| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Usage: samba-tool contact <subcommand>
Contact management.
Available subcommands:
create - Create a new contact.
delete - Delete a contact.
edit - Modify a contact.
list - List all contacts.
move - Move a contact object to an organizational unit or container.
show - Display a contact.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Same like the samba-tool user edit command.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Similar to the samba-tool user edit command.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Use clear text arguments strings if possible. Makes it more comfortable
for users to edit the user objects attributes.
Remove test from knownfail:
samba.tests.samba_tool.user_edit.change_attribute_force_no_base64
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Use "None"-changetype here, instead of "Add". This avoids the need to
remove the changetype line afterwards.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Remove tests from knownfail:
samba.tests.samba_tool.user_edit.add_attribute_base64
samba.tests.samba_tool.user_edit.add_attribute_base64_control
samba.tests.samba_tool.user_edit.change_attribute_base64_control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14003
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Need to quote the backslash '\'.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Remove the sub domain option from join, as it currently does not work.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>'
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add a new "samba-tool domain join" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Add a new "samba-tool domain provision" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Allow samba tool to use the custom bytes option type.
Option("--size", type="bytes", metavar="SIZE")
To allow the input of file and memory sizes using unit suffixes i.e. 2Gb,
4KiB ...
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Changing default base schema from 2008_R2 to 2012_R2
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This tool is meant to locally change all entries in acl_xattr when the
machine's SID has accidentially changed or the data set has been copied
to another box either via backup/restore or rsync.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
On some systems we're seeing this:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'drs_utils'
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 533, in run
transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 136, in transfer_dns_role
except samba.drs_utils.drsException as e:
E.g. it happens on debian stretch (9.9) with python 2.7.13 (on 4.10.4)
While it doesn't happen on ubuntu 18.04 with python 2.7.15rc1 or
with python 3.6.7.
There were also some reports on the mailing lists, see:
https://lists.samba.org/archive/samba-technical/2019-May/133624.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 30 08:27:24 UTC 2019 on sn-devel-184
|
|
We should not risk that we end with no role owner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The new role owner need to replicate from the old role owner.
Before we told the old role owner to replicate from itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.
We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.
This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 5 08:03:08 UTC 2019 on sn-devel-144
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
All command descriptions have a dot '.' at the end.
The ou and visualize command need this too.
...
group - Group management.
ldapcmp - Compare two ldap databases.
ntacl - NT ACLs manipulation.
ou - Organizational Units (OU) management
...
user - User management.
visualize - Produces graphical representations of Samba network state
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144
|
|
This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
The prompts were not being printed to the screen because the stream
was not being flushed.
As reported on the samba mailing list by Adam Xu:
https://lists.samba.org/archive/samba/2019-March/221753.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13828
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
|
|
The GPE.INI file does not appear to be documented anywhere in the
protocol specifications and seems to be due to legacy code. It appears
that it used to be how the gPCUserExtensionNames and
gPCMachineExtensionNames were maintained without the requirement for
LDAP.
All we do is ignore the parsing of this file and copy it over as binary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13825
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 12 01:41:32 UTC 2019 on sn-devel-144
|
|
Generally speaking, there is not much value to keeping this file. The
display name does not ever seem to be used and the version only applies
to the original domain or DC it was on. The command line option to
revert this behaviour is mostly for the tests or for having a straight
1:1 backup-restore for pure restoration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13806
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
After creating a backup and calling 'gpo restore', this makes it so that
restoring a GPO will instantly enable it for use.
There might be some cases where we might not want to do this, but for now just do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13627
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
It appears that RSAT can leave a space in the gPLink field, which we need to handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13564
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
dsacl set", except it only prints out the current sddl of an object.
Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Test for samba-tool dsacl set --sddl parmeter
Update tests.py - add dsacl (dsacl.py / samba-tool dsacl set) test
Signed-off-by: <Martin Krämer mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
currently dbcheck cmd tooks about 1 day to finish on a 100k user database.
We can skip member reverse link checks to speed it up dramatically.
A new cli option is added to enable the skipping.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reading the nTSecurityDescriptor attribute over LDAP requires admin
creds. However, if you don't specify admin creds, then you get an error
like this:
bin/samba-tool gpo aclcheck
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/gpo.py", line 1536, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
This patch adds an explicit check/error message to make the problem
clearer.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
I ran this command as non-root by mistake and didn't find the error
message particularly helpful. Tweak the error message so it reminds the
user that they should be root. Also display the path we're looking for
the sam.ldb file in, to give them more clues.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144
|
|
Currently it is possible to add the same ace multiple times if
the case sensitivity does not match the existing one using "--sddl" parameter.
As an example while an ace
"OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS"
already exists a sddl
"OA;CIIO;RPWP;3E978925-8C01-11D0-AFDA-00C04FD930C9;BF967A86-0DE6-11D0-A285-00AA003049E2;PS"
can be added without detection (and can be added multiple times). As an end result
after a high number of addings (in my tests it was about 1600-1800 aces for one
object) no further changes on that object are possible.
Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 23:19:13 CET 2019 on sn-devel-144
|
|
This means we can now use GPO commands on a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.
ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing
Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.
The same problem is also present for the domain trust commands.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
|
|
This means we can now backup a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144
|
|
samba-tool gpo create|fetch|backup commands throw exceptions due to a
missing Python import:
ERROR(<class 'NameError'>): uncaught exception - name 'tempfile' is not
defined
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/gpo.py", line 980, in run
tmpdir, gpodir = self.construct_tmpdir(tmpdir, gpo)
File "bin/python/samba/netcmd/gpo.py", line 386, in construct_tmpdir
tmpdir = tempfile.mkdtemp()
Introduced by commit e3320b6d3df7a0c7b refactor.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 10 16:21:23 CET 2019 on sn-devel-144
|
|
python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
use python[3]-gpg instead, and adapt the API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Rework the code so we only do this in one place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Tue Jan 8 03:13:48 CET 2019 on sn-devel-144
|
