summaryrefslogtreecommitdiff
path: root/source4/scripting/python/samba/upgrade.py
AgeCommit message (Collapse)AuthorFilesLines
2013-03-02Move python modules from source4/scripting/python/ to python/.Jelmer Vernooij1-938/+0
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
2013-01-10samba-tool classicupgrade: Do not print the admin password during upgradeAndrew Bartlett1-1/+10
This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
2012-12-06scripting: Handle missing LDAP entries in samba-tool domain classicupgradeAndrew Bartlett1-0/+6
Reported-by: Thomas Simmons <twsnnva@gmail.com>
2012-11-12samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributesAndrew Bartlett1-17/+24
Is is not required that these additional attributes be filled in, so catch KeyError in both the nsswitch and ldap backend case. We rework get_posix_attr_from_ldap_backend() so it raises KeyError rather than trying to return None, and does not ignore other errors. Andrew Bartlett Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-10-18provision: No longer use the wheel group in new AD DomainsAndrew Bartlett1-1/+1
The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett
2012-09-27s4-python: Various formatting fixes.Jelmer Vernooij1-3/+3
* Trailing whitespace * use of "==" where "is" should be used * double spaces
2012-09-16s4-python: Formatting fixes, break lines.Jelmer Vernooij1-6/+11
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sun Sep 16 15:58:04 CEST 2012 on sn-devel-104
2012-09-03s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SIDAndrew Bartlett1-0/+1
2012-08-28s3-classicupgrade: Fix import from ldapAndrew Bartlett1-2/+2
We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
2012-08-28s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is ↵Andrew Bartlett1-2/+6
configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
2012-08-28s4-classicupgrade: Read WINS DB before the provisionAndrew Bartlett1-6/+7
2012-08-28s4-classicupgrade: Do all the queries of data before the provision()Andrew Bartlett1-35/+35
This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett
2012-08-28s4-classicupgrade: Use s3param.get_context() instead of result.lpAndrew Bartlett1-1/+1
We should not need the guessed values here, but by changing to using the s3 loadparm context we can move this block to before the provision. Andrew Bartlett
2012-08-22s4-classicupgrade: Add --use-ntvfs optionAndrew Bartlett1-2/+4
This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett
2012-08-14s4-classicupgrade: Tests if sam policies exist before trying to import them.Wesley Young1-21/+28
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-22s4-classicupgrade: Add unix attributes during upgradeGeza Gemes1-1/+108
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
2012-07-06s4-classicupgrade: Demote any other 'BDC' accounts back to a member server ↵Andrew Bartlett1-2/+12
during upgrade This makes it clear that they cannot be a DC until they are upgraded with samba-tool domain dcpromo. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 6 09:59:13 CEST 2012 on sn-devel-104
2012-06-24s4-classicupgrade: Allow DNS backend to be specifiedAndrew Bartlett1-4/+2
2012-06-20s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett1-1/+1
errors
2012-06-16s4-s3upgrade: Assert that administrator has a SID of -500, and only skip ↵Andrew Bartlett1-2/+9
root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett
2012-06-16s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entriesAndrew Bartlett1-2/+32
2012-05-06s4-s3-upgrade: Max/min password age policy is in seconds, not daysAndrew Bartlett1-2/+2
This cases upgraded domains to have a too-long password expiry, which in extreme cases can cause the KDC to misfunction. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
2012-05-03s4-s3upgrade: Force ldapsam:trusted = yesAndrew Bartlett1-0/+3
While this setting is not the default in Samba3, any domain that is in a suitable condition to upgrade to Samba4 should already be in the layout that ldapsam:trusted uses. It can be turned off by setting ldapsam:trusted=false in the smb.conf. Many upgrades to Samba4 happen on a different host to the old Samba3 domain and this avoids the need to configure nss_ldap only for the duration of the upgrade. Andrew Bartlett
2012-05-03s4-s3upgrade: Try harder to get group memberships on upgradeAndrew Bartlett1-5/+20
