domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0]))
return domainguid
-def get_ntdsguid(samdb, domaindn):
- configdn = samdb.get_config_basedn()
-
- res1 = samdb.search(base="OU=Domain Controllers,%s" % domaindn, scope=ldb.SCOPE_ONELEVEL,
- attrs=["dNSHostName"])
-
- res2 = samdb.search(expression="serverReference=%s" % res1[0].dn, base=configdn)
-
- res3 = samdb.search(base="CN=NTDS Settings,%s" % res2[0].dn, scope=ldb.SCOPE_BASE,
- attrs=["objectGUID"])
- ntdsguid = str(ndr_unpack(misc.GUID, res3[0]["objectGUID"][0]))
- return ntdsguid
-
def get_dnsadmins_sid(samdb, domaindn):
res = samdb.search(base="CN=DnsAdmins,CN=Users,%s" % domaindn, scope=ldb.SCOPE_BASE,
attrs=["objectSid"])
"DOMAINSID" : str(domainsid),
"DESCRIPTOR" : descr})
setup_add_ldif(dom_ldb, setup_path("provision_basedn_options.ldif"), None)
- except:
+ except Exception:
logger.error("Failed to setup database for BIND, AD based DNS cannot be used")
raise
del partfile[domaindn]
tdb_copy(logger,
os.path.join(private_dir, pfile),
os.path.join(dns_dir, pfile))
- except:
+ except Exception:
logger.error("Failed to setup database for BIND, AD based DNS cannot be used")
raise
})
-
def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
keytab_name):
"""Write out a file containing zone statements suitable for inclusion in a
def is_valid_dns_backend(dns_backend):
- return dns_backend in ("BIND9_FLATFILE", "BIND9_DLZ", "SAMBA_INTERNAL", "NONE")
+ return dns_backend in ("BIND9_FLATFILE", "BIND9_DLZ", "SAMBA_INTERNAL", "NONE")
def is_valid_os_level(os_level):
return DS_DOMAIN_FUNCTION_2000 <= os_level <= DS_DOMAIN_FUNCTION_2008_R2
+def create_dns_legacy(samdb, domainsid, forestdn, dnsadmins_sid):
+ # Set up MicrosoftDNS container
+ add_dns_container(samdb, forestdn, "CN=System", domainsid, dnsadmins_sid)
+ # Add root servers
+ add_rootservers(samdb, forestdn, "CN=System")
+
+
+def fill_dns_data_legacy(samdb, domainsid, forestdn, dnsdomain, site, hostname,
+ hostip, hostip6):
+ # Add domain record
+ add_domain_record(samdb, forestdn, "CN=System", dnsdomain, domainsid,
+ dnsadmins_sid)
+
+ # Add DNS records for a DC in domain
+ add_dc_domain_records(samdb, forestdn, "CN=System", site, dnsdomain,
+ hostname, hostip, hostip6)
+
+
+def create_dns_partitions(samdb, domainsid, names, domaindn, forestdn,
+ dnsadmins_sid):
+ # Set up additional partitions (DomainDnsZones, ForstDnsZones)
+ setup_dns_partitions(samdb, domainsid, domaindn, forestdn,
+ names.configdn, names.serverdn)
+
+ # Set up MicrosoftDNS containers
+ add_dns_container(samdb, domaindn, "DC=DomainDnsZones", domainsid,
+ dnsadmins_sid)
+ add_dns_container(samdb, forestdn, "DC=ForestDnsZones", domainsid,
+ dnsadmins_sid)
+
+
+def fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn,
+ dnsdomain, dnsforest, hostname, hostip, hostip6,
+ domainguid, ntdsguid, dnsadmins_sid, autofill=True):
+ """Fill data in various AD partitions
+
+ :param samdb: LDB object connected to sam.ldb file
+ :param domainsid: Domain SID (as dom_sid object)
+ :param site: Site name to create hostnames in
+ :param domaindn: DN of the domain
+ :param forestdn: DN of the forest
+ :param dnsdomain: DNS name of the domain
+ :param dnsforest: DNS name of the forest
+ :param hostname: Host name of this DC
+ :param hostip: IPv4 addresses
+ :param hostip6: IPv6 addresses
+ :param domainguid: Domain GUID
+ :param ntdsguid: NTDS GUID
+ :param dnsadmins_sid: SID for DnsAdmins group
+ :param autofill: Create DNS records (using fixed template)
+ """
+
+ ##### Set up DC=DomainDnsZones,<DOMAINDN>
+ # Add rootserver records
+ add_rootservers(samdb, domaindn, "DC=DomainDnsZones")
+
+ # Add domain record
+ add_domain_record(samdb, domaindn, "DC=DomainDnsZones", dnsdomain,
+ domainsid, dnsadmins_sid)
+
+ # Add DNS records for a DC in domain
+ if autofill:
+ add_dc_domain_records(samdb, domaindn, "DC=DomainDnsZones", site,
+ dnsdomain, hostname, hostip, hostip6)
+
+ ##### Set up DC=ForestDnsZones,<DOMAINDN>
+ # Add _msdcs record
+ add_msdcs_record(samdb, forestdn, "DC=ForestDnsZones", dnsforest)
+
+ # Add DNS records for a DC in forest
+ if autofill:
+ add_dc_msdcs_records(samdb, forestdn, "DC=ForestDnsZones", site,
+ dnsforest, hostname, hostip, hostip6,
+ domainguid, ntdsguid)
+
+
def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend,
