function provision_default_paths(subobj)
{
+ /* subobj.DNSDOMAIN isn't available at this point */
+ var dnsdomain = strlower(subobj.REALM);
var lp = loadparm_init();
var paths = new Object();
paths.smbconf = lp.get("config file");
paths.shareconf = lp.get("private dir") + "/" + "share.ldb";
- paths.hklm = "hklm.ldb";
- paths.hkcu = "hkcu.ldb";
- paths.hkcr = "hkcr.ldb";
- paths.hku = "hku.ldb";
- paths.hkpd = "hkpd.ldb";
- paths.hkpt = "hkpt.ldb";
paths.samdb = lp.get("sam database");
paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab";
- paths.dns = lp.get("private dir") + "/" + subobj.DNSDOMAIN + ".zone";
+ paths.dns_keytab = "dns.keytab";
+ paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab;
+ paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
+ paths.named_conf = lp.get("private dir") + "/named.conf";
paths.winsdb = "wins.ldb";
paths.ldapdir = lp.get("private dir") + "/ldap";
- paths.ldap_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + ".ldif";
- paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-config.ldif";
- paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + subobj.DNSDOMAIN + "-schema.ldif";
+ paths.ldap_basedn_ldif = paths.ldapdir + "/" + dnsdomain + ".ldif";
+ paths.ldap_config_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-config.ldif";
+ paths.ldap_schema_basedn_ldif = paths.ldapdir + "/" + dnsdomain + "-schema.ldif";
+
+ paths.sysvol = lp.get("sysvol", "path");
+
+ if (paths.sysvol == undefined) {
+ paths.sysvol = lp.get("lock dir") + "/sysvol";
+ }
+
+ paths.netlogon = lp.get("netlogon", "path");
+
+ if (paths.netlogon == undefined) {
+ paths.netlogon = paths.sysvol + "/" + dnsdomain + "/scripts";
+ }
+
return paths;
}
return true;
}
-function provision_fix_subobj(subobj, message, paths)
+function provision_fix_subobj(subobj, paths)
{
+ var ldb = ldb_init();
+
subobj.REALM = strupper(subobj.REALM);
subobj.HOSTNAME = strlower(subobj.HOSTNAME);
subobj.DOMAIN = strupper(subobj.DOMAIN);
assert(valid_netbios_name(subobj.DOMAIN));
subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
assert(valid_netbios_name(subobj.NETBIOSNAME));
+ subobj.DNSDOMAIN = strlower(subobj.REALM);
+ subobj.DNSNAME = sprintf("%s.%s",
+ strlower(subobj.HOSTNAME),
+ subobj.DNSDOMAIN);
+ var rdn_list = split(".", subobj.DNSDOMAIN);
+ subobj.DOMAINDN = "DC=" + join(",DC=", rdn_list);
+ subobj.ROOTDN = subobj.DOMAINDN;
+ subobj.CONFIGDN = "CN=Configuration," + subobj.ROOTDN;
+ subobj.SCHEMADN = "CN=Schema," + subobj.CONFIGDN;
+
+ subobj.MACHINEPASS_B64 = ldb.encode(subobj.MACHINEPASS);
+ subobj.KRBTGTPASS_B64 = ldb.encode(subobj.KRBTGTPASS);
+ subobj.ADMINPASS_B64 = ldb.encode(subobj.ADMINPASS);
+ subobj.DNSPASS_B64 = ldb.encode(subobj.DNSPASS);
+
var rdns = split(",", subobj.DOMAINDN);
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
subobj.SAM_LDB = "tdb://" + paths.samdb;
subobj.SECRETS_KEYTAB = paths.keytab;
+ subobj.DNS_KEYTAB = paths.dns_keytab;
+ subobj.DNS_KEYTAB_ABS = paths.dns_keytab_abs;
subobj.LDAPDIR = paths.ldapdir;
+ var ldap_path_list = split("/", paths.ldapdir);
+ subobj.LDAPI_URI = "ldapi://" + join("%2F", ldap_path_list) + "%2Fldapi";
+
+ subobj.LDAPMANAGERDN = "cn=Manager," + subobj.DOMAINDN;
+
+ subobj.NETLOGONPATH = paths.netlogon;
+ subobj.SYSVOLPATH = paths.sysvol;
return true;
}
var sys = sys_init();
var info = new Object();
- var ok = provision_fix_subobj(subobj, message, paths);
+ var ok = provision_fix_subobj(subobj, paths);
assert(ok);
info.subobj = subobj;
var sys = sys_init();
var info = new Object();
- var ok = provision_fix_subobj(subobj, message, paths);
+ var ok = provision_fix_subobj(subobj, paths);
assert(ok);
if (subobj.DOMAINGUID != undefined) {
/* only install a new smb.conf if there isn't one there already */
var st = sys.stat(paths.smbconf);
if (st == undefined) {
- message("Setting up smb.conf\n");
+ message("Setting up " + paths.smbconf +"\n");
setup_file("provision.smb.conf", info.message, paths.smbconf, subobj);
lp.reload();
}
setup_ldb("secrets_init.ldif", info, paths.secrets);
setup_ldb("secrets.ldif", info, paths.secrets, false);
- message("Setting up hklm.ldb\n");
- setup_ldb("hklm.ldif", info, paths.hklm);
+ message("Setting up the registry\n");
+ var reg = reg_open();
+ reg.apply_patchfile(lp.get("setup directory") + "/provision.reg")
message("Setting up sam.ldb partitions\n");
/* Also wipes the database */
var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
+ message("%s", "Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.DOMAINDN_LDB + ": " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
};
assert(modify_ok);
var modify_ok = setup_ldb_modify("provision_configuration_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify configuration dn: " + samdb.errstring() + "\n");
+ message("%s", "Failed to both add and modify " + subobj.CONFIGDN + " in target " + subobj.CONFIGDN_LDB + ": " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
assert(modify_ok);
}
var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify schema dn: + samdb.errstring() + "\n");
+ message("%s", "Failed to both add and modify " + subobj.SCHEMADN + " in target " + subobj.SCHEMADN_LDB + ": " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
assert(modify_ok);
}
message("Setting up sam.ldb users and groups\n");
setup_add_ldif("provision_users.ldif", info, samdb, false);
+ if (lp.get("server role") == "domain controller") {
+ message("Setting up self join\n");
+ setup_add_ldif("provision_self_join.ldif", info, samdb, false);
+ setup_add_ldif("provision_group_policy.ldif", info, samdb, false);
+
+ sys.mkdir(paths.sysvol, 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN, 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/Machine", 0755);
+ sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755);
+
+ sys.mkdir(paths.netlogon, 0755);
+ }
+
if (setup_name_mappings(info, samdb) == false) {
return false;
}
var sys = sys_init();
var info = new Object();
- var ok = provision_fix_subobj(subobj, message, paths);
+ var ok = provision_fix_subobj(subobj, paths);
assert(ok);
info.subobj = subobj;
var modify_ok = setup_ldb_modify("provision_schema_basedn_modify.ldif", info, samdb);
if (!modify_ok) {
if (!add_ok) {
- message("Failed to both add and modify schema dn: + samdb.errstring() + "\n");
+ message("Failed to both add and modify schema dn: " + samdb.errstring() + "\n");
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
assert(modify_ok);
}
/* