Age | Commit message (Collapse) | Author | Files | Lines |
|
Not all DCs are automatically DNS servers.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 1 12:20:36 UTC 2010 on sn-devel-104
|
|
SID modifications are denied.
|
|
This is now done by the "samba_spnupdate" script.
|
|
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 27 16:32:28 UTC 2010 on sn-devel-104
|
|
"wellKnownObjects"
This is the correct AD operation in this case. Multi-valued replaces are
generally denied most of the time.
|
|
This should help to fix bug #7403.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
|
|
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
|
|
LDB_CONTROL_BYPASS_OPERATIONAL_OID
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
|
|
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.
Andrew Bartlett
|
|
This isn't valid in current OpenLDAP versions.
Andrew Bartlett
|
|
For some reason we had both options, and --ldap-backend-nosync is
the better name.
Andrew Bartlett
|
|
"isCriticalSystemObject"
It recognizes it now automatically.
|
|
fix
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Oct 11 14:29:10 UTC 2010 on sn-devel-104
|
|
these have crept into the tree over time. Maybe we should add testing
of a range of python versions to autobuild?
|
|
Doesn't change much - but nicer to read.
Btw: is the testdata/samba3 stuff still needed ("provision_samba3sam.ldif"...)?
It seems a bit outdated.
|
|
* multiline data
* doublequoted value name
* handle windows format CRLF
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
This needs always to be done after a control allocation otherwise we end up in
double-allocations and unexpected behaviour.
|
|
sideeffect of tests.py.
|
|
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
some clients rely on this being the hostname, not the domain
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
|
|
different policies
|
|
|
|
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
automatically that this is a DC account
|
|
This fixes make test without a make install.
metze
|
|
We set up our DNS pretty well these days, and I think the previous setting
was only there because Andrew Kroeger copied this out of our selftest code
in bf3f3af92677bce8f03b0dd2be552d6c8c730ca1.
Andrew Bartlett
|
|
|
|
|
|
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
|
|
As this test doesn't delete the user accounts at the end,
we should use test specific user names. That lowers the
chance of conflicts with other tests.
metze
|
|
This control is designed to allow replmetadata to be specified
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
When importing users from Samba3 we need to control all values.
metze
|
|
Now we should have fixed all password related tests to cooperate with this value
|
|
metze
|
|
metze
|
|
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.
metze
|
|
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.
The initlal rIDAvailablePool starts at nextRid + 100.
I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
check box).
After provision we should have this (assuming nextRid=1000):
rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100
rIDAvailablePool: 1600-1073741823
Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!
metze
|
|
This reverts commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a.
As per request of metze revert this (cause written on the mailing list).
|
|
There should be 4611686014132422209 and not 4611686014132422109.
|
|
Windows Server 2008 machines
|
|
|