summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2010-11-17s4-provision: use the command line lp in provisionAndrew Tridgell1-1/+1
this ensures that provision options are stored in the generated smb.conf
2010-11-16samba-tool Add test for --store-plaintextAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 16 06:29:04 UTC 2010 on sn-devel-104
2010-11-09s4:provision_self_join.ldif - the object SID in AD is called "objectSid"Matthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Nov 9 13:18:29 UTC 2010 on sn-devel-104
2010-11-09s4:provision - switch to "clearTextPassword" for setting passwordsMatthias Dieter Wallnöfer3-4/+4
This is the default password set/change attribute for s4 specific purposes (otherwise in respect to Windows it's "unicodePwd"). We move away from "userPassword" since on Windows it's not activated by default - and s4 will follow soon.
2010-11-01s4:setup/spn_update_list - the DNS SPN is only used in DNS modeMatthias Dieter Wallnöfer1-1/+3
Not all DCs are automatically DNS servers. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 1 12:20:36 UTC 2010 on sn-devel-104
2010-11-01s4:provision - adapt the "provision" so that SIDs are only set on entry creationMatthias Dieter Wallnöfer2-3/+1
SID modifications are denied.
2010-10-31s4:provision - remove the "servicePrincipalName" creation on the DC objectMatthias Dieter Wallnöfer2-17/+2
This is now done by the "samba_spnupdate" script.
2010-10-31s4:setup/spn_update_list - reorder and update with other SPNsMatthias Dieter Wallnöfer1-13/+15
2010-10-28s4 net: rename to samba-tool in order to not clash with s3 netKai Blin4-67/+67
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
2010-10-27s4:setup/schema_samba4.ldif - this control isn't used anymoreMatthias Dieter Wallnöfer1-1/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Oct 27 16:32:28 UTC 2010 on sn-devel-104
2010-10-25s4:provision_*_references.ldif - "add" and do not "replace" the ↵Matthias Dieter Wallnöfer2-2/+2
"wellKnownObjects" This is the correct AD operation in this case. Multi-valued replaces are generally denied most of the time.
2010-10-23s4:provision.py - add the correct "CN=Sites" security descriptorMatthias Dieter Wallnöfer1-0/+1
This should help to fix bug #7403. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer1-0/+1
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-1/+1
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-19s4-provisionbackend Allow a fixed URI to be specified for LDAP backendAndrew Bartlett1-0/+12
This is added to make the 'existing' LDAP backend class more useful, and to allow debuging of our OpenLDAP backend class with wireshark, by forcing the traffic over loopback TCP, which is much easier to sniff. Andrew Bartlett
2010-10-18s4-openldap-backend Don't set 'dbnosync' on cn=configAndrew Bartlett1-1/+0
This isn't valid in current OpenLDAP versions. Andrew Bartlett
2010-10-18s4-provision Use --ldap-backend-nosync rather than just --nosyncAndrew Bartlett1-2/+1
For some reason we had both options, and --ldap-backend-nosync is the better name. Andrew Bartlett
2010-10-13s4:setup/provision_self_join.ldif - let the samldb LDB module fill in ↵Matthias Dieter Wallnöfer1-1/+1
"isCriticalSystemObject" It recognizes it now automatically.
2010-10-11unit tests: do some cleanup after testsMatthieu Patou2-0/+15
fix Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Oct 11 14:29:10 UTC 2010 on sn-devel-104
2010-10-06waf: fixed some python3.x portability issuesAndrew Tridgell1-1/+3
these have crept into the tree over time. Maybe we should add testing of a range of python versions to autobuild?
2010-10-05s4:setup/provision_rootdse_add.ldif - provide informations in the right orderMatthias Dieter Wallnöfer1-2/+2
Doesn't change much - but nicer to read. Btw: is the testdata/samba3 stuff still needed ("provision_samba3sam.ldif"...)? It seems a bit outdated.
2010-10-03Fix .reg file format parsing.Wilco Baan Hofman1-3/+3
* multiline data * doublequoted value name * handle windows format CRLF Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
2010-10-03s4:schema_samba4.ldif - update allocated controls listMatthias Dieter Wallnöfer1-0/+1
This needs always to be done after a control allocation otherwise we end up in double-allocations and unexpected behaviour.
2010-10-01selftest: Let selftest provide the tempdir, rather than creating it as ↵Jelmer Vernooij1-1/+0
sideeffect of tests.py.
