2 exec smbscript "$0" ${1+"$@"}
4 provision a Samba4 server
5 Copyright Andrew Tridgell 2005
6 Released under the GNU GPL v2 or later
9 options = GetOptions(ARGV,
12 "POPT_COMMON_VERSION",
13 "POPT_COMMON_CREDENTIALS",
41 if (options == undefined) {
42 println("Failed to parse options");
46 libinclude("base.js");
47 libinclude("provision.js");
50 print a message if quiet is not set
54 if (options["quiet"] == undefined) {
55 print(vsprintf(arguments));
68 --realm REALM set realm
69 --domain DOMAIN set domain
70 --domain-guid GUID set domainguid (otherwise random)
71 --domain-sid SID set domainsid (otherwise random)
72 --host-name HOSTNAME set hostname
73 --host-ip IPADDRESS set ipaddress
74 --host-guid GUID set hostguid (otherwise random)
75 --policy-guid GUID set group policy guid (otherwise random)
76 --invocationid GUID set invocationid (otherwise random)
77 --adminpass PASSWORD choose admin password (otherwise random)
78 --krbtgtpass PASSWORD choose krbtgt password (otherwise random)
79 --machinepass PASSWORD choose machine password (otherwise random)
80 --root USERNAME choose 'root' unix username
81 --nobody USERNAME choose 'nobody' user
82 --nogroup GROUPNAME choose 'nogroup' group
83 --wheel GROUPNAME choose 'wheel' privileged group
84 --users GROUPNAME choose 'users' group
86 --blank do not add users or groups, just the structure
87 --server-role ROLE Set server role to provision for (default standalone)
88 --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC)
89 --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
90 --ldap-backend LDAPSERVER LDAP server to use for this provision
91 --ldap-module MODULE LDB mapping module to use for the LDAP backend
92 --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
93 You must provide at least a realm and domain
99 if (options['host-name'] == undefined) {
100 options['host-name'] = hostname();
106 if (options["realm"] == undefined ||
107 options["domain"] == undefined ||
108 options["host-name"] == undefined) {
112 /* cope with an initially blank smb.conf */
113 var lp = loadparm_init();
114 lp.set("realm", options.realm);
115 lp.set("workgroup", options.domain);
116 lp.set("server role", options["server-role"]);
119 var subobj = provision_guess();
121 var key = strupper(join("", split("-", r)));
122 subobj[key] = options[r];
125 var blank = (options["blank"] != undefined);
126 var ldapbase = (options["ldap-base"] != undefined);
127 var ldapbackend = (options["ldap-backend"] != undefined);
128 var ldapmodule = (options["ldap-module"] != undefined);
129 var partitions_only = (options["partitions-only"] != undefined);
130 var paths = provision_default_paths(subobj);
131 if (options["aci"] != undefined) {
132 message("set ACI: %s\n", subobj["ACI"]);
135 message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);
137 provision_fix_subobj(subobj, paths);
140 if (options["ldap-backend"] == "ldapi") {
141 subobj.LDAPBACKEND = subobj.LDAPI_URI;
144 subobj.LDAPMODULE = "entryUUID";
146 subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
147 subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
148 subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
149 subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
150 subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
151 subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
152 message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
155 if (!provision_validate(subobj, message)) {
159 var system_session = system_session();
160 var creds = options.get_credentials();
161 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
162 message("Using administrator password: %s\n", subobj.ADMINPASS);
164 provision_ldapbase(subobj, message, paths);
165 message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
166 } else if (partitions_only) {
167 provision_become_dc(subobj, message, false, paths, system_session);
169 provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
170 provision_dns(subobj, message, paths, system_session, creds);
171 message("To reproduce this provision, run with:\n");
172 /* There has to be a better way than this... */
173 message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF);
174 if (subobj.DOMAINGUID != undefined) {
175 message("--domain-guid='%s' \\\n", subobj.DOMAINGUID);
177 if (subobj.HOSTGUID != undefined) {
178 message("--host-guid='%s' \\\n", subobj.HOSTGUID);
180 message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
181 message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
182 message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
183 message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
184 message("--root='%s' --nobody='%s' --nogroup-'%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
185 message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE);
187 message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND);
190 message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE);
192 message("--aci='" + subobj.ACI + "' \\\n")