Age | Commit message (Collapse) | Author | Files | Lines |
|
Added code to the python provisioning to create the named.conf file that was
previously generated by the EJS provisioning.
Updated the named.conf template to provide the additional details necessary
to get things working.
(This used to be commit 0b7a6bfcba1b906dc4d461882b4c3fe3c91c44e0)
|
|
This change ensures the KVNO of the principal in secrets.ldb (which is also
exported to the dns.keytab) matches the KVNO associated with the "dns" user.
Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the
dns.keytab was 0.
KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora)
consider KVNO == 0 as a sign to ignore that particular key.
(This used to be commit 572efc8e65457a982a8cbb04d3b10e3aae22d574)
|
|
(This used to be commit 5268649b7ef60a2caae9cdf66dfeaf6d2037aba3)
|
|
As some future point we might get these scripting interfaces into
better shape, and provide a python interface to this functionality
again.
Andrew Bartlett
(This used to be commit 717dcb2c54b1e22b7c8efb322deec55abb7689c2)
|
|
This gives us a lot more headroom, and means that we have a lower
chance of running into real local users
(This used to be commit b2dac6645c3bce45ab2178b9f5b4e017486b5b8e)
|
|
(This used to be commit e891157b4ec7b2f845fb20c4106d80bf169f2072)
|
|
parametic options:
smb2:max read size = NNN
smb2:max write size = NNN
The defaults are 65536, which is what Vista sets, and what we
previously set
(This used to be commit 9e60164cae42b5dd95720e48301a2ac57e95482a)
|
|
The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database. Users without a
backing unix user will get an allocated uid by idmap later.
Andrew Bartlett
(This used to be commit 8bd8bc1475ddf22d4702dcd17028a9043a5e629f)
|
|
This should cover a few more codepaths in the provision script.
Andrew Bartlett
(This used to be commit 75c8dc6c6f3134bb78356630f24617aaeb869344)
|
|
This ensures we don't fall out of sync with the provision scripts.
Andrew Bartlett
(This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
|
|
This option allows Fedora DS multi-master replication to work. I've
tried to update the wiki and scripts to the largely consistant with
each other.
Andrew Bartlett
(This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f)
|
|
In particular, allow for the server DN to be in a different site
(possible outcome of a DRS replication).
Andrew Bartlett
(This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1)
|
|
(This used to be commit 696b58f5dd8370b7ee0670c7a3e5db10234b41ff)
|
|
Merge branch 'v4-0-ipv6' of git://git.id10ts.net/samba into 4-0-abartlet
Andrew Bartlett
(This used to be commit d3336684f084f984500dd0893dd01bcfc5be0ab1)
|
|
(This used to be commit 8585a3c77d5dfe97bca3f08716fc06ac2819f578)
|
|
module prohibits it anyway.
Andrew Bartlett
(This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91)
|
|
In particular, this should draw attention to accidential 'standalone'
server provisions and therefore cause less frustration.
Andrew Bartlett
(This used to be commit e906ae041a2b589ffceff97b74f7c4b01386382a)
|
|
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
|
|
(This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907)
|
|
(This used to be commit 2e14b4ea64ba7e223f29b5b535b1b1be326f711c)
|
|
These need a testsuite, but this will come soon.
Andrew Bartlett
(This used to be commit fbcaa622bd1929399e32326349e96b6676a49b96)
|
|
Andrew Bartlett
(This used to be commit 861a85985d2d27f58cb8fa2fef0d445c7dac94c6)
|
|
Andrew Bartlett
(This used to be commit 7503f93f2f07f81ada1b5d9ec8fdd3d5509376ae)
|
|
Instead of using an include file, put the generated configurationd
directly into slapd.conf.
Andrew Bartlett
(This used to be commit 95ac786136aebfe5ededeb3fb81cbd4e296e3988)
|
|
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
|
|
This should allow us to provision onto an OpenLDAP backend again.
