summaryrefslogtreecommitdiff
path: root/source4/setup
AgeCommit message (Collapse)AuthorFilesLines
2008-07-21Make invalid 'member' detection work again.Andrew Bartlett1-0/+4
This defines a rootdn globally, and due to OpenLDAP bugs, gives it manage access to the whole database. This makes the memberOf module able to validate the links again, now we have database ACLs. Andrew Bartlett (This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
2008-07-18Make a seperate template for the refint configuration tooAndrew Bartlett2-0/+5
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)
2008-07-18Put the memberof template into a seperate setup/ file.Andrew Bartlett2-0/+12
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm having with OpenLDAP Andrew Bartlett (This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)
2008-07-15Lock down the LDAP backend - only samba may read or writeAndrew Bartlett1-1/+1
(This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d)
2008-07-15Rework provision to handle both simple and SASL binds.Andrew Bartlett1-3/+3
Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
2008-07-15Connect to the LDAP backend with SASL credentials.Andrew Bartlett7-11/+72
This reworks our LDAP backend code to move from anonymous access to a shared-secret SASL-protected connection. (SASL selects NTLM or DIGEST-MD5 on my system). To get this working, we must pre-populate the LDAP backend with a DN to store ths SASL secret on, and we use back-ldif for this. This gives us a reasonable basis to deploy a replicated OpenLDAP backend solution. Andrew Bartlett (This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett6-22/+21
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-10Avoid the use of extensibleObject in ldap mapping backend.Andrew Bartlett2-19/+141
Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)
2008-06-19Add a blackbox test for the provision-backend script.Andrew Bartlett1-0/+25
This test (as most tests do :-) found a few bugs, also fixed in this commit. Andrew Bartlett (This used to be commit d96a6482dad54d1d27a87107865e833a9c32cf53)
2008-06-11Remove unused import, function.Jelmer Vernooij1-8/+0
(This used to be commit f134a701e7c2d64a684d55691fd66e2aaeb15812)
2008-06-03setpassword should be executableAndrew Tridgell1-0/+0
(This used to be commit b8f2e6321dd06508f9cc48e8d76d20232cb7d60e)
2008-05-30Don't pass an smb.conf to provision tests.Andrew Bartlett3-22/+19
These tests will create their own smb.conf in their prefix anyway. Andrew Bartlett (This used to be commit c0322e8e27d67655b7498b27df0829aa5682a345)
2008-05-29Remove extra spaces on prefixMap input and output.Andrew Bartlett1-34/+34
Metze requested that the format not include spaces, and the input parser already expects this. Andrew Bartlett (This used to be commit 3b1f5d10360ed1b26980d748a7c9be6db5977bd3)
2008-05-29Print prefixMap in a human-readable format.Andrew Bartlett2-16/+36
This should allow the prefixMap to be edited, until we find the right way to autogenerate it. Andrew Bartlett (This used to be commit 24ae9a55ec326807afd8d5bfa0a422a6668bd7c3)
2008-05-23Fix imports for provision-backend.Jelmer Vernooij1-3/+6
This needs a blackbox test... (This used to be commit 268c1de095411991ffb22ee835bfb88f8bce235a)
2008-05-21GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480)Andrew Kroeger1-1/+1
This only solves part of bz #5480. The settings for Enforced & Link Enabled now match the default settings of a Windows DC, but they are still "locked" and cannot be changed via the GUI. (This used to be commit 761e667e45475d3a7d5a41558b400ba4c94c4650)
2008-05-21enableaccount: Use correct command name in usage output.Andrew Kroeger1-1/+1
(This used to be commit 4ca8f32a37196c81547679b2ee8d00cb77a01269)
2008-05-21provision: Generate krb5.conf template separate from named.conf template.Andrew Kroeger2-14/+17
(This used to be commit ebf130e9e57b640129cf0d05dbd7d210b71ea371)
2008-05-22Fix python imports.Jelmer Vernooij3-3/+8
(This used to be commit 453206665677821b254c18cc67192e007b892f04)
2008-05-22use one blackbox script per executable.Jelmer Vernooij3-18/+44
(This used to be commit cd8c8226784c96d7f1dbae006a4853eb50c7b2e2)
2008-05-21Move more modules inside of the samba package.Jelmer Vernooij2-4/+4
(This used to be commit 9b39e99f48266a54ed0b8890c2efde218b4b118a)
2008-05-21Fix reference to removed smbpython.Jelmer Vernooij1-1/+3
(This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1)
2008-05-21Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-localAndrew Bartlett2-27/+109
(This used to be commit 0e429dd1fb15137a2a7c25e051b9af8c4ed8c7f3)
2008-05-20Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett3-1/+12
Fix config.mk due to changing syntax. Conflicts: source/libcli/config.mk source/nbt_server/config.mk (This used to be commit 6a1c76f29f78183f44dfac6f468c5e728d2cb2cf)
2008-05-18provision: Create instructions for enabling DNS GSS-TSIG updates.Andrew Kroeger1-27/+108
Added code to the python provisioning to create the named.conf file that was previously generated by the EJS provisioning. Updated the named.conf template to provide the additional details necessary to get things working. (This used to be commit 0b7a6bfcba1b906dc4d461882b4c3fe3c91c44e0)
2008-05-18provision: Allow DNS GSS-TSIG updates to work.Andrew Kroeger1-0/+1
This change ensures the KVNO of the principal in secrets.ldb (which is also exported to the dns.keytab) matches the KVNO associated with the "dns" user. Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the dns.keytab was 0. KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora) consider KVNO == 0 as a sign to ignore that particular key. (This used to be commit 572efc8e65457a982a8cbb04d3b10e3aae22d574)
