summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2010-01-11Revert "s4:provision_users.ldif - Import all essential groups for Windows ↵Andrew Tridgell1-113/+85
Server 2008 mode" This reverts commit 5c174c68ccba7506147feab1d09ad676792139b3. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push.
2010-01-11Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 ↵Andrew Tridgell1-0/+5
for now" This reverts commit 61dfd3dc1dce2c0dd6693de80930af312ad3e39f. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push.
2010-01-11Revert "s4:provision_users.ldif - Fix memberships regarding the denied ↵Andrew Tridgell1-8/+0
password RODC replication group" This reverts commit 9ee895fcf6327b1c2f5ee09fa565bd62974e9c58. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push.
2010-01-11Revert "s4:provision_users.ldif - Add objects for IIS"Andrew Tridgell1-21/+0
This reverts commit 91e210028790397996659116446e6add452707f6. This series of commits broke 'make test'. Matthias, please make sure you run a _full_ make test before every push.
2010-01-10s4:provision_users.ldif - Add objects for IISMatthias Dieter Wallnöfer1-0/+21
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
2010-01-10s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specificMatthias Dieter Wallnöfer1-0/+1
2010-01-10s4:provision_users.ldif - Fix memberships regarding the denied password RODC ↵Matthias Dieter Wallnöfer1-0/+8
replication group
2010-01-10s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for nowMatthias Dieter Wallnöfer1-5/+0
This belongs to the AD IIS stuff where I don't know yet if we should import it.
2010-01-10s4:provision_users.ldif - Import all essential groups for Windows Server ↵Matthias Dieter Wallnöfer1-85/+113
2008 mode Additionally I had to fix some bugs (especially wrong "groupTypes") and reordered the objects using the SID (this is easier when enhancing the file).
2010-01-08s4:provision_self_join.ldif - Adapt comment after implementation of ↵Matthias Dieter Wallnöfer1-2/+2
distributed RIDs
2010-01-08s4-schema: fixes for W2K8-R2 schemaAndrew Tridgell2-35/+143
The schema from WSPP had a number of typos that prevented it from working. These changes allow it to work with Samba, and allow w2k8r2 to run DCPROMO against Samba successfully Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-schema: added msDS-NcType to schema containerAndrew Tridgell1-0/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-schema: fixed attributes of aggregate schemaAndrew Tridgell1-0/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-provision: added W2K8-R2 schema as provided by WSPPAndrew Tridgell2-0/+19529
2010-01-08s4-provision: RID 1000 is consumed by the machine accountAndrew Tridgell1-1/+1
2010-01-08s4-dsdb: added an extended operation for allocating a new RID poolAndrew Tridgell1-0/+1
This will be called by getncchanges when a client asks for a DRSUAPI_EXOP_FSMO_RID_ALLOC operation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-provision: don't hard wire the creation of the RID Set objectAndrew Tridgell3-27/+16
We now create it automatically in the samldb module when the first user is created. The creation of the dns user also had to move to the _modify.ldif as it now relies on the fSMO role being setup for the RID Manager Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-provision: the DC object itself needs a fixed objectSIDAndrew Tridgell1-1/+2
We can't allocate a objectSID until we have rIDSetReferences, but that is in the DC object, so we have to force the objectSID of the DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-08s4-provision: added an initial RID SetAndrew Tridgell2-2/+12
We will allocate RIDs from this set Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-12-31net: Move 'newuser' to 'net newuser'Jelmer Vernooij3-78/+12
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31net: Fix tests and documentation of setexpiry.Jelmer Vernooij1-65/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31net: Move setexpiry to 'net setexpiry'Jelmer Vernooij1-72/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-31net: Move 'setpassword' to 'net setpassword'.Jelmer Vernooij1-74/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-29s4/net: Add domainlevel subcommand.Jelmer Vernooij1-250/+0
2009-12-29s4/net: Make pwsettings a net subcommand.Jelmer Vernooij1-198/+0
2009-12-15s4:provision - Remap conflicting thumbnailPhoto and thumbnailLogo OID's.Endi Sukma Dewata2-0/+8
