed subunit tests of dcerpc"Jelmer Vernooij6-0/+0
This reverts commit ffd48a79ee34dc90c0f6f16564c3a0de8b53d3d2.
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova1-0/+1
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova2-29/+92
2009-09-21s4:kerberos Fix the salt to match Windows 2008.Andrew Bartlett1-1/+1
The previous commit changed the wrong end - we must fix our server, not our client. Andrew Bartlett
2009-09-21s4:provision Make our default salt match our server behaviourAndrew Bartlett1-1/+1
We need to look into salting algorithms further. Andrew Bartlett
2009-09-21s4:provision - Fix up ProvisioningError class as suggested by JelmerMatthias Dieter Wallnöfer1-5/+5
2009-09-21s4:samdb/tools - That should fix now the last failuresMatthias Dieter Wallnöfer1-2/+2
2009-09-20s4:provision Make us Windows 2008 level by defualt againAndrew Bartlett1-4/+5
Also add a note to clarify that this should not be changed without discussion and consensus. We don't want this bouncing around. Paramater support to allow optional selection of Win2003 mode welcomed. Andrew Bartlett
2009-09-20Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova1-12/+14
2009-09-20s4:provision Use code to store domain join in 'net join' as wellAndrew Bartlett1-23/+80
This ensures we only have one codepath to store the secret, and therefore that we have a single choke point for setting the saltPrincipal, which we were previously skipping. Andrew Bartlett
2009-09-20s4:provision split provision of DNS zone and self join keytabAndrew Bartlett1-4/+10
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova1-5/+44
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-20s4:python tools - try to fix some test problemsMatthias Dieter Wallnöfer1-12/+14
2009-09-20Fixed a difference in domain sid type when SID is provided by user.Nadezhda Ivanova1-1/+4
2009-09-20s4:provision: add the 'resolve_oids' on the top of the module stackStefan Metzmacher1-1/+2
metze
2009-09-19s4:samdb.py - further reworkMatthias Dieter Wallnöfer1-12/+9
- I added a comment to the "new user" operation to point out that this works only on s4, since we add also ID mapping entries for winbind there - The "new user" operation adds now the password through the "set password" operation which I find better due to the re-use principle - Remove the word "DC" after "SAMBA 4" in the comment over the "set password" operation since this note and operation applies also to s4 in standalone mode
2009-09-18s4:samdb.py - Unification of the interfacesMatthias Dieter Wallnöfer2-38/+54
- When a user account is requested by a call always the search filter will be passed as argument. This helps us to unify the API - Add/fix some comments; in particular new comments inform the developer which requirements exist if he wants to use calls which manipulate the "userPassword" attribute (On s4 no problem - but on certain domain levels on Windows Server)
2009-09-18s4:minschema/fullschema - add correct header commentsMatthias Dieter Wallnöfer2-2/+2
2009-09-18python: create a script for reorgnizing an LDB file.Matthieu Patou1-0/+60
This script helps to reclaim waisted place.
2009-09-18s4:provision - Bump down the domain and forest level to Windows 2000Matthias Dieter Wallnöfer1-3/+3
- The DC level we keep on Windows Server 2008 R2 (we should call ourself always the newest server type) - The domain/forest level we set to the minimum (Windows 2000 native) to allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed" mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is set always to 0 - I'll add a script which allows to bump the DC level (basically sets the "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and on the "DC" object)
2009-09-17s4:provision - Some rework (continuation)Matthias Dieter Wallnöfer1-3/+4
- Fix up "servicePrincipalNames" attributes on the DC object - Add some informative comments (most in "provision_self_join.ldif") - Add also comments where objects are missing which we may add later when we support the feature (mainly for FRS) - Add "domain updates" objects also under "CN=Configuration" (they exist twice) - Add the default services under "Services" to allow interoperability with some MS client tools - Smaller changes
2009-09-17s4:provision - Some reworkMatthias Dieter Wallnöfer1-3/+4
- Add/change "wellKnownObjects" attributes - Order entries in "provision_basedn_modify.ldif" - Add/change "delete entries" object under BASEDN and CONFIGDN - Fix default version number of "Default domain policy" group policy - Add "domain updates" objects for interoperability with MS AD maintaining tools - Show version number in the "oEMInformation" attribute (suggested by ekacnet) - Smaller fixups
2009-09-17s4/domain behaviour flags: Fix them up in various locationsMatthias Dieter Wallnöfer1-5/+6
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
2009-09-17s4/python: flagsMatthias Dieter Wallnöfer2-9/+83
- Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags - Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
2009-09-16Owner and group defaulting.Nadezhda Ivanova1-0/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-14s4:provision Prevent some invalid combinations of realm and domainAndrew Bartlett1-0/+9
We don't do well (even just trying to create duplicate servicePrincipalName values) with some of these combinations, so kill it off early before the administrator thinks it's going to work. Andrew Bartlett
2009-09-14s4: Script to build or rebuild extend DN attributesMatthieu Patou1-0/+141
This script can be used to upgrade a provision that didn't integrate extended dn. It can also be used to add missing extended DN that weren't created during provision.
2009-09-12s4:group policies - upcase directory names of default group policiesMatthias Dieter Wallnöfer1-4/+8
The directory names (MACHINE, USER) are upcased to help locating the default group policies under the SYSVOL dir (the additional ones have only the first letter upcased of those directory names).
2009-09-12s4-scripts: allow setup_dns.sh to take a PRIVATEDIRAndrew Tridgell1-1/+3
2009-09-11s4:group policies - add the domain controller group policyMatthias Dieter Wallnöfer1-8/+28
This patches fixes the last difference between s4 and Windows Server regarding group policy objects: we hadn't the domain controller policy. - Adds the domain controller policy as it is found in the "original" AD - Adds also the right version number in the GPT.INI file for the domain group policy (was missing)
2009-09-11s4-provision: use DNS name, not domain nameAndrew Tridgell1-0/+1
The SPNs end in the DNS domain name
2009-09-11s4/provision: add the nTDSDSA GUID based DNS entries and SPNsAndrew Tridgell1-9/+19
The DNS entries and SPNs are needed for samba<->samba DRS replication. This patch adds them for a standalone DC configure. A separate patch will add them for the vampire configure
2009-09-10Revert "s4: Let the "setpassword" script finally use the ↵Matthias Dieter Wallnöfer2-70/+9
"samdb_set_password" routine" This reverts commit fdd62e9699b181a140292689fcd88a559bc26211. abartlet and I agreed that this isn't the right way to enforce the password policies. Sooner or later we've to control them anyway on the directory level.
2009-09-10s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAPAndrew Bartlett1-31/+30
We need to be more careful to do the cleanup functions for the right backend. In future, these perhaps should be provided by the ProvisionBackend class. Andrew Bartlett
2009-09-10s4: kludge_acl needs to be above repl_meta_dataAndrew Tridgell1-2/+2
We have to bypass kludge_acl in replication as otherwise we aren't allowed access to the password entries
2009-09-10s4/provision: another fix for breakage from b1dabb1133Andrew Tridgell1-6/+8