Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
metze
|
|
|
|
This simple script allows raising the domain and/or forest level for s4.
I integrated also the basic checks (since we don't perform them in LDB yet):
e.g. the forest level can't be higher than the domain level(s).
|
|
|
|
This script helps to reclaim waisted place.
|
|
- The DC level we keep on Windows Server 2008 R2 (we should call ourself
always the newest server type)
- The domain/forest level we set to the minimum (Windows 2000 native) to
allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed"
mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is
set always to 0
- I'll add a script which allows to bump the DC level (basically sets the
"msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and
on the "DC" object)
|
|
- Fix up "servicePrincipalNames" attributes on the DC object
- Add some informative comments (most in "provision_self_join.ldif")
- Add also comments where objects are missing which we may add later when we
support the feature (mainly for FRS)
- Add "domain updates" objects also under "CN=Configuration" (they exist twice)
- Add the default services under "Services" to allow interoperability with some
MS client tools
- Smaller changes
|
|
Fix bug #6723
|
|
|
|
This adds support for the nd464 binding string option
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
|
|
|
|
|
|
- Add/change "wellKnownObjects" attributes
- Order entries in "provision_basedn_modify.ldif"
- Add/change "delete entries" object under BASEDN and CONFIGDN
- Fix default version number of "Default domain policy" group policy
- Add "domain updates" objects for interoperability with MS AD maintaining tools
- Show version number in the "oEMInformation" attribute (suggested by ekacnet)
- Smaller fixups
|
|
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
|
|
- Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags
- Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
|
|
permissions - Reset them
|
|
|
|
|
|
Guenther
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This code eventually calls into mk_priv in the Heimdal code, and if
the client is behind NAT, or somehow has an odd idea about it's own
network addresses, it will fail to accept this packet if we set an
address. It seems easiser not to. (Found by testing with NetAPP at
plugfest)
Andrew Bartlett
|
|
Testing against NetAPP showed that clients can object to being told a
larger max xmit fragment size than they negotiated. Choose the
minimum of the server and client values.
Andrew Bartlett
|
|
|
|
When a partition is first created it still needs a uSNHighest value
|
|
This prepares support for HMAC-SHA256/AES.
metze
|
|
This uses async RPC forwarding for the DsReplicaSync call
|
|
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC
request to another task in Samba4, with the return being handled
asynchronously.
This is useful for forwarding DRS requests to the repl or kcc tasks
|
|
The key DRS calls should only be allowed by administrators or domain
controllers
|
|
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
|
|
When they are of the form of OIDs
|
|
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
|
|
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
|
|
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
|
|
we were setting local_usn after the marshall, so it wasn't going into
the object
|
|
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
|
|
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
In time, this should avoid the astounding (order) complexity of the
objectclass sorting in objectclass.c eventually.
Andrew Bartlett
|
|
This starts the process to have Samba4 use lmhosts.
Andrew Bartlett
|
|
metze
|
|
We don't do well (even just trying to create duplicate
servicePrincipalName values) with some of these combinations, so kill
it off early before the administrator thinks it's going to work.
Andrew Bartlett
|
|
This script can be used to upgrade a provision that didn't integrate extended dn.
It can also be used to add missing extended DN that weren't created during provision.
|