2010-09-28s4-provision: simplify our generated krb5.confAndrew Tridgell1-14/+1
we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-provision: fixed the authority response for our SOA recordAndrew Tridgell1-1/+1
some clients rely on this being the hostname, not the domain Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
2010-09-26s4 provision: start with gpo of version 0 and be consistent between ↵Matthieu Patou1-2/+2
different policies
2010-09-26s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account onlyAndrew Tridgell1-1/+0
2010-09-26s4-provision: switch to dns-HOSTNAME instead of dnsAndrew Tridgell3-18/+10
We now use a host specific account name for the DNS account, which is the account used for dynamic DNS updates. We also setup the servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN} and DNS/${DNSNAME} for compatibility with both the old and new SPNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4-kerberos Rework keytab handling to export servicePrincipalName entriesAndrew Bartlett1-1/+1
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
2010-09-24s4:provision - rootdse - remove static "ldapServiceName" attributeMatthias Dieter Wallnöfer1-1/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:provision - rootdse - remove static "dnsHostName" attributeMatthias Dieter Wallnöfer1-1/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-24s4:provision - rootdse - remove the static attribute "serverName"Matthias Dieter Wallnöfer1-1/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-12s4:setup/provision_self_join.ldif - now the samldb LDB module detects ↵Matthias Dieter Wallnöfer1-1/+0
automatically that this is a DC account
2010-09-10s4:provision: remember the setup directory if it wasn't the defaultStefan Metzmacher3-0/+3
This fixes make test without a make install. metze
2010-09-09s4-setup Make krb5.conf use DNS by defaultAndrew Bartlett1-2/+2
We set up our DNS pretty well these days, and I think the previous setting was only there because Andrew Kroeger copied this out of our selftest code in bf3f3af92677bce8f03b0dd2be552d6c8c730ca1. Andrew Bartlett
2010-09-08setup: Use standard octal ints rather than harcoding.Jelmer Vernooij1-2/+1
2010-08-19unit tests: debug to ease locating pb, remove dir if exists to avoid errorMatthieu Patou1-2/+8
2010-08-17s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID"Matthias Dieter Wallnöfer1-1/+1
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash.
2010-07-31s4:blackbox/newuser: use test specific user namesStefan Metzmacher1-10/+10
As this test doesn't delete the user accounts at the end, we should use test specific user names. That lowers the chance of conflicts with other tests. metze
2010-07-15s4 dsdb: create a new control: changereplmetadataMatthieu Patou1-0/+1
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-10s4:provision: remove --policy-guid and --policy-guid-dc cmdline optionsStefan Metzmacher1-5/+0
metze
2010-07-10s4 unittests: remove the provision directory before (re)generatingMatthieu Patou3-0/+3
2010-07-10s4 net: Add spn module to list/add/remove spn on objectsMatthieu Patou1-0/+33
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-07-05s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OIDStefan Metzmacher1-0/+1
When importing users from Samba3 we need to control all values. metze
2010-07-03s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right valueMatthias Dieter Wallnöfer1-2/+1
Now we should have fixed all password related tests to cooperate with this value
2010-06-26s4:provision: add entries for root dns serversStefan Metzmacher1-0/+72
metze
2010-06-26s4:provision: move Samba4 specific DNS stuff to its own fileStefan Metzmacher3-20/+31
metze
2010-06-26s4:provision: add --next-rid optionStefan Metzmacher1-1/+3
Make it possible to provision a domain with a given next rid counter. This will be useful for upgrades, where we want to import users with already given SIDs. metze
2010-06-26s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool'Stefan Metzmacher4-3/+13
On Windows dcpromo imports nextRid from the local SAM, which means it's not hardcoded to 1000. The initlal rIDAvailablePool starts at nextRid + 100. I also found that the RID Set of the local dc should be created via provision and not at runtime, when the first rid is needed. (Tested with dcpromo on w2k8r2, while disabling the DNS check box). After provision we should have this (assuming nextRid=1000): rIDAllocationPool: 1100-1599 rIDPrevAllocationPool: 1100-1599 rIDUsedPool: 0 rIDNextRID: 1100 rIDAvailablePool: 1600-1073741823 Because provision sets rIDNextRid=1100, the first created account (typically DNS related accounts) will get 1101 as rid! metze