summaryrefslogtreecommitdiffstats
path: root/python/samba/provision
Commit message (Collapse)AuthorAgeFilesLines
* provision: Give a more helpful message when find_provision_key_parameters() ↵Andrew Bartlett2015-03-061-2/+5
| | | | | | | | | | fails Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 6 20:11:52 CET 2015 on sn-devel-104
* s4-dns: Add support for BIND 9.10Amitay Isaacs2014-10-251-1/+5
| | | | | | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Sat Oct 25 05:42:19 CEST 2014 on sn-devel-104
* s4-dns: Update template variables, change BIND98 --> BIND9_8Amitay Isaacs2014-10-251-6/+6
| | | | | | | This makes it easier to add suport for BIND 9.10. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Matthieu Patou <mat@matws.net>
* Fix more pep8 issues in code I touched recently.Jelmer Vernooij2014-10-141-5/+11
| | | | | | Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I35f3204bdf5d00b3280d703427ded2fa2163a6f7
* Remove remaining instance of pep8 E211 (too many spaces before operator).Jelmer Vernooij2014-10-141-2/+2
| | | | | | Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I9af3bf582bba8fc1094addb12cd0a5ce04406b5b
* provision: Change the default functional level of new Samba domains to 2008R2.Andrew Bartlett2014-09-301-1/+1
| | | | | | | Windows 2003 is going out of support shortly, and we want users to have AES by default Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* provision: explain why this is requiredAndrew Bartlett2014-09-271-0/+8
| | | | | | Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* provision: Only create hard links for ForestDnsZones if it exists on this DCAndrew Bartlett2014-09-011-4/+8
| | | | | | | | | | We might be a subdomain, and not host this partition. Andrew Bartlett Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* python: Use the security.dom_sid type for ctx.domsid in join.py and provisionAndrew Bartlett2014-09-011-2/+0
| | | | | | | Change-Id: I1266f77184d68aae6a39a73bac8a432fdd707b2e Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* provision: Use names.domainsid and names.domainguidAndrew Bartlett2014-09-012-41/+46
| | | | | | | | | | | | | This is better than passing around parameters to functions all over the provision stack and makes it easier to pass in a seperate forest SID when we start to support subdomains. Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* provision: Only calculate ForestDNSZone GUID if we need itAndrew Bartlett2014-09-011-5/+4
| | | | | | | Change-Id: Ie33812627ce7ececda681c2d784b1ca97b1b73c4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* provision/sambadns: remove redundant site parameterBjörn Baumbach2014-06-182-3/+4
| | | | | | | | The sitename is already included in "names" parameter. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* provision: Correctly provision the SOA record minimum TTLKai Blin2014-05-211-0/+1
| | | | | | | | | | This fixes bug #10466 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Guenter Kukkukk <kukks@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed May 21 10:55:00 CEST 2014 on sn-devel-104
* samba-tool: make provision check for bind versionGarming Sam2014-03-091-2/+28
| | | | | | | | | | | | (small corrections and TODO added following Jelmer's review by abartlet) Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
* provision: capture slightly less generic exceptions during the test for aclsGarming Sam2014-02-051-2/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* provision: improve error message when connecting to samdb without the ↵Garming Sam2014-02-051-1/+7
| | | | | | | | | correct permissions Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* provision: Fix failures on re-provision incorrectly blamed on posix acl support.Garming Sam2014-02-051-26/+25
| | | | | | | | By doing the test later, there is an actual sam.ldb file that can be connected to. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* provision: Fix string replacement orderingBenjamin Franzke2013-11-111-1/+1
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700Björn Baumbach2013-11-111-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-openldap: Fixed a problem with provisioning with OpenLdapNadezhda Ivanova2013-10-251-1/+1
| | | | | | | | | Credentials are no longer used and there were too many arguments to the constructor Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool domain join subdomain: Rework sambadns.py to allow setup of ↵Andrew Bartlett2013-10-113-39/+68
| | | | | | | | | | | | | | DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
* provision: Remove --username and --password options from samba-tool domain ↵Andrew Bartlett2013-10-112-46/+20
| | | | | | | | | | | | | | | provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDNStefan Metzmacher2013-10-101-8/+8
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104
* provision: Fix comment to refer to correct file (krb5.conf)Andrew Bartlett2013-10-101-3/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-openldap: Restored openldap-related options to the provision scriptNadezhda Ivanova2013-09-262-9/+13
| | | | | | | | | | | At the moment they are only available if TEST_LDAP=yes to avoid accidental use as the openldap backend is still failing some tests Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
* OpenLDAP provisioning tweaksHoward Chu2013-09-181-33/+25
| | | | | | | | | | | | | Remove BerkeleyDB-specific setup. Streamline cn=samba partition initialization - allow any backend type for it. Use back-mdb instead of back-ldif for cn=samba partition Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
* Use SASL/EXTERNAL over ldapi://Howard Chu2013-09-181-3/+4
| | | | | | | | | The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Give slapd a second to startupHoward Chu2013-09-181-1/+1
| | | | | | | | | | | | Moving the sleep to the beginning of the loop avoids most occurrences of the "connection failed" message Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
* Fix OpenLDAP partition configsHoward Chu2013-09-171-0/+22
| | | | | | | | Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett2013-09-171-0/+2
| | | | | | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
* samba-tool domain provision: Make ldap_backend_startup.sh +x and take ↵Andrew Bartlett2013-09-161-2/+5
| | | | | | | optional arguments Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* scripting/join.py: Handle creating the dns-NAME account during a DC joinAndrew Bartlett2013-09-041-3/+8
| | | | | | | | | | This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* python/provision: remove unused linklocal=False argument from interface_ips_v6()Stefan Metzmacher2013-08-301-3/+3
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104
* scripting-provision: Do not enforce domain != realm if we are joining an ↵Andrew Bartlett2013-04-111-4/+5
| | | | | | | | | | | | | | existing domain This will allow us users to join existing oddly named domains without objection from provision. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
* scripting: Fill the ProvisionNames hash with strings, not ldb.MessageElement ↵Andrew Bartlett2013-03-251-8/+7
| | | | | | | | | | | | | or Dn This avoids the need to fix it up again in samba_upgradedns. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
* scripting: Move samba.provision.descriptor to samba.descriptorAndrew Bartlett2013-03-253-420/+2
| | | | | | | | | This will allow dbcheck to import it, without a cirucular dependency via samba.provision importing dbcheck. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* scripting: Make samba.provision.descriptor.get_wellknown_sds() return ldb.Dn ↵Andrew Bartlett2013-03-251-32/+33
| | | | | | | | | | | objects As we look to use this function in more places, it does not make sense to constantly create Dn objects from the strings. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* scripting: Move the list of well known SDs to samba.provision.descriptorAndrew Bartlett2013-03-251-0/+58
| | | | | | | | This will allow us to call this from dbcheck. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Move python modules from source4/scripting/python/ to python/.Jelmer Vernooij2013-03-025-0/+4695
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-06-16 14:25:39 +0000