2 exec smbscript "$0" ${1+"$@"}
4 provision a Samba4 server
5 Copyright Andrew Tridgell 2005
6 Released under the GNU GPL v2 or later
9 options = GetOptions(ARGV,
12 "POPT_COMMON_VERSION",
13 "POPT_COMMON_CREDENTIALS",
38 if (options == undefined) {
39 println("Failed to parse options");
43 libinclude("base.js");
44 libinclude("provision.js");
47 print a message if quiet is not set
51 if (options["quiet"] == undefined) {
52 print(vsprintf(arguments));
65 --realm REALM set realm
66 --domain DOMAIN set domain
67 --domain-guid GUID set domainguid (otherwise random)
68 --domain-sid SID set domainsid (otherwise random)
69 --host-name HOSTNAME set hostname
70 --host-ip IPADDRESS set ipaddress
71 --host-guid GUID set hostguid (otherwise random)
72 --invocationid GUID set invocationid (otherwise random)
73 --adminpass PASSWORD choose admin password (otherwise random)
74 --krbtgtpass PASSWORD choose krbtgt password (otherwise random)
75 --machinepass PASSWORD choose machine password (otherwise random)
76 --root USERNAME choose 'root' unix username
77 --nobody USERNAME choose 'nobody' user
78 --nogroup GROUPNAME choose 'nogroup' group
79 --wheel GROUPNAME choose 'wheel' privileged group
80 --users GROUPNAME choose 'users' group
82 --blank do not add users or groups, just the structure
83 --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC)
84 --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
85 --ldap-backend LDAPSERVER LDAP server to use for this provision
86 --ldap-module= MODULE LDB mapping module to use for the LDAP backend
87 --aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
88 You must provide at least a realm and domain
94 if (options['host-name'] == undefined) {
95 options['host-name'] = hostname();
101 if (options["realm"] == undefined ||
102 options["domain"] == undefined ||
103 options["host-name"] == undefined) {
107 /* cope with an initially blank smb.conf */
108 var lp = loadparm_init();
109 lp.set("realm", options.realm);
110 lp.set("workgroup", options.domain);
113 var subobj = provision_guess();
115 var key = strupper(join("", split("-", r)));
116 subobj[key] = options[r];
119 var blank = (options["blank"] != undefined);
120 var ldapbase = (options["ldap-base"] != undefined);
121 var ldapbackend = (options["ldap-backend"] != undefined);
122 var ldapmodule = (options["ldap-module"] != undefined);
123 var partitions_only = (options["partitions-only"] != undefined);
124 if (options["aci"] != undefined) {
125 message("set ACI: %s\n", subobj["ACI"]);
128 message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);
132 subobj.LDAPMODULE = "entryUUID";
134 subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
135 subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
136 subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
137 subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
138 subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
139 subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
140 message("LDAP module: %s backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
143 if (!provision_validate(subobj, message)) {
147 var system_session = system_session();
148 var creds = options.get_credentials();
149 var paths = provision_default_paths(subobj);
150 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
151 message("Using administrator password: %s\n", subobj.ADMINPASS);
153 provision_ldapbase(subobj, message, paths);
154 message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
155 } else if (partitions_only) {
156 provision_become_dc(subobj, message, false, paths, system_session);
158 provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
159 provision_dns(subobj, message, paths, system_session, creds);