# This is stored without path prefix for the "privateKeytab" attribute in
# "secrets_dns.ldif".
paths.dns_keytab = "dns.keytab"
+ paths.keytab = "secrets.keytab"
paths.shareconf = os.path.join(paths.private_dir, "share.ldb")
paths.samdb = os.path.join(paths.private_dir, lp.get("sam database") or "samdb.ldb")
})
-def setup_secretsdb(path, setup_path, session_info, backend_credentials, lp):
+def setup_secretsdb(paths, setup_path, session_info, backend_credentials, lp):
"""Setup the secrets database.
:note: This function does not handle exceptions and transaction on purpose,
:param lp: Loadparm context
:return: LDB handle for the created secrets database
"""
- if os.path.exists(path):
- os.unlink(path)
+ if os.path.exists(paths.secrets):
+ os.unlink(paths.secrets)
+
+ keytab_path = os.path.join(paths.private_dir, paths.keytab)
+ if os.path.exists(keytab_path):
+ os.unlink(keytab_path)
+
+ dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ if os.path.exists(dns_keytab_path):
+ os.unlink(dns_keytab_path)
+
+ path = paths.secrets
+
secrets_ldb = Ldb(path, session_info=session_info,
lp=lp)
secrets_ldb.erase()
if not os.path.exists(policy_path):
os.makedirs(policy_path, 0775)
open(os.path.join(policy_path, "GPT.INI"), 'w').write(
- "[General]\r\nVersion=65543")
+ "[General]\r\nVersion=0")
p = os.path.join(policy_path, "MACHINE")
if not os.path.exists(p):
os.makedirs(p, 0775)
share_ldb.load_ldif_file_add(setup_path("share.ldif"))
logger.info("Setting up secrets.ldb")
- secrets_ldb = setup_secretsdb(paths.secrets, setup_path,
+ secrets_ldb = setup_secretsdb(paths, setup_path,
session_info=session_info,
backend_credentials=provision_backend.secrets_credentials, lp=lp)
logger.info("and %s for further documentation required for secure DNS "
"updates", paths.namedtxt)
- create_krb5_conf(paths.krb5conf, setup_path,
- dnsdomain=names.dnsdomain, hostname=names.hostname,
- realm=names.realm)
- logger.info("A Kerberos configuration suitable for Samba 4 has been "
- "generated at %s", paths.krb5conf)
-
lastProvisionUSNs = get_last_provision_usn(samdb)
maxUSN = get_max_usn(samdb, str(names.rootdn))
if lastProvisionUSNs is not None:
else:
set_provision_usn(samdb, 0, maxUSN)
+ create_krb5_conf(paths.krb5conf, setup_path,
+ dnsdomain=names.dnsdomain, hostname=names.hostname,
+ realm=names.realm)
+ logger.info("A Kerberos configuration suitable for Samba 4 has been "
+ "generated at %s", paths.krb5conf)
+
if serverrole == "domain controller":
create_dns_update_list(lp, logger, paths, setup_path)
os.chmod(dns_keytab_path, 0640)
os.chown(dns_keytab_path, -1, paths.bind_gid)
except OSError:
- logger.info("Failed to chown %s to bind gid %u", dns_keytab_path,
- paths.bind_gid)
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u", dns_keytab_path,
+ paths.bind_gid)
logger.info("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php",
os.chmod(dns_dir, 0775)
os.chmod(paths.dns, 0664)
except OSError:
- logger.error("Failed to chown %s to bind gid %u" % (dns_dir, paths.bind_gid))
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.error("Failed to chown %s to bind gid %u" % (dns_dir, paths.bind_gid))
if targetdir is None:
os.system(rndc + " unfreeze " + lp.get("realm"))