summaryrefslogtreecommitdiffstats
path: root/source4/scripting/python/samba/provision.py
Commit message (Collapse)AuthorAgeFilesLines
* samba.provision: Add package with provision and backend modules.Jelmer Vernooij2010-11-281-1958/+0
|
* s4-python: Fix formatting of docstrings for the purpose of pydoctor.Jelmer Vernooij2010-11-281-6/+6
|
* s4-provision: fixed eadb automatic and manual setting in provisionAndrew Tridgell2010-11-261-1/+1
| | | | | | we should not set posix:eadb in lp in the acl native test code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-provision: don't try to look for an IPv6 address when not specifiedAndrew Tridgell2010-11-261-11/+0
| | | | | | | | the getaddrinfo() method of finding an IPv6 address is incorrect. We could do it via the Samba interfaces code, but until we have that it is better to not try to auto-detect IPv6 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-provision: setup posix:eadb using lp.set()Andrew Tridgell2010-11-171-5/+2
| | | | | this allows it to override a setting made during the automatic testing of xattr support
* s4-provision: add log messages about IP lookupAndrew Tridgell2010-11-171-0/+2
| | | | | the IPv6 lookup can be very slow if a DNS server in the search list is unavailable. It's good to let the user know what its doing.
* s4-provision UTF16 encode the password in sam.ldb, not secrets.ldbAndrew Bartlett2010-11-111-2/+2
| | | | | | | | | | The password in secrets.ldb is UTF8, while clearTextPassword in sam.ldb is UTF16. This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which had these the wrong way around. Andrew Bartlett
* s4-provision: include command line provision options in the generated smb.confAndrew Tridgell2010-11-111-11/+22
| | | | | | | | this saves the smb.conf using lp.dump_globals() to ensure that any command line options (for example directory overrides) are saved in the generated smb.conf Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-join: use the command line loadparm in provision during a joinAndrew Tridgell2010-11-111-8/+12
| | | | | | | this allows a join with an empty smb.conf to override locations of files correctly with --option Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:provision.py - strip trailing whitespacesMatthias Dieter Wallnöfer2010-11-091-106/+106
|
* s4:provision - switch to "clearTextPassword" for setting passwordsMatthias Dieter Wallnöfer2010-11-091-4/+4
| | | | | | | This is the default password set/change attribute for s4 specific purposes (otherwise in respect to Windows it's "unicodePwd"). We move away from "userPassword" since on Windows it's not activated by default - and s4 will follow soon.
* provision: Look for in source setup data first, in case an older versionJelmer Vernooij2010-11-031-16/+28
| | | | of samba 4 is installed in the system.
* s4:provision - adapt the "provision" so that SIDs are only set on entry creationMatthias Dieter Wallnöfer2010-11-011-8/+4
| | | | SID modifications are denied.
* s4:provision - remove the "servicePrincipalName" creation on the DC objectMatthias Dieter Wallnöfer2010-10-311-8/+0
| | | | This is now done by the "samba_spnupdate" script.
* provision: fix wrong testsMatthieu Patou2010-10-301-6/+11
| | | | | Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Oct 30 17:31:23 UTC 2010 on sn-devel-104
* provision: when deriving netbiosname from hostname force the netbiosname to ↵Matthieu Patou2010-10-301-3/+13
| | | | | | | | | be compliant It means no space/_/-/@.... and less than 16 chars. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Oct 30 14:26:22 UTC 2010 on sn-devel-104
* s4:provision.py - add the correct "CN=Sites" security descriptorMatthias Dieter Wallnöfer2010-10-231-5/+20
| | | | | | | This should help to fix bug #7403. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
* s4-provisionbackend Allow a fixed URI to be specified for LDAP backendAndrew Bartlett2010-10-191-37/+39
| | | | | | | | This is added to make the 'existing' LDAP backend class more useful, and to allow debuging of our OpenLDAP backend class with wireshark, by forcing the traffic over loopback TCP, which is much easier to sniff. Andrew Bartlett
* s4-provision Remove serverdn parameter from Schema()Andrew Bartlett2010-10-191-3/+2
| | | | | | | We don't need to know the server DN here any more, and it makes no sense for many callers. Andrew Bartlett
* s4-provision: Reset "debuglevel" after "provision" take placeKamen Mazdrashki2010-10-051-7/+9
| | | | | | | | Otherwise "provision" resets our current debug level and we don't get debug messages we may expect onwards Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Tue Oct 5 11:32:50 UTC 2010 on sn-devel-104
* s4-selftest: silence warnings about bind chownAndrew Tridgell2010-10-021-2/+2
|
* s4-test: silence the Failed to chown message in make testAndrew Tridgell2010-10-021-3/+5
|
* s4-provision: wipe the old keytabs when provisioningAndrew Tridgell2010-09-301-4/+16
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-provision: fixed the generation of the krb5.conf for vampireAndrew Tridgell2010-09-271-6/+6
| | | | we need a correct krb5.conf for nsupdate from bind9
* s4 provision: start with gpo of version 0 and be consistent between ↵Matthieu Patou2010-09-261-1/+1
| | | | different policies
* s4 provision: Make GPO folder group writableMatthieu Patou2010-09-261-3/+3
| | | | | | The group of this folder is domain administrator and it seems sensible that all domain administrators have the right to modify the gpo (they have it at the NT ACLs level ...)