Also ensure we always have a sysvol and netlogon share in the selftest
environment.
Andrew Bartlett
(This used to be commit b2d9b03ba3434e76d4d476233a198728523d17f9)
|
|
This required a large rework of the provision code, so as to move much
of the 'guess' logic into subprocedures, rather than just inline in
the provision code.
Andrew Bartlett
(This used to be commit a0754c2a857217ca831c2295b17255d8f38dfbc2)
|
|
Andrew Bartlett
(This used to be commit b4da374a998caac18c288a0a6e3fcd2c50cbffa7)
|
|
Andrew Bartlett
(This used to be commit edb7af0685983543c321e3d8b90f6ae07af2e4e3)
|
|
(This used to be commit be47cc7fdfa3cae0508e564f38b793aa27b6eb92)
|
|
There are still problems with the upgrade test, but these are not
related to the provision system.
Andrew Bartlett
(This used to be commit d331bc400fb138bc43be88d0ca8ab3bcd590d2cd)
|
|
This fixes up some issues with testdir (was not honoured) and
increases test coverage.
We now check all the major provision modes. In doing so, to make it
possible to call from the multiple layers of 'sh', I have allowed 'dc'
to alias 'domain controller' and 'member' to alias 'member server'.
Fighting shell quoting in the test system was just too hard...
Also fix upgrade.py
Andrew Bartlett
(This used to be commit 0923de12282b0e063dd73bc3e056dd5c3663c190)
|
|
To make Samba4, using the python provision system, pass this test
required some major rework. Untested code is broken code, and some of
the refactoring for a seperate provision test (which also now passes)
broke things.
Similarly, the iconv work has compiled, but these codepaths have never
been run (NULL pointer de-reference).
In working to use a local, rather than global, loadparm context, and
to support using a target directory, a few things needed to be
reworked, particularly around path handling.
Andrew Bartlett
(This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6)
|
|
We now load the schema early enough that we can generate this too!
Andrew Bartlett
(This used to be commit 1adc74c65a3219fc110964ccdf9a9d60a84831da)
|
|
(This used to be commit ba864cfd7ce4b69179431131cac9661cbf48bf32)
|
|
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system. samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.
Andrew Bartlett
(This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
|
|
(This used to be commit d2eb404ba1711abf6bb2718f8bb1dbbd104e7d4d)
|
|
(This used to be commit 6ac6de8476ba036eb041e054bc37e4503dc2fde8)
|
|
is the default.
(This used to be commit a0a05c5a3d614d0f2936ecfcab5273a2ef7d61a8)
|
|
Make the EJS provision and the selftest scripts both use the new
syntax for speicifying the ldap backend type.
Andrew Bartlett
(This used to be commit b1d2584277304be3f2a640465cbf6b2a3ec571cc)
|
|
(This used to be commit f70aef8e51e1a2f186fe71edaa4c81a39b837573)
|
|
once in a row.
(This used to be commit 42466d960c86b692ef5e03c045ba24591c5c6f84)
|
|
(This used to be commit d4fb8b0d8644cddfa39655fac87a96edc71b2a73)
|
|
(This used to be commit b173fa6bd2b24b5a3e7b4fbcb926f6c9771c10ba)
|
|
(We may need to include more defaults in the template, but I want to
start small for now).
Andrew Bartlett
(This used to be commit a466dda118f785bf784548106637577a5e25a30e)
|
|
Andrew Bartlett
(This used to be commit c8b0a8a196d8d187a86aef497953d0105436aff8)
|
|
(This used to be commit 66df250ff355d3c1b7f0252fc1f95a8c79a28c6d)
|
|
provisioning, some other minor refactoring of the provisioning.
Pair-programmed by Andrew and me using obby :-)
(This used to be commit 688adcbb635af87fcfedb869b7f1857a947fd2f9)
|
|
Andrew Bartlett
(This used to be commit ae2ea1bd0cd2b326b09b372428969f2cf52ce519)
|
|
(This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8)
|