Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-28 | s4-provision: simplify our generated krb5.conf | Andrew Tridgell | 1 | -14/+1 | |
we don't want to force the KDC to be ourselves, we should be using DNS to find a live KDC. Also remove some other options and allow the krb5 lib to use defaults. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-28 | s4-provision: fixed the authority response for our SOA record | Andrew Tridgell | 1 | -1/+1 | |
some clients rely on this being the hostname, not the domain Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4 provision: start with gpo of version 0 and be consistent between ↵ | Matthieu Patou | 1 | -2/+2 | |
different policies | |||||
2010-09-26 | s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only | Andrew Tridgell | 1 | -1/+0 | |
2010-09-26 | s4-provision: switch to dns-HOSTNAME instead of dns | Andrew Tridgell | 3 | -18/+10 | |
We now use a host specific account name for the DNS account, which is the account used for dynamic DNS updates. We also setup the servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN} and DNS/${DNSNAME} for compatibility with both the old and new SPNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4-kerberos Rework keytab handling to export servicePrincipalName entries | Andrew Bartlett | 1 | -1/+1 | |
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett | |||||
2010-09-24 | s4:provision - rootdse - remove static "ldapServiceName" attribute | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:provision - rootdse - remove static "dnsHostName" attribute | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-24 | s4:provision - rootdse - remove the static attribute "serverName" | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-12 | s4:setup/provision_self_join.ldif - now the samldb LDB module detects ↵ | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
automatically that this is a DC account | |||||
2010-09-10 | s4:provision: remember the setup directory if it wasn't the default | Stefan Metzmacher | 3 | -0/+3 | |
This fixes make test without a make install. metze | |||||
2010-09-09 | s4-setup Make krb5.conf use DNS by default | Andrew Bartlett | 1 | -2/+2 | |
We set up our DNS pretty well these days, and I think the previous setting was only there because Andrew Kroeger copied this out of our selftest code in bf3f3af92677bce8f03b0dd2be552d6c8c730ca1. Andrew Bartlett | |||||
2010-09-08 | setup: Use standard octal ints rather than harcoding. | Jelmer Vernooij | 1 | -2/+1 | |
2010-08-19 | unit tests: debug to ease locating pb, remove dir if exists to avoid error | Matthieu Patou | 1 | -2/+8 | |
2010-08-17 | s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards contain a record with the specified old password as NT and/or LM hash. | |||||
2010-07-31 | s4:blackbox/newuser: use test specific user names | Stefan Metzmacher | 1 | -10/+10 | |
As this test doesn't delete the user accounts at the end, we should use test specific user names. That lowers the chance of conflicts with other tests. metze | |||||
2010-07-15 | s4 dsdb: create a new control: changereplmetadata | Matthieu Patou | 1 | -0/+1 | |
This control is designed to allow replmetadata to be specified Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-10 | s4:provision: remove --policy-guid and --policy-guid-dc cmdline options | Stefan Metzmacher | 1 | -5/+0 | |
metze | |||||
2010-07-10 | s4 unittests: remove the provision directory before (re)generating | Matthieu Patou | 3 | -0/+3 | |
2010-07-10 | s4 net: Add spn module to list/add/remove spn on objects | Matthieu Patou | 1 | -0/+33 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-07-05 | s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID | Stefan Metzmacher | 1 | -0/+1 | |
When importing users from Samba3 we need to control all values. metze | |||||
2010-07-03 | s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
Now we should have fixed all password related tests to cooperate with this value | |||||
2010-06-26 | s4:provision: add entries for root dns servers | Stefan Metzmacher | 1 | -0/+72 | |
metze | |||||
2010-06-26 | s4:provision: move Samba4 specific DNS stuff to its own file | Stefan Metzmacher | 3 | -20/+31 | |
metze | |||||
2010-06-26 | s4:provision: add --next-rid option | Stefan Metzmacher | 1 | -1/+3 | |
Make it possible to provision a domain with a given next rid counter. This will be useful for upgrades, where we want to import users with already given SIDs. metze | |||||
2010-06-26 | s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' | Stefan Metzmacher | 4 | -3/+13 | |
