Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously the "no_pass" and "no_pass2" variables weren't handled correctly.
Since at the initialisation of the "CredentialsOptions" we don't have any
password at all. Only afterwards we could get one through "set_password".
If a password is specified, use it. If no password is specified, consider the
use fo an input mask on STDOUT. But if the loadparm context contains one prefer
it over the input.
|
|
this makes it easier to modify the script to set us at R2 level in
provision. We should make this a parameter.
|
|
emacs creates symlinks to .py files while you are editing them. This
could cause build failures.
|
|
This allows it to work against our local ldb
|
|
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
of sysvol files (GPO objects and netlogon folders).
This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
from_sddl function.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This allow to be able to run net acl set xxx yyy on DC, but also on domain
member.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
running as a non root user
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
The named.conf.update file will be filled in at runtime by Samba to
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.
|
|
This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Our testers put up with a lot of odd things when testing out Samba4.
Andrew Bartlett
|
|
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one. It is easier to
just realise what he meant.
Andrew Bartlett
|
|
This was needed only by Python 2.3 which we no longer support.
|
|
|
|
The command allows the user to transfer a fsmo role to the server to which
the connection is established. Roles can be transferred or seized. By default a
transfer is attempted even if seize option is chosen, as it is dangerous to
seize a role if the current owner is still running.
example use:
net fsmo show --host=hostnameoraddress --username=username --password=password
net fsmo transfer --role=role --host=hostnameoraddress --username=username --password=password
net fsmo seize --role=role --host=hostnameoraddress --username=username --password=password [--force]
Tested against Win2008. Does not work for samba 4 yet as we are missing the GetNCChanges extensions.
|
|
|
|
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
handle properly the fact that missing object might depend on some other in order to be correctly created
debug change also if we are in debugall mode
|
|
|
|
|
|
This reverts commit 2cedefabc93c8a1fcb49d65a3f78a344e814f826.
|
|
|
|
setntacl is able to set NTACL attribute from command line
getntacl now use getopt for parsing command line option and is also able to
dump the acl in the SDDL format.
|
|
This option allow simple user (non root) to invoke provision without facing an error
while insuring that ACL on shared files will always be set
|
|
make unit test emit a visible warning
|
|
|
|
|
|
storing xattr
|
|
|
|
Make unixid optional, if value not supplied next id from id pool will be used.
Create a function to get next id in id pool.
|
|
with ACL in LDAP
|
|
|
|
|
|
|
|
|
|
This rebuilds a DNS zone file, including all DCs from sam.ldb
|
|
|
|
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).
Added functionality for two sets of credentials.
|
|
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.
The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.
I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
|