def setup_self_join(samdb, names,
machinepass, dnspass,
- domainsid, invocationid, setup_path,
+ domainsid, next_rid, invocationid, setup_path,
policyguid, policyguid_dc, domainControllerFunctionality,
ntdsguid):
"""Join a host to its own domain."""
"REALM": names.realm,
"DOMAIN": names.domain,
"DOMAINSID": str(domainsid),
+ "DCRID": str(next_rid),
"DNSDOMAIN": names.dnsdomain,
"SAMBA_VERSION_STRING": version,
"NTDSGUID": ntdsguid_line,
"NETBIOSNAME": names.netbiosname,
"NTDSGUID": names.ntdsguid,
"DNSPASS_B64": b64encode(dnspass),
+ "RIDALLOCATIONSTART": str(next_rid + 100),
+ "RIDALLOCATIONEND": str(next_rid + 100 + 499),
})
def getpolicypath(sysvolpath, dnsdomain, guid):
def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
- serverrole, am_rodc=False, dom_for_fun_level=None, schema=None):
+ serverrole, am_rodc=False, dom_for_fun_level=None, schema=None,
+ next_rid=1000):
"""Setup a complete SAM Database.
:note: This will wipe the main SAM database file!
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
"CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
"DOMAINSID": str(domainsid),
+ "NEXTRID": str(next_rid),
"SCHEMADN": names.schemadn,
"NETBIOSNAME": names.netbiosname,
"DEFAULTSITE": names.sitename,
"DEFAULTSITE": names.sitename,
"CONFIGDN": names.configdn,
"SERVERDN": names.serverdn,
+ "RIDAVAILABLESTART": str(next_rid + 600),
"POLICYGUID_DC": policyguid_dc
})
setup_self_join(samdb, names=names, invocationid=invocationid,
dnspass=dnspass,
machinepass=machinepass,
- domainsid=domainsid, policyguid=policyguid,
+ domainsid=domainsid,
+ next_rid=next_rid,
+ policyguid=policyguid,
policyguid_dc=policyguid_dc,
setup_path=setup_path,
domainControllerFunctionality=domainControllerFunctionality,
replace: interSiteTopologyGenerator
interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN}
+dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+changetype: add
+objectClass: rIDSet
+rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDUsedPool: 0
+rIDNextRID: ${RIDALLOCATIONSTART}
+
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
changetype: modify
add: servicePrincipalName
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
+add: rIDSetReferences
+rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
# NOTE: This account is SAMBA4 specific!
dn: CN=dns,CN=Users,${DOMAINDN}