summaryrefslogtreecommitdiffstats
path: root/source4/scripting/python/samba/upgrade.py
Commit message (Collapse)AuthorAgeFilesLines
* Move python modules from source4/scripting/python/ to python/.Jelmer Vernooij2013-03-021-938/+0
| | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
* samba-tool classicupgrade: Do not print the admin password during upgradeAndrew Bartlett2013-01-101-1/+10
| | | | | | | | | | | | This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
* scripting: Handle missing LDAP entries in samba-tool domain classicupgradeAndrew Bartlett2012-12-061-0/+6
| | | | Reported-by: Thomas Simmons <twsnnva@gmail.com>
* samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributesAndrew Bartlett2012-11-121-17/+24
| | | | | | | | | | | | | | Is is not required that these additional attributes be filled in, so catch KeyError in both the nsswitch and ldap backend case. We rework get_posix_attr_from_ldap_backend() so it raises KeyError rather than trying to return None, and does not ignore other errors. Andrew Bartlett Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* provision: No longer use the wheel group in new AD DomainsAndrew Bartlett2012-10-181-1/+1
| | | | | | | | | | | The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett
* s4-python: Various formatting fixes.Jelmer Vernooij2012-09-271-3/+3
| | | | | | * Trailing whitespace * use of "==" where "is" should be used * double spaces
* s4-python: Formatting fixes, break lines.Jelmer Vernooij2012-09-161-6/+11
| | | | | Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sun Sep 16 15:58:04 CEST 2012 on sn-devel-104
* s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SIDAndrew Bartlett2012-09-031-0/+1
|
* s3-classicupgrade: Fix import from ldapAndrew Bartlett2012-08-281-2/+2
| | | | | | | | | | We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
* s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is ↵Andrew Bartlett2012-08-281-2/+6
| | | | | | | | | | | configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
* s4-classicupgrade: Read WINS DB before the provisionAndrew Bartlett2012-08-281-6/+7
|
* s4-classicupgrade: Do all the queries of data before the provision()Andrew Bartlett2012-08-281-35/+35
| | | | | | This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett
* s4-classicupgrade: Use s3param.get_context() instead of result.lpAndrew Bartlett2012-08-281-1/+1
| | | | | | | We should not need the guessed values here, but by changing to using the s3 loadparm context we can move this block to before the provision. Andrew Bartlett
* s4-classicupgrade: Add --use-ntvfs optionAndrew Bartlett2012-08-221-2/+4
| | | | | | | | This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett
* s4-classicupgrade: Tests if sam policies exist before trying to import them.Wesley Young2012-08-141-21/+28
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-classicupgrade: Add unix attributes during upgradeGeza Gemes2012-07-221-1/+108
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
* s4-classicupgrade: Demote any other 'BDC' accounts back to a member server ↵Andrew Bartlett2012-07-061-2/+12
| | | | | | | | | | | | during upgrade This makes it clear that they cannot be a DC until they are upgraded with samba-tool domain dcpromo. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 6 09:59:13 CEST 2012 on sn-devel-104
* s4-classicupgrade: Allow DNS backend to be specifiedAndrew Bartlett2012-06-241-4/+2
|
* s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett2012-06-201-1/+1
| | | | errors
* s4-s3upgrade: Assert that administrator has a SID of -500, and only skip ↵Andrew Bartlett2012-06-161-2/+9
| | | | | | | | root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett
* s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entriesAndrew Bartlett2012-06-161-2/+32
|
* s4-s3-upgrade: Max/min password age policy is in seconds, not daysAndrew Bartlett2012-05-061-2/+2
| | | | | | | | | | This cases upgraded domains to have a too-long password expiry, which in extreme cases can cause the KDC to misfunction. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
* s4-s3upgrade: Force ldapsam:trusted = yesAndrew Bartlett2012-05-031-0/+3
| | | | | | | | | | | | | While this setting is not the default in Samba3, any domain that is in a suitable condition to upgrade to Samba4 should already be in the layout that ldapsam:trusted uses. It can be turned off by setting ldapsam:trusted=false in the smb.conf. Many upgrades to Samba4 happen on a different host to the old Samba3 domain and this avoids the need to configure nss_ldap only for the duration of the upgrade. Andrew Bartlett