This fixes an issue where some group types were not upgraded, as we did not upgrade alias memberships. It also uses enum_group_memberships() to try and find the memberships from the other direction, by asking which groups a user is a member of. As Samba3 (and NT4) does not implement nested groups, this should be safe. Andrew Bartlett
2012-04-24s4-s3upgrade: print the error message from passdb.error exceptionsAndrew Bartlett1-6/+6
This gives more information on why a group membership lookup failed. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Apr 24 04:34:44 CEST 2012 on sn-devel-104
2012-04-19s4-samba-tool: Fix samba-tool fsmo seizeAndrew Bartlett1-1/+1
This is currently untested, and a restructure broke it. Andrew Bartlett
2012-04-19s4-s3upgrade: Do not ever set a domain-wide maxPwdAge of 0Andrew Bartlett1-1/+1
This means no-expiry in s3, and so we must treat it like -1. Andrew Bartlett
2012-04-19s4-s3upgrade: Ignore (with warning) groups that are listed but we cannot ↵Andrew Bartlett1-2/+14
list members for
2012-02-26provision: Leave result reporting up to caller.Jelmer Vernooij1-0/+1
2012-01-31s4-s3-upgrade: Check if there are duplicate sids for users and groupsAmitay Isaacs1-0/+4
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 31 02:23:17 CET 2012 on sn-devel-104
2012-01-31s4-s3-upgrade: Use lowercase hostname as hostname for provisionAmitay Isaacs1-1/+1
2011-11-29s4-provision: Make BIND9_DLZ as the default backend for DNSAmitay Isaacs1-1/+1
2011-11-18s3-py-passdb: Fix handling of uninitialized gid valuesAmitay Isaacs1-1/+1
Uninitialized gid value is set to -1 and return as such from python passdb api. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Nov 18 06:18:33 CET 2011 on sn-devel-104
2011-11-18s4-s3-upgrade: Add --verbose option to print extra detailsAmitay Isaacs1-1/+1
2011-11-18s4-s3-upgrade: Fix idmap types ID_TYPE_UID/ID_TYPE_GID instead of UID/GIDAmitay Isaacs1-3/+3
2011-11-18s4-s3-upgrade: Fix the minimum and maximum password age calculationAmitay Isaacs1-4/+4
Windows sets maxPwdAge to -0x8000000000000000 when maximum password age is set to 0 days.
2011-11-18s4-s3-upgrade now look for -1 as the special 'not set' valueAndrew Bartlett1-1/+1
this is possible because we know the py_passdb will always set -1 here, not passing though 0xFFFFFFFF. Andrew Bartlett
2011-11-17s4-provision permit server role to be the ROLE_ strings from s3Andrew Bartlett1-10/+3
Also convert between the aliases in one single place. Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-16s3-s4-upgrade: do not add description if it is empty string or noneAmitay Isaacs1-6/+12
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Nov 16 05:53:41 CET 2011 on sn-devel-104
2011-11-08s4-s3-upgrade Add my copyrightAndrew Bartlett1-0/+1
2011-10-19s4-s3-upgrade rename samba-tool domain samba3upgrade --libdir to --dbdir for ↵Andrew Bartlett1-1/+1
clarity The things pointed at are not typically in a directory called lib, so avoid confusing our administrators. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Oct 19 15:43:04 CEST 2011 on sn-devel-104
2011-10-19s4-s3-upgrade fix format string for secrets.tdb exceptionAndrew Bartlett1-1/+1
2011-10-19s4-s3-upgrade Fix samba3upgrade code to cope with a missing wins.datAndrew Bartlett1-1/+10
2011-10-18s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett1-1/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-17s4 provision: DNS backend should be set by callerKai Blin1-1/+7
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Mon Oct 17 09:51:12 CEST 2011 on sn-devel-104
2011-10-12samba.upgrade: Use list comprehension.Jelmer Vernooij1-4/+4
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Oct 12 22:44:40 CEST 2011 on sn-devel-104
2011-10-11s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam failsAndrew Bartlett1-1/+1
This allows the tests to pass on systems without a jelmer user :-) Andrew Bartlett
2011-10-08upgrade: Avoid catching all exceptions, just catch the ones we care about.Jelmer Vernooij1-11/+9
2011-09-13s4-python: Fix some formatting issues.Jelmer Vernooij1-24/+35
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Sep 13 03:51:13 CEST 2011 on sn-devel-104
2011-09-12s4-s3-upgrade: Check for duplicate sids before provisioningAmitay Isaacs1-0/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-12 10:56:10 +0000