return undef;
}
+ $vars->{DOMSID} = $vars->{SAMSID};
$vars->{DC_SERVER} = $vars->{SERVER};
$vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
$vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
return undef;
}
+ $vars->{DOMSID} = $vars->{SAMSID};
$vars->{DC_SERVER} = $vars->{SERVER};
$vars->{DC_SERVER_IP} = $vars->{SERVER_IP};
$vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6};
return undef;
}
+ $ret->{DOMSID} = $nt4_dc_vars->{DOMSID};
$ret->{DC_SERVER} = $nt4_dc_vars->{SERVER};
$ret->{DC_SERVER_IP} = $nt4_dc_vars->{SERVER_IP};
$ret->{DC_SERVER_IPV6} = $nt4_dc_vars->{SERVER_IPV6};
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
$ctx = {};
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
my $prefix_abs = abs_path($prefix);
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
my $prefix_abs = abs_path($prefix);
close(USERMAP);
$ret->{DOMAIN} = $dcvars->{DOMAIN};
$ret->{REALM} = $dcvars->{REALM};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
my $ctx;
my $prefix_abs = abs_path($prefix);
#This is the secrets.tdb created by 'net ads join' from Samba3 to a
#Samba4 DC with the same parameters as are being used here. The
#domain SID is S-1-5-21-1071277805-689288055-3486227160
+ $ret->{SAMSID} = "S-1-5-21-1911091480-1468226576-2729736297";
+ $ret->{DOMSID} = "S-1-5-21-1071277805-689288055-3486227160";
system("cp $self->{srcdir}/source3/selftest/ktest-secrets.tdb $prefix/private/secrets.tdb");
chmod 0600, "$prefix/private/secrets.tdb";
## setup the various environment variables we need
##
+ my $samsid = Samba::random_domain_sid();
my $swiface = Samba::get_interface($server);
my %ret = ();
my %createuser_env = ();
";
close(CONF);
+ my $net = Samba::bindir_path($self, "net");
+ my $cmd = "";
+ $cmd .= "SMB_CONF_PATH=\"$conffile\" ";
+ $cmd .= "$net setlocalsid $samsid";
+
+ if (system($cmd) != 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
unless (open(DFQCONF, ">$dfqconffile")) {
warn("Unable to open $dfqconffile");
return undef;
$ret{USERNAME} = $unix_name;
$ret{USERID} = $unix_uid;
$ret{DOMAIN} = $domain;
+ $ret{SAMSID} = $samsid;
$ret{NETBIOSNAME} = $server;
$ret{PASSWORD} = $password;
$ret{PIDDIR} = $piddir;
$localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD};
$localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN};
$localenv->{TRUST_REALM} = $remoteenv->{REALM};
+ $localenv->{TRUST_DOMSID} = $remoteenv->{DOMSID};
my $samba_tool = Samba::bindir_path($self, "samba-tool");
# setup the trust
return $localenv
}
-sub provision_raw_prepare($$$$$$$$$$$)
+sub provision_raw_prepare($$$$$$$$$$$$)
{
my ($self, $prefix, $server_role, $hostname,
- $domain, $realm, $functional_level,
+ $domain, $realm, $samsid, $functional_level,
$password, $kdc_ipv4, $kdc_ipv6) = @_;
my $ctx;
my $netbiosname = uc($hostname);
$ctx->{domain} = $domain;
$ctx->{realm} = uc($realm);
$ctx->{dnsname} = lc($realm);
+ $ctx->{samsid} = $samsid;
$ctx->{functional_level} = $functional_level;
push (@provision_options, "--quiet");
push (@provision_options, "--domain=$ctx->{domain}");
push (@provision_options, "--realm=$ctx->{realm}");
+ if (defined($ctx->{samsid})) {
+ push (@provision_options, "--domain-sid=$ctx->{samsid}");
+ }
push (@provision_options, "--adminpass=$ctx->{password}");
push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
push (@provision_options, "--machinepass=machine$ctx->{password}");
DOMAIN => $ctx->{domain},
USERNAME => $ctx->{username},
REALM => $ctx->{realm},
+ SAMSID => $ctx->{samsid},
PASSWORD => $ctx->{password},
LDAPDIR => $ctx->{ldapdir},
LDAP_INSTANCE => $ctx->{ldap_instance},
$ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
}
+ if ($ctx->{server_role} eq "domain controller") {
+ $ret->{DOMSID} = $ret->{SAMSID};
+ }
+
return $ret;
}
$password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares,
$extra_provision_options) = @_;
+ my $samsid = Samba::random_domain_sid();
+
my $ctx = $self->provision_raw_prepare($prefix, $server_role,
$hostname,
- $domain, $realm, $functional_level,
+ $domain, $realm,
+ $samsid,
+ $functional_level,
$password, $kdc_ipv4, $kdc_ipv6);
if (defined($extra_provision_options)) {
$ret->{MEMBER_USERNAME} = $ret->{USERNAME};
$ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
$ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
$ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
"promotedvdc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
+ $dcvars->{SAMSID},
"2008",
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},
$name,
$dcvars->{DOMAIN},
$dcvars->{REALM},
+ $dcvars->{DOMSID},
$fl,
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},
print "PROVISIONING SUBDOMAIN DC...\n";
# We do this so that we don't run the provision. That's the job of 'net vampire'.
+ my $samsid = undef; # TODO pass the domain sid all the way down
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
"localsubdc",
"SAMBASUBDOM",
"sub.samba.example.com",
+ $samsid,
"2008",
$dcvars->{PASSWORD},
undef);
"rodc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
+ $dcvars->{DOMSID},
"2008",
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},