os_level, site, dnspass=None, hostip=None, hostip6=None,
targetdir=None):
:param samdb: LDB object connected to sam.ldb file
:param secretsdb: LDB object connected to secrets.ldb file
+ :param domainsid: Domain SID (as dom_sid object)
:param names: Names shortcut
:param paths: Paths shortcut
:param lp: Loadparm object
logger.info("No DNS backend set, not configuring DNS")
return
+ # Add dns accounts (DnsAdmins, DnsUpdateProxy) in domain
+ logger.info("Adding DNS accounts")
+ add_dns_accounts(samdb, names.domaindn)
+
# If dns_backend is BIND9_FLATFILE
# Populate only CN=MicrosoftDNS,CN=System,<FORESTDN>
#
# Domain records are in CN=MicrosoftDNS,CN=System,<FORESTDN>
# Domain records are in CN=MicrosoftDNS,DC=DomainDnsZones,<DOMAINDN>
# Forest records are in CN=MicrosoftDNS,DC=ForestDnsZones,<FORESTDN>
-
domaindn = names.domaindn
forestdn = samdb.get_root_basedn().get_linearized()
hostname = names.netbiosname.lower()
- domainguid = get_domainguid(samdb, domaindn)
- ntdsguid = get_ntdsguid(samdb, domaindn)
-
- # Add dns accounts (DnsAdmins, DnsUpdateProxy) in domain
- logger.info("Adding DNS accounts")
- add_dns_accounts(samdb, domaindn)
dnsadmins_sid = get_dnsadmins_sid(samdb, domaindn)
+ domainguid = get_domainguid(samdb, domaindn)
- logger.info("Populating CN=MicrosoftDNS,CN=System,%s" % forestdn)
-
- # Set up MicrosoftDNS container
- add_dns_container(samdb, forestdn, "CN=System", domainsid, dnsadmins_sid)
-
- # Add root servers
- add_rootservers(samdb, forestdn, "CN=System")
+ # Create CN=System
+ logger.info("Creating CN=MicrosoftDNS,CN=System,%s" % forestdn)
+ create_dns_legacy(samdb, domainsid, forestdn, dnsadmins_sid)
if os_level == DS_DOMAIN_FUNCTION_2000:
-
- # Add domain record
- add_domain_record(samdb, forestdn, "CN=System", dnsdomain, domainsid, dnsadmins_sid)
-
- # Add DNS records for a DC in domain
- add_dc_domain_records(samdb, forestdn, "CN=System", site, dnsdomain,
- hostname, hostip, hostip6)
+ # Populating legacy dns
+ logger.info("Populating CN=MicrosoftDNS,CN=System,%s" % forestdn)
+ fill_dns_data_legacy(samdb, domainsid, forestdn, dnsdoman, site,
+ hostame, hostip, hostip6)
elif dns_backend in ("SAMBA_INTERNAL", "BIND9_DLZ") and \
os_level >= DS_DOMAIN_FUNCTION_2003:
- # Set up additional partitions (DomainDnsZones, ForstDnsZones)
+ # Create DNS partitions
logger.info("Creating DomainDnsZones and ForestDnsZones partitions")
- setup_dns_partitions(samdb, domainsid, domaindn, forestdn,
- names.configdn, names.serverdn)
-
- ##### Set up DC=DomainDnsZones,<DOMAINDN>
- logger.info("Populating DomainDnsZones partition")
-
- # Set up MicrosoftDNS container
- add_dns_container(samdb, domaindn, "DC=DomainDnsZones", domainsid, dnsadmins_sid)
-
- # Add rootserver records
- add_rootservers(samdb, domaindn, "DC=DomainDnsZones")
-
- # Add domain record
- add_domain_record(samdb, domaindn, "DC=DomainDnsZones", dnsdomain, domainsid,
- dnsadmins_sid)
-
- # Add DNS records for a DC in domain
- add_dc_domain_records(samdb, domaindn, "DC=DomainDnsZones", site, dnsdomain,
- hostname, hostip, hostip6)
-
- ##### Set up DC=ForestDnsZones,<DOMAINDN>
- logger.info("Populating ForestDnsZones partition")
-
- # Set up MicrosoftDNS container
- add_dns_container(samdb, forestdn, "DC=ForestDnsZones", domainsid, dnsadmins_sid)
-
- # Add _msdcs record
- add_msdcs_record(samdb, forestdn, "DC=ForestDnsZones", dnsforest)
+ create_dns_partitions(samdb, domainsid, names, domaindn, forestdn,
+ dnsadmins_sid)
- # Add DNS records for a DC in forest
- add_dc_msdcs_records(samdb, forestdn, "DC=ForestDnsZones", site, dnsforest,
- hostname, hostip, hostip6, domainguid, ntdsguid)
+ # Populating dns partitions
+ logger.info("Populating DomainDnsZones and ForestDnsZones partitions")
+ fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn,
+ dnsdomain, dnsforest, hostname, hostip, hostip6,
+ domainguid, names.ntdsguid, dnsadmins_sid)
if dns_backend.startswith("BIND9_"):
secretsdb_setup_dns(secretsdb, names,
create_dns_dir(logger, paths)
- # Only make a zone file on the first DC, it should be
- # replicated with DNS replication
if dns_backend == "BIND9_FLATFILE":
create_zone_file(lp, logger, paths, targetdir, site=site,
dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6,
git.samba.org / samba.git / blobdiff