summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2009-11-23s4:dsdb Move module configuration from each ldb into samba_dsdb.cAndrew Bartlett2-6/+7
This makes getting the module order correct, the obligation of Samba4 developers, and not system administrators. In particular, once an ldb is updated to use only the 'samba_dsdb' module, no further changes to the ldb should be required when upgrading to later Samba4 versions. (thanks to metze for the suggestion of samba_dsdb as a long-term stable name for the module) Andrew Bartlett
2009-11-23s4:provision Simplify the module listAndrew Bartlett1-1/+1
This makes the member server much more like the DC, the objectGUID module replaces the repl_meta_data module. We also generally rework the construction of the list, building a full list in python, and then transforming it into a string, rather than playing string concatonation games Andrew Bartlett
2009-11-17s4:provision_users.ldif - Descriptions generally begin with a majuscleMatthias Dieter Wallnöfer1-2/+2
2009-11-17s4:provision Split up reference creation, load schema earlier in the stackAndrew Bartlett2-13/+23
The schema needs to be loaded above the extended_dn_out modules as otherwise we don't get an extended DN in the search results. The reference split is to ensure we create references after the objects they reference exist. Andrew Bartlett
2009-11-17s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used featuresAndrew Bartlett1-0/+0
These flags, also on dsdb_module_search_dn() allow us to add commonly set controls to this pre-packaged blocking search, without rebuilding the whole function in each caller. Andrew Bartlett
2009-11-16s4:provision - Removed dependency on full Samba 3 schema from FDSEndi S. Dewata3-39/+14
2009-11-04Added security descriptor for the domain NC to provisioning.Nadezhda Ivanova1-0/+1
Necessary for correct descriptor inheritance. Based on the default state of a single DC. Will be modified later when we support multiple DCs.
2009-11-02s4:provision Rework provision to always have a ProvisionBackendAndrew Bartlett1-1/+1
Rather than treat the LDAP backend as a special case, treat all backends the same, with different callbacks. Andrew Bartlett
2009-11-02s4 - SID allocation using FDS DNA pluginEndi S. Dewata6-0/+32
2009-11-02s4:dsdb - Store SID as string in FDS.Endi S. Dewata1-0/+2
2009-11-02s4 - Mapped AD schema to existing FDS schema.Endi S. Dewata3-1/+68
2009-10-23s4:setup Mark 'cn' in secrets as case insensitiveAndrew Bartlett1-0/+1
While this does not matter very much, others may later expect 'cn' to be case insensitive. Andrew Bartlett
2009-10-21s4:provision - rework the "guess_names" and "make_smbconf" methodMatthias Dieter Wallnöfer3-3/+3
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be derived through "lp" calls. - Substitute the "HOSTNAME" caption in the "smb.conf" templates with "NETBIOS_NAME" which fits better. - Now the "realm" and "domain" parameter of the provision are totally case insensitive and the script itself up/downcases them appropriately depending on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).
2009-10-21s4:provision Test ability to set GUIDs from provision command lineAndrew Bartlett1-0/+1
2009-10-21s4:provison Allow the NTDS guid on the command line (for testing)Andrew Bartlett1-0/+3
This allows a blackbox test to confirm this can be set. Andrew Bartlett
2009-10-21s4:provision Set @OPTIONS in the provision_init.ldifAndrew Bartlett2-3/+3
The new partitions code knows to copy these items in when creating a new parition, so we can set it from the start. Andrew Bartlett
2009-10-21s4:dsdb Rework modules create new partitions at runtimeAndrew Bartlett2-3/+3
This is done by passing an extended operation to the partitions module to extend the @PARTITION record and to extend the in-memory list of partitions. This also splits things up into module parts that belong above and below repl_meta_data Also slit the partitions module into two files due to the complexity of the code Andrew Barltett
2009-10-19s4-idmap: the idmap database should be indexedAndrew Tridgell1-0/+4
2009-10-17s4-schema: We should not need Samba4TopExtra nowAndrew Tridgell1-23/+0
The last attribute this contained was 'privilege' which is now gone
2009-10-17s4-provision: added the default privileges dbAndrew Tridgell1-0/+78
privileges are now stored in a separate database
2009-10-17s4-provision: removed the old privilege attributesAndrew Tridgell2-53/+14
Our schema is getting a bit cleaner :-)
2009-10-16s4:provision - replaced linked_attributes with FDS pluginsEndi S. Dewata6-0/+46
When FDS is used as a backend, Samba should not use the linked_attributes LDB module, but instead use the built-in DS plugins for attribute linking, indexing, and referential integrity.
2009-10-12s4:provision Remove all references to samba4LocalDomainAndrew Bartlett2-21/+24
This was a bad idea all along, as Simo said at the time. With the full MS schema and enforcement of it, it is an even worse idea. This fixes the provision of the member server in 'make test' Andrew Bartlett
2009-10-06s4-provision: match win2003 functional levelAndrew Tridgell3-4/+4
We are now defaulting to win2003 functional level, and see to report the right revisions of our db and schema
2009-10-02s4:provision_users.ldif - Put potential primary groups in front of the fileMatthias Dieter Wallnöfer1-19/+20
(So they can be always found by the SAMLDB module)
2009-10-02s4:dsdb rework instanceType module - put instanceType in provisionAndrew Bartlett3-0/+3
The instanceType needs to be specified in future because that's how the partitions are actually created.
