| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This shouldn't be specified on creation time (Windows Server doesn't allow that).
Hope this also fixes the test (see buildfarm).
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a function which performs the check for the supported forest and
domain function levels. On an unsuccessful result a textual error message can
be created (parameter "errmsg" != NULL) which gives hints for the user to help
him fixing the issue.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The second "nTMixedDomain" attribute (under Partitions/Domain-DN) is only a
copy of the one under the directory root object. Therefore there doesn't exist
the "Windows 2000 Mixed" forest level.
|
| | |/
|/|
| |
| |
| | |
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
|
| |/
|
|
|
|
|
| |
Since this code may still have some problems, it is not executed by default.
To enable descriptor inheritance add:
acl:inheritance = true
in your smb.conf
|
| | |
|
| |
|
|
| |
I found this through a compile warning. Hope that I got this right.
|
| |
|
|
|
|
|
| |
I reread some docs about this attributes and it seems that this as mapping
attribute isn't host specific but in common for the whole domain. To allow
Windows DCs to join our s4 domain sooner or later we have to provide the full
attribute.
|
| |
|
|
|
|
|
|
| |
- The tool displays now also mixed/interim domain levels and warns about them
(s4 isn't capable to run on them)
- But it allows now also to raise/step-up from them
- It displays now also levels higher than 2008 R2 (altough we don't support them
yet) but to be able to get a correct output
|
| |
|
|
| |
metze
|
| |
|
|
|
|
|
|
|
|
| |
Windows Servers allow OID strings to be used instead of
attribute/class names.
For now we only resolve the OIDs in the search expressions,
the rest will follow.
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
There is also an option to disable the security check
by specifying in the smb.conf file:
drs:disable_sec_check = true
|
| |
|
|
|
|
| |
I had to think about how to encode the string 0x0001 (taken from Windows Server).
The problem is due to the "0" byte at the beginning of it. BASE64 encoding
seems a good method to do it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The problem here was that we take an address of a bool, and then (via
a void*) cast it to a int *, so put this in a comment.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
we depend on reads in transactions for s4 replication
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
never pass a bool pointer to popt
|
| | |
|
| |
|
|
| |
I should remember to run script/minimal_includes.pl more often
|
| |
|
|
|
|
|
|
|
| |
- I added a comment to the "new user" operation to point out that this works
only on s4, since we add also ID mapping entries for winbind there
- The "new user" operation adds now the password through the "set password"
operation which I find better due to the re-use principle
- Remove the word "DC" after "SAMBA 4" in the comment over the "set password"
operation since this note and operation applies also to s4 in standalone mode
|
| |
|
|
|
| |
We don't implement sites properly at the moment so we just return
Default-First-Site-Name
|
| |
|
|
|
|
|
| |
We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.
|
| |
|
|
|
| |
clients may provide arbitrary names, but we only want lowercase alnum
names
|
| |
|
|
|
|
| |
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
| |
|
|
| |
don't fail hdb operations if one of the key types is unknown
|
| |
|
|
|
|
|
| |
With a w2k8-R2 DC, we sometimes get linked attribute updates via DRS
which are duplicates of entries that we already have. We need to cope
with this by using a remove/add pair in the ldb_modify() to avoid a
"entry already exists" error
|
| | |
|
| |
|
|
| |
Accidentally removed by a previous commit.
|
| |
|
|
|
|
| |
- I removed also the "-H" parameter since those scripts are all thought for the
use on a local s4 domain controller. Another reason is also the bind as SYSTEM
account which itself is only possible on local binds.
|
| |
|
|
|
|
|
| |
- This unified the shape of those four scripts (comments, command sequence, call
of SamDB)
- To consider the samdb.py changes regarding the filter: there is now always the
possibility either to specify the username or the search filter
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- When a user account is requested by a call always the search filter will be
passed as argument. This helps us to unify the API
- Add/fix some comments; in particular new comments inform the developer which
requirements exist if he wants to use calls which manipulate the
"userPassword" attribute (On s4 no problem - but on certain domain levels on
Windows Server)
|
| | |
|
