summaryrefslogtreecommitdiff
path: root/source4/setup
Commit message (Collapse)AuthorAgeFilesLines
...
* dns_update_list: Add in NS recordsAndrew Bartlett2016-06-161-0/+3
| | | | | | | This is as suggested by metze in 4383ec5b83d12bd19749582217f082cbaa31a128 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Use random OIDs from under the Samba OID arcAndrew Bartlett2016-06-061-0/+11
| | | | | | | | | | | | | | The urgent_replication.py test used the OID of uid, and this caused other tests to fail The other random OIDs should have been from under our arc, not under iso.member-body.us We split up the range a little to avoid some of the birthday paradox, in the tests that create multiple OIDs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz
* build:wafsamba: Install named.conf only onceThomas Nagy2015-11-161-1/+1
| | | | | | | | | | The wildcard *.conf already lists named.conf. Adding files more than once will cause unnecessary rebuilds and raise errors in later Waf versions. Signed-off-by: Thomas Nagy <tnagy@waf.io> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dbcheck: Add explict tests for unknown and unsorted attributeID valuesAndrew Bartlett2015-08-241-0/+1
| | | | | | | | | | | | | | | | | | | | Unknown attributeID values would cause an exception previously, and unsorted attributes cause a failure to replicate with Samba 4.2. In commit 61b978872fe86906611f64430b2608f5e7ea7ad8 we started to sort these values correctly, but previous versions of Samba did not sort them correctly (we sorted high-bit-set values as negative), and then after 9c9df40220234cba973e84b4985d90da1334a1d1 we stoped accepting these. To ensure we are allowed to make this unusual change to the replPropertyMetaData, a new OID is allocated and checked for in repl_meta_data.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-setup: Add saltPrincipal to secrets_dns.ldifAndreas Schneider2015-04-241-0/+1
| | | | | | | | | | | | This adds the correct salt principal to the secretsdb so that we generate a valid keytab entries for AES and DES keys. The test doesn't fails with Heimdal cause it always uses RC4 which doesn't have a salt. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Apr 24 13:02:37 CEST 2015 on sn-devel-104
* s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requestsKamen Mazdrashki2015-02-031-0/+1
| | | | | | | | | | | | | | | | Tombstone reanimation requries some special handling which is going to affect several modules. Most notably: - a bit different access checks in acl.c - restore certain attributes during modify requests in samldb.c Control added also to schema_samba4.ldif by Andrew Bartlett hence the "pair programmed with" tag. Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵Andrew Bartlett2015-01-151-0/+1
| | | | | | | | | | | | | | | | changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
* s4-dns: Add support for BIND 9.10Amitay Isaacs2014-10-251-0/+3
| | | | | | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Sat Oct 25 05:42:19 CEST 2014 on sn-devel-104
* s4-dns: Update template variables, change BIND98 --> BIND9_8Amitay Isaacs2014-10-251-4/+4
| | | | | | | This makes it easier to add suport for BIND 9.10. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Matthieu Patou <mat@matws.net>
* selftest: Fix test samba4.blackbox.group.pyMarc Muehlfeld2014-10-231-12/+12
| | | | | | | | | | | The test created two users and in later steps it tried adding two non-existend users to groups. This fix adds now the two created accounts to the groups instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10871 Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:setup/dns_update_list: make use of the new substitution variablesStefan Metzmacher2014-08-261-36/+46
| | | | | | | | | | | | | | | | | | | This let us register the same names as Windows Servers. We only exception are the NS records. In future we could add them by using something like this: samba-tool dns add ${HOSTNAME} ${DNSDOMAIN} @ NS ${HOSTNAME} samba-tool dns add ${HOSTNAME} _msdcs.${DNSFOREST} @ NS ${HOSTNAME} samba-tool dns add ${HOSTNAME} ${DNSFOREST} _msdcs NS ${HOSTNAME} Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 26 11:38:54 CEST 2014 on sn-devel-104
* selftest: make blackbox_setpassword.sh test run independentlyAndrew Bartlett2014-04-021-0/+2
| | | | | | Change-Id: I8f3cdfc2c66800f9a1e11aec4f25a42752b6b205 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool: make provision check for bind versionGarming Sam2014-03-091-2/+2
| | | | | | | | | | | | (small corrections and TODO added following Jelmer's review by abartlet) Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
* samba-tool domain join subdomain: Rework sambadns.py to allow setup of ↵Andrew Bartlett2013-10-113-75/+16
| | | | | | | | | | | | | | DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
* provision: Remove --username and --password options from samba-tool domain ↵Andrew Bartlett2013-10-111-1/+1
| | | | | | | | | | | | | | | provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-openldap: Restored openldap-related options to the provision scriptNadezhda Ivanova2013-09-261-6/+6
| | | | | | | | | | | At the moment they are only available if TEST_LDAP=yes to avoid accidental use as the openldap backend is still failing some tests Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
