summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2012-06-24s4-classicupgrade: Allow DNS backend to be specifiedAndrew Bartlett2-6/+12
2012-06-21samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij2-6/+8
2012-06-21s4-provision: Give better clues on what Samba needs for s3fs ACL supportAndrew Bartlett1-1/+7
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 21 14:07:55 CEST 2012 on sn-devel-104
2012-06-21samba-tool: gpo: Fix creation of filesystem ACL from directory ACLAmitay Isaacs1-2/+8
Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Thu Jun 21 03:25:57 CEST 2012 on sn-devel-104
2012-06-20s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett2-2/+6
errors
2012-06-20s4-provision: Remove --slapd-path optionAndrew Bartlett1-1/+1
This just leaves a default enough for the test code to still check the start of the provision. This may well be removed in future, and we wish to reduce the extra options to provision. Andrew Bartlett
2012-06-20s4-provision: Remove last unused remenants of the 'sid generator' configurationAndrew Bartlett1-10/+3
This was part of the now-abandoned S4 AD LDAP backend project. Andrew Bartlett
2012-06-16s4-classicupgrade: Also ask testparm for 'smb passwd file'Andrew Bartlett1-0/+2
2012-06-16s4-classicupgrade: Use "samba classic" description for samba3 NT4-like ↵Andrew Bartlett1-8/+9
domains in samba3upgrade
2012-06-16s4-lib/param: FLAG DAY for the default FILE SERVERAndrew Bartlett1-4/+4
This commit changes the default file server to be s3fs. Existing installs wishing to keep the ntvfs file server need to set this in their smb.conf: server services = +smb -s3fs dcerpc endpoint services = +winreg +srvsvc Andrew Bartlett
2012-06-16s4-s3upgrade: Assert that administrator has a SID of -500, and only skip ↵Andrew Bartlett1-2/+9
root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett
2012-06-16s4-s3upgrade: Add my wins.dat and fix the parsing errorAndrew Bartlett1-1/+2
The issue was that the numbers at the end of the lines are space padded. Andrew Bartlett
2012-06-16s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entriesAndrew Bartlett1-2/+32
2012-06-16s4-dbcheck: Always specify the dhcheck controlAndrew Bartlett1-0/+1
This will then allow us to make schema modifications, overriding the default ban. Andrew Bartlett
2012-06-15lib/param: Use server role = 'standalone server' to be consistant with ↵Andrew Bartlett2-7/+11
member server standalne is left as an alias. Andrew Bartlett
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett1-13/+14
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-12s4:tests: fix use of a non-existent word (existant)Michael Adam3-4/+4
2012-06-12s4:provision: fix use of non-existent word (existant)Michael Adam1-1/+1
2012-06-06s4 dns: Correctly handle A questions for CNAMEsKai Blin1-0/+76
When an A/AAAA lookup is made for a name that actually is a CNAME record, we need to return the CNAME record, and then do the A/AAAA lookup for the name the CNAME points at. This still fails for CNAMEs pointing at records for domains we need to ask our forwarders for. Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Wed Jun 6 15:23:55 CEST 2012 on sn-devel-104
2012-06-06s4 dns: Structure tests a bit betterKai Blin1-0/+3
2012-06-05s4-provision: Test for posix ACLs in the actual sysvol pathAndrew Bartlett1-12/+16
This avoids issues in the previous location where lp may not be initialised at this point and instead simply waits until we have a known sysvol path, and test for ACL support there. Andrew Bartlett
2012-06-05s4-provision: Place xattr.tdb in the actual state directoryAndrew Bartlett1-13/+14
This patch does two things: it fixes up the spelling of "state dir" to "state directory" so that we actually find the smb.conf parameter, and we move it to after we process the global settings in case this is changed in the future. Andrew Bartlett
2012-06-05Add '--use-ntvfs' option to 'samba-tool domain join'Andriy Syrovenko2-13/+17
2012-05-30s4-provision: Use the s3fs file server by default in migrationsAndrew Bartlett1-1/+1
This covers both migrations from s3 and joining a domain as a new DC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed May 30 14:57:22 CEST 2012 on sn-devel-104
2012-05-29s4:dbchecker - handle the "none" case correctlyMatthias Dieter Wallnöfer1-1/+1
This means that *no* fixing will be done, also the first possible one will be omitted as well. Reviewed-by: abartlet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue May 29 21:36:25 CEST 2012 on sn-devel-104
2012-05-27Avoid all(), as it's not available in Python 2.4.Jelmer Vernooij1-1/+5
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun May 27 16:13:34 CEST 2012 on sn-devel-104
2012-05-24s4/scripting: in MIT build do not install samba-tool, it is not usable yetAlexander Bokovoy2-7/+4
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2-9/+15
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23s4: samba-tool is usable without export-keytab command, make sure it does ↵Alexander Bokovoy1-19/+22
not break When export_keytab is not compiled in (pure client-side Samba 4 build as with system MIT krb5), export-keytab command of samba-tool will not be available. Make sure it is not provided but its absence does not break the Python tool.