On Windows dcpromo imports nextRid from the local SAM, which means it's not hardcoded to 1000. The initlal rIDAvailablePool starts at nextRid + 100. I also found that the RID Set of the local dc should be created via provision and not at runtime, when the first rid is needed. (Tested with dcpromo on w2k8r2, while disabling the DNS check box). After provision we should have this (assuming nextRid=1000): rIDAllocationPool: 1100-1599 rIDPrevAllocationPool: 1100-1599 rIDUsedPool: 0 rIDNextRID: 1100 rIDAvailablePool: 1600-1073741823 Because provision sets rIDNextRid=1100, the first created account (typically DNS related accounts) will get 1101 as rid! metze | |||||
2010-06-24 | Revert "s4:provision.ldif - fix the number of available RIDs" | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
This reverts commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a. As per request of metze revert this (cause written on the mailing list). | |||||
2010-06-24 | s4:provision.ldif - fix the number of available RIDs | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
There should be 4611686014132422209 and not 4611686014132422109. | |||||
2010-06-24 | s4:provision.ldif - this Win2003 revision level seems always to be "9" on ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Windows Server 2008 machines | |||||
2010-06-24 | s4:provision_users.ldif - change a group description to be correct | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-06-24 | s4:setup/provision.reg - raise version to Windows Server 2008 R2 | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-06-20 | selftest: Use scripted testparm. | Jelmer Vernooij | 1 | -1/+2 | |
2010-06-20 | make test modules for net group set of commands and modification to the ↵ | Lukasz Zalewski | 2 | -1/+82 | |
newuser to include additional parameters Signed-off-by: Jelmer Vernooij <jelmer@samba.org> | |||||
2010-06-20 | ldb: add a new control bypassioperationnal | Matthieu Patou | 1 | -0/+1 | |
Signed-off-by: Jelmer Vernooij <jelmer@samba.org> | |||||
2010-06-16 | s4:provision Add import for DS_DOMAIN_FUNCTION_2000 | Andrew Bartlett | 1 | -0/+1 | |
2010-06-16 | s4:provision Allow functional level 2000 to be chosen | Andrew Bartlett | 1 | -1/+3 | |
2010-06-16 | s4:dsdb Add control for signaling between repl_meta_data and linked_attributes | Andrew Bartlett | 1 | -0/+1 | |
This control will allow the linked_attributes module to know if repl_meta_data has already handled the creation of forward and back links. Andrew Bartlett | |||||
2010-06-14 | s4:provision: Make gc._msdcs DNS entries A/AAAA records | Andrew Kroeger | 1 | -1/+2 | |
When adding an additional DC as a GC server, the new DC attempts to register its own gc._msdcs records. If the existing gc._msdcs record is a CNAME, BIND fails the update with the message "attempt to add non-CNAME alongside CNAME ignored", and the new DC is not registered as a GC server. The A & AAAA record types for gc._msdcs have been verified against the DNS server of a W2K8 DC. | |||||
2010-06-13 | s4:fix allocated control OIDs for "password_hash" LDB module | Matthias Dieter Wallnöfer | 1 | -3/+5 | |
The password hash module controls overlapped others. Sorry, but the "schema_samba4.ldif" hasn't been kept up-to-date. | |||||
2010-06-13 | Friendlier message. | Jelmer Vernooij | 1 | -2/+2 | |
2010-06-13 | upgradeprovision: Use logging infrastructure. | Jelmer Vernooij | 1 | -7/+11 | |
2010-06-13 | s4-python: Start using standard python logging infrastructure rather | Jelmer Vernooij | 1 | -8/+11 | |
than simple messaging callbacks. | |||||
2010-06-06 | s4:provision - fix typo in substitution variable | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-05-24 | s4:setup/*.ldif - remove unneeded "cn" attributes | Matthias Dieter Wallnöfer | 2 | -2/+0 | |
Should be generated automatically | |||||
2010-05-13 | s4:domain functional level - it is also specified in the domain object under ↵ | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
partitions Discovered by the "ldapcmp" tool | |||||
2010-05-13 | s4:provision_configuration.ldif - add more extended rights objects | Matthias Dieter Wallnöfer | 1 | -0/+60 | |
2010-05-13 | s4:provision_users.ldif - fix up and reorder the well-known security principals | Matthias Dieter Wallnöfer | 1 | -5/+10 | |
2010-05-13 | s4:provision_configuration.ldif - add more Windows 2008 forest operations | Matthias Dieter Wallnöfer | 1 | -0/+120 | |
2010-05-13 | s4:provision_configuration.ldif - the revision level of "Windows2003Update" ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
should obviously be 10 Compared against my Windows Server 2008 and Zahari's output. | |||||
2010-05-13 | s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" ↵ | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
operation is of version 3 |