* s4-provision: switch to dns-HOSTNAME instead of dnsAndrew Tridgell2010-09-261-7/+23
| | | | | | | | | We now use a host specific account name for the DNS account, which is the account used for dynamic DNS updates. We also setup the servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN} and DNS/${DNSNAME} for compatibility with both the old and new SPNs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:provision - rootdse - remove static "ldapServiceName" attributeMatthias Dieter Wallnöfer2010-09-241-3/+0
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:provision - rootdse - remove static "dnsHostName" attributeMatthias Dieter Wallnöfer2010-09-241-1/+0
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:provision.py - support still not fully provisioned trees regarding the ↵Matthias Dieter Wallnöfer2010-09-241-2/+11
| | | | | | | | rootDSE module We simply override the NTDS settings path manually Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:provision.py - make more use of "names.serverdn" on NTDS settings locationMatthias Dieter Wallnöfer2010-09-241-2/+2
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij2010-09-221-2/+1
|
* s4:provision: remember the setup directory if it wasn't the defaultStefan Metzmacher2010-09-101-0/+8
| | | | | | This fixes make test without a make install. metze
* s4-provision: fixed error format stringAndrew Tridgell2010-09-091-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4 provision: POLICY_ACL is already an FS acl no need to translate itMatthieu Patou2010-08-191-2/+1
|
* s4 provision: Add some documentation to GPO related functionsMatthieu Patou2010-08-191-13/+56
|
* s3-provision: cope with the policy directory already existingAndrew Tridgell2010-08-171-3/+8
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:provision Handle machine account password changes while keeping keytabAndrew Bartlett2010-07-151-15/+23
| | | | | | | | | The challenge here is to update the existing record if it already exists, rather than deleting the old record. This ensures that the secrets.keytab handling code keeps the previous password in the keytab. Andrew Bartlett
* s4 provision: use correct GUID for default policiesMatthieu Patou2010-07-101-2/+7
| | | | | | | | | The value of GUID for policy is not random for default policies, it is described here ("How Core Group Policy Works"): http://technet.microsoft.com/en-us/library/cc784268%28WS.10%29.aspx at paragraph System\Policies Container. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:provision Add an msDS-SupportedEncryptionTypes entry to our DCAndrew Bartlett2010-06-291-1/+16
| | | | | | | | This ensures that our DC will use all the available encyption types. (The KDC reads this entry to determine what the server supports) Andrew Bartlett
* s4:provision.py - fix comment regarding DNS entriesMatthias Dieter Wallnöfer2010-06-261-1/+1
| | | | | I think this should mean partially Samba4 specified (all beside the "dns" account is standard)
* s4:provision: move Samba4 specific DNS stuff to its own fileStefan Metzmacher2010-06-261-1/+8
| | | | metze
* s4:provision: add --next-rid optionStefan Metzmacher2010-06-261-2/+13
| | | | | | | | Make it possible to provision a domain with a given next rid counter. This will be useful for upgrades, where we want to import users with already given SIDs. metze
* s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool'Stefan Metzmacher2010-06-261-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | On Windows dcpromo imports nextRid from the local SAM, which means it's not hardcoded to 1000. The initlal rIDAvailablePool starts at nextRid + 100. I also found that the RID Set of the local dc should be created via provision and not at runtime, when the first rid is needed. (Tested with dcpromo on w2k8r2, while disabling the DNS check box). After provision we should have this (assuming nextRid=1000): rIDAllocationPool: 1100-1599 rIDPrevAllocationPool: 1100-1599 rIDUsedPool: 0 rIDNextRID: 1100 rIDAvailablePool: 1600-1073741823 Because provision sets rIDNextRid=1100, the first created account (typically DNS related accounts) will get 1101 as rid! metze
* s4:provision: pass relax control also to modify_ldifStefan Metzmacher2010-06-261-2/+2
| | | | metze
* s4:provision Raise default max functional level to 2008R2Andrew Bartlett2010-06-231-3/+3
| | | | | | | | | We don't support many of the extra features, but that applies across many other parts of AD. Allow the admin to join a 2008R2 domain if he or she wants. This also makes it possible to test 2008R2 domain code in 'make test' Andrew Bartlett
* s4:provision Remove am_rodc from SchemaAndrew Bartlett2010-06-231-3/+2
| | | | | The SamDB created in the schema code isn't real enough to care if it's an rodc or not.
* libds:common Remove DS_DC_* domain functionality flagsAndrew Bartlett2010-06-231-2/+2
| | | | | | These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set. Andrew Bartlett
* provision: Look for Samba prefix a bit harder.Jelmer Vernooij2010-06-201-4/+6
|
* provision: Properly cancel transactions on the secrets ldb.Jelmer Vernooij2010-06-201-122/+131
|
generated by cgit (git 2.34.1) at 2025-06-15 00:12:34 +0000