2012-05-15samba-upgradedns: Use the correct magic incantation of sys.path.insert()Amitay Isaacs1-1/+1
This replaces "bin/python" with the correct path for python libraries. The pattern requires double quotes (") instead of single quotes ('). Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue May 15 05:19:46 CEST 2012 on sn-devel-104
2012-05-10When listing group members allow fallback to cn attribute when ↵Lukasz Zalewski1-2/+5
samAccountName is not available
2012-05-08s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 ↵Andrew Bartlett1-0/+14
to be configured
2012-05-06s4-s3-upgrade: Max/min password age policy is in seconds, not daysAndrew Bartlett1-2/+2
This cases upgraded domains to have a too-long password expiry, which in extreme cases can cause the KDC to misfunction. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
2012-05-03provision: remove reference to no longer existing template files.Jelmer Vernooij1-7/+5
2012-05-03s4-samba-tool: make new samba-tool group listmembers use samAccountNameAndrew Bartlett2-4/+4
This is the unique username value. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu May 3 01:57:41 CEST 2012 on sn-devel-104
2012-05-03s4-s3upgrade: Force ldapsam:trusted = yesAndrew Bartlett1-0/+3
While this setting is not the default in Samba3, any domain that is in a suitable condition to upgrade to Samba4 should already be in the layout that ldapsam:trusted uses. It can be turned off by setting ldapsam:trusted=false in the smb.conf. Many upgrades to Samba4 happen on a different host to the old Samba3 domain and this avoids the need to configure nss_ldap only for the duration of the upgrade. Andrew Bartlett
2012-05-03Extension to the samba-tool group subcommand functionality to allow listing ↵Lukasz Zalewski2-0/+85
of the members of an AD group
2012-05-03s4-s3upgrade: Try harder to get group memberships on upgradeAndrew Bartlett1-5/+20
This fixes an issue where some group types were not upgraded, as we did not upgrade alias memberships. It also uses enum_group_memberships() to try and find the memberships from the other direction, by asking which groups a user is a member of. As Samba3 (and NT4) does not implement nested groups, this should be safe. Andrew Bartlett
2012-05-02s4-provision: Fix up --use-s3fs to create the directory for xattr.tdbAndrew Bartlett1-4/+8
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed May 2 04:45:05 CEST 2012 on sn-devel-104
2012-05-02s4-provision: set 'dcerpc endpoint servers' but not 'vfs objects'Andrew Bartlett1-1/+1
The VFS objects are now set in the fileserver.conf, but this is only read by smbd, so the provision-time smb.conf needs to turn off the extra Samba4 DCE/RPC services. Andrew Bartlett
2012-05-01s4-upgradedns: Update serverdn with only the attributes that have changedAmitay Isaacs1-11/+21
This fixes the issue of ldb 'Operations Error' when trying to modify hasPartialReplicaNCs attribute. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue May 1 05:28:04 CEST 2012 on sn-devel-104
2012-04-24s4-s3upgrade: print the error message from passdb.error exceptionsAndrew Bartlett1-6/+6
This gives more information on why a group membership lookup failed. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Apr 24 04:34:44 CEST 2012 on sn-devel-104
2012-04-19s4-python: Ensure we handle the no-eadb case for system xattrs in get/setntaclAndrew Bartlett1-0/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Apr 19 20:51:16 CEST 2012 on sn-devel-104
2012-04-19Added number of FSMO roles owned by the server we are trying to demote.Daniele Dario1-1/+1
2012-04-19waf: Fix mispellingSimo Sorce1-1/+1
Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Apr 19 17:36:41 CEST 2012 on sn-devel-104
2012-04-19samba_spnupdate: don't try to register DNS related SPN if we are not ↵Matthieu Patou1-1/+24
mastering the NC For RW DC the impact is pretty small but for RODC the whole SPN set is rejected by the target DC as RODC hasn't the right to register DNS SPN if it is not mastering this NC.
2012-04-19dbcheck: Add a check that every FSMO role has a valid ownerAndrew Bartlett1-0/+41
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Apr 19 07:49:54 CEST 2012 on sn-devel-104
2012-04-19s4-samba-tool: Fix samba-tool fsmo seizeAndrew Bartlett2-46/+51
This is currently untested, and a restructure broke it. Andrew Bartlett
2012-04-19s4-s3upgrade: Do not ever set a domain-wide maxPwdAge of 0Andrew Bartlett1-1/+1
This means no-expiry in s3, and so we must treat it like -1. Andrew Bartlett
2012-04-19s4-s3upgrade: Ignore (with warning) groups that are listed but we cannot ↵Andrew Bartlett1-2/+14
list members for