2009-10-02s4: Improve provisioning: use relax controlMatthieu Patou3-2/+2
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
2009-10-02s4:provision - Change the default forest/domain function level back to ↵Matthias Dieter Wallnöfer1-1/+1
Windows 2003 Native
2009-09-30s4:pwsettings - Improve error handling and introduce "choice" typeMatthias Dieter Wallnöfer1-13/+10
- Improve the error handling according to Jelmer's suggestions - Print out the error messages on "stderr" - Add also here the "choice" type for arguments
2009-09-30s4:provision - Lets the user choose between the supported forest/domain ↵Matthias Dieter Wallnöfer1-8/+17
function levels Adds a parameter "--function-level" which allows to specify the domain and forest function level.
2009-09-30s4:provision: Show domains and forests are W2K8 DC capable.Andrew Kroeger2-0/+15
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep" utility is used to perform schema updates and update other attributes as necessary. Adding these entries provides an indication that the adprep utility has been run with the /forestprep, /domainprep and /rodcprep arguments. Although these entries indicate adprep has been run, nothing has been done to verify that the changes that the adprep utility would have made have actually been done. The values used for the revision atttributes are as seen on a W2K8 DC (not W2K8 R2, which will probably have higher values).
2009-09-30s4:provision: Update schema version number to W2K8.Andrew Kroeger1-1/+1
We are running the W2K8 schema version, not the W2K3 version.
2009-09-30s4:domainlevel - General reworkMatthias Dieter Wallnöfer1-29/+63
- We support domain/forest function levels >= (Windows) 2003 Native -> adapt the domain/forest and DC function level restrictions. - Consider also the lowest function level of a DC. The domain and forest function levels can never be higher than it. - Improve the error handling by printing out messages to "stderr" - Introduce the "choice" type for choice arguments (saves us some error handling)
2009-09-25s4:LDIFs - enhance the section commentsMatthias Dieter Wallnöfer2-0/+12
2009-09-21Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova9-37/+73
2009-09-21s4:samdb/tools - That should fix now the last failuresMatthias Dieter Wallnöfer2-1/+3
2009-09-21s4:scripts - Reintroduce "-H" parameterMatthias Dieter Wallnöfer6-12/+46
I removed it since on some scripts it was present, on others not - so I thought it wouldn't be really needed. This was a bad decision (pointed out by abartlet). So I reintroduce it on all scripts (to have consistent parameters).
2009-09-20Merge branch 'master' of git://git.samba.org/sambaNadezhda Ivanova3-28/+11
2009-09-20s4:provision split provision of DNS zone and self join keytabAndrew Bartlett3-24/+24
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova2-0/+2
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-20s4:python tools - try to fix some test problemsMatthias Dieter Wallnöfer2-2/+2
2009-09-20s4:domainlevel - fixed another errorMatthias Dieter Wallnöfer1-26/+9
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a copy of the one under the directory root object. Therefore there doesn't exist the "Windows 2000 Mixed" forest level.
2009-09-20s4:provision_configuration - fix "sPNMappings"Matthias Dieter Wallnöfer1-2/+1
I reread some docs about this attributes and it seems that this as mapping attribute isn't host specific but in common for the whole domain. To allow Windows DCs to join our s4 domain sooner or later we have to provide the full attribute.
2009-09-20s4:domainlevel - further improvementsMatthias Dieter Wallnöfer1-9/+50
- The tool displays now also mixed/interim domain levels and warns about them (s4 isn't capable to run on them) - But it allows now also to raise/step-up from them - It displays now also levels higher than 2008 R2 (altough we don't support them yet) but to be able to get a correct output
2009-09-20s4:provision_basedn_modify - fix the "auditPolicy" attributeMatthias Dieter Wallnöfer1-1/+2
I had to think about how to encode the string 0x0001 (taken from Windows Server). The problem is due to the "0" byte at the beginning of it. BASE64 encoding seems a good method to do it.
2009-09-18s4:provision_configuration - "sPNMappings": "http" missed on regenerationMatthias Dieter Wallnöfer1-1/+1
2009-09-18s4/provision_configuration - re-add the "sPNMappings"Matthias Dieter Wallnöfer1-0/+3
Accidentally removed by a previous commit.
2009-09-18s4:scripts - Cleans also the rest under the "setup" directory upMatthias Dieter Wallnöfer3-30/+43
- I removed also the "-H" parameter since those scripts are all thought for the use on a local s4 domain controller. Another reason is also the bind as SYSTEM account which itself is only possible on local binds.
2009-09-18s4:various scripts under "setup" - UnificationMatthias Dieter Wallnöfer4-73/+74
- This unified the shape of those four scripts (comments, command sequence, call of SamDB) - To consider the samdb.py changes regarding the filter: there is now always the possibility either to specify the username or the search filter
2009-09-18s4:domainlevel/pwsettings - Remove unused importMatthias Dieter Wallnöfer2-2/+0