2008-05-12Merge branch 'nosmbpython' into v4-0-testJelmer Vernooij3-1/+12
(This used to be commit 9683f7434c7ea01631d8adae9d43274c77ff51de)
2008-05-12Remove JavaScript provision-backend scriptAndrew Bartlett1-188/+0
The library it relied on has already been removed. Andrew Bartlett (This used to be commit 97427731a520283fdd3c8e582ac1f8be7699013e)
2008-05-11Remove python extension from upgrade script.Jelmer Vernooij1-0/+0
(This used to be commit 5268649b7ef60a2caae9cdf66dfeaf6d2037aba3)
2008-05-11Set sys.path for running inside source tree.Jelmer Vernooij3-2/+11
(This used to be commit b507109bb676715f7d9616e13b0e19305e9c2559)
2008-05-11Use system python rather than smbpython.Jelmer Vernooij1-0/+2
(This used to be commit d3df51cd01e53383dcc05923d248db03bc6f62e9)
2008-04-25Remove vampire.py as the 'net' binary is the right interface.Andrew Bartlett1-53/+0
As some future point we might get these scripting interfaces into better shape, and provide a python interface to this functionality again. Andrew Bartlett (This used to be commit 717dcb2c54b1e22b7c8efb322deec55abb7689c2)
2008-04-18change the default idmap range to 3M -> 4MAndrew Tridgell1-3/+2
This gives us a lot more headroom, and means that we have a lower chance of running into real local users (This used to be commit b2dac6645c3bce45ab2178b9f5b4e017486b5b8e)
2008-04-15Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-testAndrew Tridgell3-14/+11
(This used to be commit e891157b4ec7b2f845fb20c4106d80bf169f2072)
2008-04-14make the SMB2 negotiated read and write size settable in smb.confAndrew Tridgell1-0/+2
parametic options: smb2:max read size = NNN smb2:max write size = NNN The defaults are 65536, which is what Vista sets, and what we previously set (This used to be commit 9e60164cae42b5dd95720e48301a2ac57e95482a)
2008-04-14Fix newuser and setpassword scripts, and port to idmap.Andrew Bartlett3-14/+11
The new idmap world does not use the unixUser any more, so we need to set up the entry (if wanted) in the idmap database. Users without a backing unix user will get an allocated uid by idmap later. Andrew Bartlett (This used to be commit 8bd8bc1475ddf22d4702dcd17028a9043a5e629f)
2008-04-11Actually test the different 'fill levels' in the provision process.Andrew Bartlett1-0/+2
This should cover a few more codepaths in the provision script. Andrew Bartlett (This used to be commit 75c8dc6c6f3134bb78356630f24617aaeb869344)
2008-04-09Be consistant in using ${SEVERDN}.Andrew Bartlett5-7/+7
This ensures we don't fall out of sync with the provision scripts. Andrew Bartlett (This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a)
2008-04-08Re-add support for the --ldap-backend-port option to provision-backendAndrew Bartlett1-7/+8
This option allows Fedora DS multi-master replication to work. I've tried to update the wiki and scripts to the largely consistant with each other. Andrew Bartlett (This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f)
2008-04-04Clean up provision and rootdse module to hard-code less stuff.Andrew Bartlett1-3/+2
In particular, allow for the server DN to be in a different site (possible outcome of a DRS replication). Andrew Bartlett (This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1)
2008-04-02Fix conflicts in setup/provision script.Andrew Bartlett1-8/+0
(This used to be commit 696b58f5dd8370b7ee0670c7a3e5db10234b41ff)
2008-04-02Fix merge of my host GUID removal and the IPv6 addition to provisionAndrew Bartlett2-1/+13
Merge branch 'v4-0-ipv6' of git://git.id10ts.net/samba into 4-0-abartlet Andrew Bartlett (This used to be commit d3336684f084f984500dd0893dd01bcfc5be0ab1)
2008-04-01provision: Add support for IPv6 (bz #4593).Andrew Kroeger2-2/+6
(This used to be commit 8585a3c77d5dfe97bca3f08716fc06ac2819f578)
2008-04-02Remove references to setting the host GUID, as the repl_meta_dataAndrew Bartlett2-6/+3
module prohibits it anyway. Andrew Bartlett (This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91)
2008-03-29Rework 'compleated' message in provision to be more useful.Andrew Bartlett1-9/+0
In particular, this should draw attention to accidential 'standalone' server provisions and therefore cause less frustration. Andrew Bartlett (This used to be commit e906ae041a2b589ffceff97b74f7c4b01386382a)
2008-03-28Fix and test python scripts and kerberosAndrew Bartlett3-6/+10
This fixes up the python credentials interface in a number of areas, with the aim of supporting '-k yes' as a command line option. (This enables the use of kerberos). As such, I've had to change the get_credentials call to take a loadparm context, so that the credentials can be initialised correctly. The test_kinit script has been modified to prove that this continues to work, as well as to provide greater code coverage of the kerberos paths. Andrew Bartlett (This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
2008-03-28Convert some more files to GPLv3.Andrew Kroeger4-4/+4
(This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907)
2008-03-28Add tool for enabling accountsAndrew Bartlett1-0/+74
(This used to be commit 2e14b4ea64ba7e223f29b5b535b1b1be326f711c)
2008-03-28Make the setup/newuser and setup/setpassword scripts actually work...Andrew Bartlett2-127/+60
These need a testsuite, but this will come soon. Andrew Bartlett (This used to be commit fbcaa622bd1929399e32326349e96b6676a49b96)
2008-03-26Remove old js versions of newuser and provision.Andrew Bartlett3-339/+61
Andrew Bartlett (This used to be commit 861a85985d2d27f58cb8fa2fef0d445c7dac94c6)