2009-12-01s4:setup Adjust upgradeprovision blackbox test now we don't have --targetdirAndrew Bartlett1-2/+2
2009-11-28s4:upgrade_from_s3 - Move it back to "setup"Matthias Dieter Wallnöfer1-0/+86
Suggested by Jelmer
2009-11-28s4:setup/provision - ReworkMatthias Dieter Wallnöfer1-5/+24
- Revert change in "ask" - was previously correct - Readd accidentally removed checks for non-null realm and domainname - On interactive mode perform only one "ask" call per question - Inform the user about the unset administrator password
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-1/+1
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4:setup/provision - make the interactive mode work againMatthias Dieter Wallnöfer1-13/+3
2009-11-27s4:upgrade script - rename it to "upgrade_from_s3" and do some reworkMatthias Dieter Wallnöfer1-83/+0
- Give a better name to the script - Move it to the location where also "upgradeprovision" resides - Fix up trailing whitespaces and tabs
2009-11-27s4:upgradeprovision add 'exit $failed' to blackbox testAndrew Bartlett1-0/+2
2009-11-27s4:selftest Add tests for upgradeprovisionAndrew Bartlett1-0/+26
2009-11-24s4:provision Don't bother with a template for the LDAP backend startup script.Andrew Bartlett1-2/+0
2009-11-24s4:provision Move secrets.ldb over to .c file module lists, like sam.ldbAndrew Bartlett1-1/+1
2009-11-24s4:provision Remove 'operational' from secrets.ldb module listAndrew Bartlett1-1/+1
2009-11-23s4:dsdb Move module configuration from each ldb into samba_dsdb.cAndrew Bartlett2-6/+7
This makes getting the module order correct, the obligation of Samba4 developers, and not system administrators. In particular, once an ldb is updated to use only the 'samba_dsdb' module, no further changes to the ldb should be required when upgrading to later Samba4 versions. (thanks to metze for the suggestion of samba_dsdb as a long-term stable name for the module) Andrew Bartlett
2009-11-23s4:provision Simplify the module listAndrew Bartlett1-1/+1
This makes the member server much more like the DC, the objectGUID module replaces the repl_meta_data module. We also generally rework the construction of the list, building a full list in python, and then transforming it into a string, rather than playing string concatonation games Andrew Bartlett
2009-11-17s4:provision_users.ldif - Descriptions generally begin with a majuscleMatthias Dieter Wallnöfer1-2/+2
2009-11-17s4:provision Split up reference creation, load schema earlier in the stackAndrew Bartlett2-13/+23
The schema needs to be loaded above the extended_dn_out modules as otherwise we don't get an extended DN in the search results. The reference split is to ensure we create references after the objects they reference exist. Andrew Bartlett
2009-11-17s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used featuresAndrew Bartlett1-0/+0
These flags, also on dsdb_module_search_dn() allow us to add commonly set controls to this pre-packaged blocking search, without rebuilding the whole function in each caller. Andrew Bartlett
2009-11-16s4:provision - Removed dependency on full Samba 3 schema from FDSEndi S. Dewata3-39/+14
2009-11-04Added security descriptor for the domain NC to provisioning.Nadezhda Ivanova1-0/+1
Necessary for correct descriptor inheritance. Based on the default state of a single DC. Will be modified later when we support multiple DCs.
2009-11-02s4:provision Rework provision to always have a ProvisionBackendAndrew Bartlett1-1/+1
Rather than treat the LDAP backend as a special case, treat all backends the same, with different callbacks. Andrew Bartlett
2009-11-02s4 - SID allocation using FDS DNA pluginEndi S. Dewata6-0/+32
2009-11-02s4:dsdb - Store SID as string in FDS.Endi S. Dewata1-0/+2
2009-11-02s4 - Mapped AD schema to existing FDS schema.Endi S. Dewata3-1/+68
2009-10-23s4:setup Mark 'cn' in secrets as case insensitiveAndrew Bartlett1-0/+1
While this does not matter very much, others may later expect 'cn' to be case insensitive. Andrew Bartlett
2009-10-21s4:provision - rework the "guess_names" and "make_smbconf" methodMatthias Dieter Wallnöfer3-3/+3
- Cleans it up from unnecessary "lower()/upper()" and parameters which can be derived through "lp" calls. - Substitute the "HOSTNAME" caption in the "smb.conf" templates with "NETBIOS_NAME" which fits better. - Now the "realm" and "domain" parameter of the provision are totally case insensitive and the script itself up/downcases them appropriately depending on the use (e.g. "realm" upcase for KERBEROS, lowcase for DNS domainname).