$localenv->{TRUST_PASSWORD} = $remoteenv->{PASSWORD};
$localenv->{TRUST_DOMAIN} = $remoteenv->{DOMAIN};
$localenv->{TRUST_REALM} = $remoteenv->{REALM};
+ $localenv->{TRUST_DOMSID} = $remoteenv->{DOMSID};
my $samba_tool = Samba::bindir_path($self, "samba-tool");
# setup the trust
return $localenv
}
-sub provision_raw_prepare($$$$$$$$$$$)
+sub provision_raw_prepare($$$$$$$$$$$$)
{
my ($self, $prefix, $server_role, $hostname,
- $domain, $realm, $functional_level,
+ $domain, $realm, $samsid, $functional_level,
$password, $kdc_ipv4, $kdc_ipv6) = @_;
my $ctx;
my $netbiosname = uc($hostname);
$ctx->{domain} = $domain;
$ctx->{realm} = uc($realm);
$ctx->{dnsname} = lc($realm);
+ $ctx->{samsid} = $samsid;
$ctx->{functional_level} = $functional_level;
push (@provision_options, "--quiet");
push (@provision_options, "--domain=$ctx->{domain}");
push (@provision_options, "--realm=$ctx->{realm}");
+ if (defined($ctx->{samsid})) {
+ push (@provision_options, "--domain-sid=$ctx->{samsid}");
+ }
push (@provision_options, "--adminpass=$ctx->{password}");
push (@provision_options, "--krbtgtpass=krbtgt$ctx->{password}");
push (@provision_options, "--machinepass=machine$ctx->{password}");
DOMAIN => $ctx->{domain},
USERNAME => $ctx->{username},
REALM => $ctx->{realm},
+ SAMSID => $ctx->{samsid},
PASSWORD => $ctx->{password},
LDAPDIR => $ctx->{ldapdir},
LDAP_INSTANCE => $ctx->{ldap_instance},
$ret->{RESOLV_WRAPPER_HOSTS} = $ctx->{dns_host_file};
}
+ if ($ctx->{server_role} eq "domain controller") {
+ $ret->{DOMSID} = $ret->{SAMSID};
+ }
+
return $ret;
}
$password, $kdc_ipv4, $kdc_ipv6, $extra_smbconf_options, $extra_smbconf_shares,
$extra_provision_options) = @_;
+ my $samsid = Samba::random_domain_sid();
+
my $ctx = $self->provision_raw_prepare($prefix, $server_role,
$hostname,
- $domain, $realm, $functional_level,
+ $domain, $realm,
+ $samsid,
+ $functional_level,
$password, $kdc_ipv4, $kdc_ipv6);
if (defined($extra_provision_options)) {
$ret->{MEMBER_USERNAME} = $ret->{USERNAME};
$ret->{MEMBER_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
$ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME};
$ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD};
+ $ret->{DOMSID} = $dcvars->{DOMSID};
$ret->{DC_SERVER} = $dcvars->{DC_SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
$ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6};
"promotedvdc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
+ $dcvars->{SAMSID},
"2008",
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},
$name,
$dcvars->{DOMAIN},
$dcvars->{REALM},
+ $dcvars->{DOMSID},
$fl,
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},
print "PROVISIONING SUBDOMAIN DC...\n";
# We do this so that we don't run the provision. That's the job of 'net vampire'.
+ my $samsid = undef; # TODO pass the domain sid all the way down
my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
"localsubdc",
"SAMBASUBDOM",
"sub.samba.example.com",
+ $samsid,
"2008",
$dcvars->{PASSWORD},
undef);
"rodc",
$dcvars->{DOMAIN},
$dcvars->{REALM},
+ $dcvars->{DOMSID},
"2008",
$dcvars->{PASSWORD},
$dcvars->{SERVER_IP},