summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2010-09-30s4-spn: don't try and send an empty SPN listAndrew Tridgell1-0/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-provision: wipe the old keytabs when provisioningAndrew Tridgell2-7/+29
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytabAndrew Tridgell1-2/+5
we need to fetch the msDS-keyVersionNumber from the writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-30LDAPCmp feature to compare nTSecurityDescriptorsZahari Zahariev1-34/+252
New feature that enables LDAPCmp users to find unmatched or missing ACEs in objects for the three naming contexts between DCs in one domain (default) or different domains. Comparing security descriptors is not the default action but attribute compatison. So to activate the new mode there is --sd switch. However there are two view modes to the new --sd action which are 'section' (default) or 'collision'. In 'section' mode you can only find differences connected to missing or value unmatched ACEs but not disorder unmatch if ACE values and count are the same. All of the mentioned differences plus disorder ACE unmatch you can observe under 'collision' view however it is more verbose. Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-30s4-dns: send A record updates via TKEYAndrew Tridgell1-1/+6
2010-09-29s4-devel: added new options to getncchanges scriptAndrew Tridgell1-9/+65
added --pas, --dest-dsa and --replica-flags options Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-09-29s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS callAndrew Tridgell1-10/+57
we can't do SPN updates via sam writes and replication, as the sam is read-only
2010-09-29s4-drsutils: expose DsBind() call in drs_utils.pyAndrew Tridgell1-37/+38
this will be used by samba_spnupdate
2010-09-29s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpersAndrew Tridgell2-0/+12
Our helper scripts can fail on Fedora with the PDT timezone (Western USA). This is the same issue we found with Heimdal earlier today, the 24 second difference between GMT and UTC, but this time in MIT Kerberos as linked into bind9. By forcing TZ=GMT in these scripts we avoid the problem Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-27s4-dns: added --update-list option to samba_dnsupdateAndrew Tridgell1-8/+14
this allows us to use it for RODC netlogon updates
2010-09-27s4-dns: use the generated krb5.conf in samba_dnsupdateAndrew Tridgell1-0/+5
this gives one less thing that an admin can get wrong Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
2010-09-27s4-provision: fixed the generation of the krb5.conf for vampireAndrew Tridgell1-6/+6
we need a correct krb5.conf for nsupdate from bind9
2010-09-26s4-spn: don't try to do SPN updates as a RODCAndrew Tridgell1-0/+4
we don't have the permissions to do it
2010-09-26upgradeprovision: fix a typoMatthieu Patou1-1/+1
2010-09-26upgradeprovision: Fix a bug with renamed entriesMatthieu Patou1-2/+13
The SD was not refetched for renamed entries, resulting with a try to add an additional SD when there was already one.
2010-09-26upgradeprovision: fix a bug with not updated linksMatthieu Patou1-0/+1
2010-09-26s4 provision: start with gpo of version 0 and be consistent between ↵Matthieu Patou1-1/+1
different policies
2010-09-26s4 upgradeprovision: fix a bug with empty reference objectsMatthieu Patou1-1/+9
Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
2010-09-26s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo ↵Matthieu Patou1-3/+3
valid
2010-09-26s4 provision: Make GPO folder group writableMatthieu Patou1-3/+3
The group of this folder is domain administrator and it seems sensible that all domain administrators have the right to modify the gpo (they have it at the NT ACLs level ...)
2010-09-26upgradeprovision: use the same case for hostname in reference provision as ↵Matthieu Patou1-1/+1
in the current provision Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
2010-09-26s4-provision: switch to dns-HOSTNAME instead of dnsAndrew Tridgell1-7/+23
We now use a host specific account name for the DNS account, which is the account used for dynamic DNS updates. We also setup the servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN} and DNS/${DNSNAME} for compatibility with both the old and new SPNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4-ldapcmp: Fix usage of 'paged_search' module for remote LDB connectionsKamen Mazdrashki1-2/+3
2010-09-26s4-ldapcmp: Extend ldapcmp to be able to compare more than one context at a timeKamen Mazdrashki1-20/+33
If no arguments given, ldapcmp will compare all NCs
2010-09-25s4-net: added --ipaddress option to net commandsAndrew Tridgell6-6/+13
this allows override of server IP address, bypassing NBT or DNS name resolution of DCs Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2010-09-24s4:provision - rootdse - remove static "ldapServiceName" attributeMatthias Dieter Wallnöfer1-3/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:provision - rootdse - remove static "dnsHostName" attributeMatthias Dieter Wallnöfer1-1/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:provision.py - support still not fully provisioned trees regarding the ↵Matthias Dieter Wallnöfer1-2/+11
rootDSE module We simply override the NTDS settings path manually Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:provision.py - make more use of "names.serverdn" on NTDS settings locationMatthias Dieter Wallnöfer1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:python/samba/join.py - add a comment to point out that NCs have to be ↵Matthias Dieter Wallnöfer1-0/+1
assigned dynamically We could also have DNS partitions (only to make one example). Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:python/samba/join.py - use constant for DC function levelMatthias Dieter Wallnöfer1-1/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-drs: we don't need to decode to utf8 in python dcerpc strings any moreAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-22s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij1-0/+100
2010-09-22s4-selftest: Move samba3sam test to standard python directory.Jelmer Vernooij1-0/+1092
2010-09-22selftest: Fix idlist running.Jelmer Vernooij2-41/+65
2010-09-22s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij2-2/+5
2010-09-22s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij2-6/+4
memory leaks.
2010-09-22pygensec: Implement start_mech_by_name().Jelmer Vernooij1-3/+10
2010-09-22ndrdump: Move blackbox test to standard python namespace.Jelmer Vernooij3-0/+41
2010-09-22s4-ldapcmp: Enable comparisons between LDBs tooKamen Mazdrashki1-3/+12
This will enable us to compare two LDBs or and LDB with running AD server. Comparing LDB against running running server may come into handy when one want to see if 'net vampire' command does what it does the right way
2010-09-21s4-selftest: Move more tests to scripting/python, simplifies running of tests.Jelmer Vernooij8-4/+394
2010-09-21selftest: Fix run for systems without testtools installed.Jelmer Vernooij2-2/+1
2010-09-20rpc_talloc: Update test now that we create fewer references.Jelmer Vernooij1-7/+4
2010-09-20pytestrpc: Be more verbose.Jelmer Vernooij1-4/+6
2010-09-20testrpc: Convert from a single unit test to a simple test script, beJelmer Vernooij1-18/+32
more verbose.
2010-09-20pidl: Fix segfault when accessing unicode objects.Jelmer Vernooij1-1/+1
2010-09-21s4-devel-getncchanges: Add common Samba options as a group to be displayedKamen Mazdrashki1-0/+1
Those options are processed but never shown with --help argument
2010-09-19s4-rodc: override client site from cldap responseAndrew Tridgell1-0/+2
2010-09-19s4-dns: fixed the dns_domain_info_type for netlogon DNS callsAndrew Tridgell1-3/+14
w2k8r2 does check this field (WSPP docs need an update)
2010-09-19s4-dns: added --all-names option to samba_dnsupdateAndrew Tridgell1-1/+2
this forces the re-registration of all names