* s4-s3upgrade: Try harder to get group memberships on upgradeAndrew Bartlett2012-05-031-5/+20
| | | | | | | | | | | | This fixes an issue where some group types were not upgraded, as we did not upgrade alias memberships. It also uses enum_group_memberships() to try and find the memberships from the other direction, by asking which groups a user is a member of. As Samba3 (and NT4) does not implement nested groups, this should be safe. Andrew Bartlett
* s4-s3upgrade: print the error message from passdb.error exceptionsAndrew Bartlett2012-04-241-6/+6
| | | | | | | | | This gives more information on why a group membership lookup failed. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Apr 24 04:34:44 CEST 2012 on sn-devel-104
* s4-samba-tool: Fix samba-tool fsmo seizeAndrew Bartlett2012-04-191-1/+1
| | | | | | This is currently untested, and a restructure broke it. Andrew Bartlett
* s4-s3upgrade: Do not ever set a domain-wide maxPwdAge of 0Andrew Bartlett2012-04-191-1/+1
| | | | | | This means no-expiry in s3, and so we must treat it like -1. Andrew Bartlett
* s4-s3upgrade: Ignore (with warning) groups that are listed but we cannot ↵Andrew Bartlett2012-04-191-2/+14
| | | | list members for
* provision: Leave result reporting up to caller.Jelmer Vernooij2012-02-261-0/+1
|
* s4-s3-upgrade: Check if there are duplicate sids for users and groupsAmitay Isaacs2012-01-311-0/+4
| | | | | Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 31 02:23:17 CET 2012 on sn-devel-104
* s4-s3-upgrade: Use lowercase hostname as hostname for provisionAmitay Isaacs2012-01-311-1/+1
|
* s4-provision: Make BIND9_DLZ as the default backend for DNSAmitay Isaacs2011-11-291-1/+1
|
* s3-py-passdb: Fix handling of uninitialized gid valuesAmitay Isaacs2011-11-181-1/+1
| | | | | | | | Uninitialized gid value is set to -1 and return as such from python passdb api. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Nov 18 06:18:33 CET 2011 on sn-devel-104
* s4-s3-upgrade: Add --verbose option to print extra detailsAmitay Isaacs2011-11-181-1/+1
|
* s4-s3-upgrade: Fix idmap types ID_TYPE_UID/ID_TYPE_GID instead of UID/GIDAmitay Isaacs2011-11-181-3/+3
|
* s4-s3-upgrade: Fix the minimum and maximum password age calculationAmitay Isaacs2011-11-181-4/+4
| | | | | Windows sets maxPwdAge to -0x8000000000000000 when maximum password age is set to 0 days.
* s4-s3-upgrade now look for -1 as the special 'not set' valueAndrew Bartlett2011-11-181-1/+1
| | | | | | | this is possible because we know the py_passdb will always set -1 here, not passing though 0xFFFFFFFF. Andrew Bartlett
* s4-provision permit server role to be the ROLE_ strings from s3Andrew Bartlett2011-11-171-10/+3
| | | | | | | | Also convert between the aliases in one single place. Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
* s3-s4-upgrade: do not add description if it is empty string or noneAmitay Isaacs2011-11-161-6/+12
| | | | | Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Nov 16 05:53:41 CET 2011 on sn-devel-104
* s4-s3-upgrade Add my copyrightAndrew Bartlett2011-11-081-0/+1
|
* s4-s3-upgrade rename samba-tool domain samba3upgrade --libdir to --dbdir for ↵Andrew Bartlett2011-10-191-1/+1
| | | | | | | | | | | | clarity The things pointed at are not typically in a directory called lib, so avoid confusing our administrators. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Oct 19 15:43:04 CEST 2011 on sn-devel-104
* s4-s3-upgrade fix format string for secrets.tdb exceptionAndrew Bartlett2011-10-191-1/+1
|
* s4-s3-upgrade Fix samba3upgrade code to cope with a missing wins.datAndrew Bartlett2011-10-191-1/+10
|
* s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett2011-10-181-1/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4 provision: DNS backend should be set by callerKai Blin2011-10-171-1/+7
| | | | | Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Mon Oct 17 09:51:12 CEST 2011 on sn-devel-104
* samba.upgrade: Use list comprehension.Jelmer Vernooij2011-10-121-4/+4
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Oct 12 22:44:40 CEST 2011 on sn-devel-104
* s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam failsAndrew Bartlett2011-10-111-1/+1
| | | | | | This allows the tests to pass on systems without a jelmer user :-) Andrew Bartlett
* upgrade: Avoid catching all exceptions, just catch the ones we care about.Jelmer Vernooij2011-10-081-11/+9
|
* s4-python: Fix some formatting issues.Jelmer Vernooij2011-09-131-24/+35
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104
* s4-s3-upgrade: Check for duplicate sids before provisioningAmitay Isaacs2011-09-121-0/+10
| | | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-06-15 04:58:28 +0000