* OpenLDAP provisioning tweaksHoward Chu2013-09-184-32/+13
| | | | | | | | | | | | | Remove BerkeleyDB-specific setup. Streamline cn=samba partition initialization - allow any backend type for it. Use back-mdb instead of back-ldif for cn=samba partition Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
* Use SASL/EXTERNAL over ldapi://Howard Chu2013-09-181-0/+4
| | | | | | | | | The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Fix OpenLDAP partition configsHoward Chu2013-09-171-3/+50
| | | | | | | | Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* scripting/join.py: Handle creating the dns-NAME account during a DC joinAndrew Bartlett2013-09-041-1/+1
| | | | | | | | | | This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* provision: Rewrite named.txt to be more usefulAndrew Bartlett2013-08-291-16/+20
| | | | | | | | | | | | | We already chown the dns.keytab file, so remove the suggestion to do that, and instead explain why we can not use chroot (an often-requested feature). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Björn Jacke <bj@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Thu Aug 29 13:53:25 CEST 2013 on sn-devel-104
* selftest: Remove output directories to save disk spaceAndrew Bartlett2013-03-041-7/+11
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Add ldapcmp to ensure upgradeprovision of a fresh DB is a no-opAndrew Bartlett2013-03-041-1/+33
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* provision: fix nTSecurityDescriptor of containers in the DnsZones (bug #9481)Stefan Metzmacher2013-01-271-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: fix nTSecurityDescriptor attributes of CN=*,${CONFIGDN} (bug #9481)Stefan Metzmacher2013-01-273-0/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: fix nTSecurityDescriptor of CN={LostAndFound,System},${DOMAINDN} ↵Stefan Metzmacher2013-01-271-0/+2
| | | | | | | (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests: remove redondent testsuites in provisionMatthieu Patou2013-01-211-6/+1
| | | | | | | | | | Removed provision are already tested somewhere else. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
* s4:provision: set the correct nTSecurityDescriptor on CN=Domain ↵Stefan Metzmacher2012-12-111-0/+1
| | | | | | | | | | Controllers,... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
* s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)Stefan Metzmacher2012-12-111-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug ↵Stefan Metzmacher2012-12-111-0/+1
| | | | | | | #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)Stefan Metzmacher2012-12-111-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... ↵Stefan Metzmacher2012-12-111-0/+1
| | | | | | | (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-111-0/+1
| | | | | | | CN=Sites,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-111-0/+1
| | | | | | | CN=Partitions,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2012-11-301-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2012-11-301-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACLStefan Metzmacher2012-11-301-0/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* Removed phpldapadmin inclusion for Samba 4.Ricky Nance2012-10-171-20/+0
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
* s4:scripting: rename upgradeprovision -> samba_upgradeprovisionStefan Metzmacher2012-09-121-2/+2
| | | | metze
* s4:setup: remove standalone 'provision'Stefan Metzmacher2012-09-122-279/+0
| | | | metze
* s4:setup/tests: make use of samba-tool domain provisionStefan Metzmacher2012-09-116-19/+19
| | | | metze
* s4:provision: ask the admin about the desired DNS implementationStefan Metzmacher2012-09-101-0/+6
| | | | | | | | | | In interactive mode we should let the admin confirm which implementation he wants. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 10 11:45:08 CEST 2012 on sn-devel-104
* selftest: Fix comment in blackbox_s3upgrade.shAndrew Bartlett2012-08-281-1/+1
|
* selftest: Specify --use-ntvfs when testing the group codeAndrew Bartlett2012-08-231-1/+1
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the newuser codeAndrew Bartlett2012-08-231-1/+1
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the LDAP backend init codeAndrew Bartlett2012-08-231-5/+5
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs to provision in test scriptsAndrew Bartlett2012-08-224-15/+15
| | | | | | | | Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett
* dsdb: Allocate new OID to allow updates of a read-only replicaAndrew Bartlett2012-07-181-0/+1
| | | | | | | Normally this would be a very bad idea, but the specific case of fixing the instanceType is the only case where this makes sense. Andrew Bartlett
* s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrsGeza Gemes2012-07-132-1/+510
| | | | | | | | | | When provisioning with --use_rfc2307=yes populate the subtree: CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it possible to manipulate the posix attributes via ADUC (commit message adjusted by abartlet) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIGAndrew Bartlett2012-07-031-1/+1
| | | | | | This support is too painful to use. Andrew Bartlett
View Lorry Controller Status