summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2008-09-08Make it clear that the MMR password can differ from the admin passswordAndrew Bartlett1-1/+1
In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
2008-09-08Use DIGEST-MD5 authentication for OpenLDAP replicationOliver Liebel3-6/+19
This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
2008-09-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into ↵Andrew Bartlett2-1/+57
trusted-domains (This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
2008-09-06Remove <tab> in OpenLDAP MMR configOliver Liebel1-1/+0
Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
2008-08-30Add a setexpiry operation in samdb.pyAndrew Tridgell1-1/+13
This makes it easy to set the expiry (or no expiry) for a samdb user (This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
2008-08-30added a simple script for setting password expiryAndrew Tridgell1-0/+44
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
2008-08-22now that ldap integers are 32 bit, we need to put the right 32 bitAndrew Tridgell1-19/+19
value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
2008-08-21The index handling is now configured from the schema load, not by aAndrew Bartlett1-19/+0
template. Andrew Bartlett (This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)
2008-08-20Apply attributes (and their syntax) from the schema into ldbAndrew Bartlett1-0/+7
This changes the @ATTRIBUTES record to be for bootstrapping only, before we find the schema. Andrew Bartlett (This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)
2008-08-20Update OpenLDAP MMR configuration per comments by Oliver LiebelAndrew Bartlett1-1/+1
<oliver@itc.li> This changes the RIDs to be <serverID><DBID>, to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)
2008-08-19Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett3-10/+13
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)
2008-08-19Fix up new OpenLDAP MMR code.Andrew Bartlett4-6/+10
This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)
2008-08-19Generate Multi-Master Replication configuration for OpenLDAPOliver Liebel4-5/+49
This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)
2008-08-19Fix templates.ldb reprovision handling.Andrew Bartlett2-10/+10
This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)
2008-08-18Merge the two attribute syntax tables.Andrew Bartlett1-0/+3
This merges the table once found in the oLschema2ldif tool (and moved many times) with the table used for DRSUAPI. The OpenLDAP schema map has been updated, to ensure that despite a number of attributes being declared as OIDs, they are actually used as strings (as they are actually LDAP class/attribute names). Andrew Bartlett (This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108)
2008-08-15Generate the subSchema in cn=AggregateAndrew Bartlett1-549/+0
This reads the schema from the in-memory structure, when the magic attributes are requested. The code is a modified version of that used in the ad2oLschema tool (now shared). The schema_fsmo module handles the insertion of the generated result. As such, this commit also removes these entries from the setup/schema.ldif Metze's previous stub of this functionality is also removed. Andrew Bartlett (This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60)
2008-08-01Add helper object Hostconfig to make it easier to get to e.g. theJelmer Vernooij1-3/+2
SAM database. (This used to be commit be75b2a36ee49f66ada3ec3ababa82d74085d559)
2008-07-23Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett1-0/+6
(This used to be commit ae311d89d2d477b235a6a9294a8bb463ed0a8c05)
2008-07-23Explain where some other OIDs are allocated.Andrew Bartlett1-0/+6
This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett (This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5)
2008-07-22Improve DNS and Group poicy configurations.Matthias Dieter Wallnöfer3-51/+65
- fixes bug #4813 (simplify DNS setup) - This reworks the named.conf to be a fully fledged include - This also moves the documentation into named.txt - improves bug #4900 (Group policy support in Samba) - by creating an empty GPT.INI - fixes bug #5582 (DNS: Enhanced zone file) - This is now closer to the zone file AD creates committed by Andrew Bartlett (This used to be commit 74d684f6b329d7dd573cdc55e16bb8e629474b02)
2008-07-21Make invalid 'member' detection work again.Andrew Bartlett1-0/+4
This defines a rootdn globally, and due to OpenLDAP bugs, gives it manage access to the whole database. This makes the memberOf module able to validate the links again, now we have database ACLs. Andrew Bartlett (This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
2008-07-18Make a seperate template for the refint configuration tooAndrew Bartlett2-0/+5
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)
2008-07-18Put the memberof template into a seperate setup/ file.Andrew Bartlett2-0/+12
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm having with OpenLDAP Andrew Bartlett (This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)
2008-07-15Lock down the LDAP backend - only samba may read or writeAndrew Bartlett1-1/+1
(This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d)
2008-07-15Rework provision to handle both simple and SASL binds.Andrew Bartlett1-3/+3
Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
2008-07-15Connect to the LDAP backend with SASL credentials.Andrew Bartlett7-11/+72
This reworks our LDAP backend code to move from anonymous access to a shared-secret SASL-protected connection. (SASL selects NTLM or DIGEST-MD5 on my system). To get this working, we must pre-populate the LDAP backend with a DN to store ths SASL secret on, and we use back-ldif for this. This gives us a reasonable basis to deploy a replicated OpenLDAP backend solution. Andrew Bartlett (This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett6-22/+21
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-10Avoid the use of extensibleObject in ldap mapping backend.Andrew Bartlett2-19/+141
Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)
2008-06-19Add a blackbox test for the provision-backend script.Andrew Bartlett1-0/+25
This test (as most tests do :-) found a few bugs, also fixed in this commit. Andrew Bartlett (This used to be commit d96a6482dad54d1d27a87107865e833a9c32cf53)
2008-06-11Remove unused import, function.Jelmer Vernooij1-8/+0
(This used to be commit f134a701e7c2d64a684d55691fd66e2aaeb15812)
2008-06-03setpassword should be executableAndrew Tridgell1-0/+0
(This used to be commit b8f2e6321dd06508f9cc48e8d76d20232cb7d60e)
2008-05-30Don't pass an smb.conf to provision tests.Andrew Bartlett3-22/+19
These tests will create their own smb.conf in their prefix anyway. Andrew Bartlett (This used to be commit c0322e8e27d67655b7498b27df0829aa5682a345)
2008-05-29Remove extra spaces on prefixMap input and output.Andrew Bartlett1-34/+34
Metze requested that the format not include spaces, and the input parser already expects this. Andrew Bartlett (This used to be commit 3b1f5d10360ed1b26980d748a7c9be6db5977bd3)
2008-05-29Print prefixMap in a human-readable format.Andrew Bartlett2-16/+36
This should allow the prefixMap to be edited, until we find the right way to autogenerate it. Andrew Bartlett (This used to be commit 24ae9a55ec326807afd8d5bfa0a422a6668bd7c3)
2008-05-23Fix imports for provision-backend.Jelmer Vernooij1-3/+6
This needs a blackbox test... (This used to be commit 268c1de095411991ffb22ee835bfb88f8bce235a)
2008-05-21GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480)Andrew Kroeger1-1/+1
This only solves part of bz #5480. The settings for Enforced & Link Enabled now match the default settings of a Windows DC, but they are still "locked" and cannot be changed via the GUI. (This used to be commit 761e667e45475d3a7d5a41558b400ba4c94c4650)
2008-05-21enableaccount: Use correct command name in usage output.Andrew Kroeger1-1/+1
(This used to be commit 4ca8f32a37196c81547679b2ee8d00cb77a01269)
2008-05-21provision: Generate krb5.conf template separate from named.conf template.Andrew Kroeger2-14/+17
(This used to be commit ebf130e9e57b640129cf0d05dbd7d210b71ea371)
2008-05-22Fix python imports.Jelmer Vernooij3-3/+8
(This used to be commit 453206665677821b254c18cc67192e007b892f04)
2008-05-22use one blackbox script per executable.Jelmer Vernooij3-18/+44
(This used to be commit cd8c8226784c96d7f1dbae006a4853eb50c7b2e2)
2008-05-21Move more modules inside of the samba package.Jelmer Vernooij2-4/+4
(This used to be commit 9b39e99f48266a54ed0b8890c2efde218b4b118a)
2008-05-21Fix reference to removed smbpython.Jelmer Vernooij1-1/+3
(This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1)
2008-05-21Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-localAndrew Bartlett2-27/+109
(This used to be commit 0e429dd1fb15137a2a7c25e051b9af8c4ed8c7f3)
2008-05-20Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett3-1/+12
Fix config.mk due to changing syntax. Conflicts: source/libcli/config.mk source/nbt_server/config.mk (This used to be commit 6a1c76f29f78183f44dfac6f468c5e728d2cb2cf)
2008-05-18provision: Create instructions for enabling DNS GSS-TSIG updates.Andrew Kroeger1-27/+108
Added code to the python provisioning to create the named.conf file that was previously generated by the EJS provisioning. Updated the named.conf template to provide the additional details necessary to get things working. (This used to be commit 0b7a6bfcba1b906dc4d461882b4c3fe3c91c44e0)
2008-05-18provision: Allow DNS GSS-TSIG updates to work.Andrew Kroeger1-0/+1
This change ensures the KVNO of the principal in secrets.ldb (which is also exported to the dns.keytab) matches the KVNO associated with the "dns" user. Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the dns.keytab was 0. KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora) consider KVNO == 0 as a sign to ignore that particular key. (This used to be commit 572efc8e65457a982a8cbb04d3b10e3aae22d574)
2008-05-12Merge branch 'nosmbpython' into v4-0-testJelmer Vernooij3-1/+12
(This used to be commit 9683f7434c7ea01631d8adae9d43274c77ff51de)
2008-05-12Remove JavaScript provision-backend scriptAndrew Bartlett1-188/+0
The library it relied on has already been removed. Andrew Bartlett (This used to be commit 97427731a520283fdd3c8e582ac1f8be7699013e)
2008-05-11Remove python extension from upgrade script.Jelmer Vernooij1-0/+0
(This used to be commit 5268649b7ef60a2caae9cdf66dfeaf6d2037aba3)
2008-05-11Set sys.path for running inside source tree.Jelmer Vernooij3-2/+11
(This used to be commit b507109bb676715f7d9616e13b0e19305e9c2559)
generated by cgit (git 2.34.1) at 2024-11-01 08:07:22 +0000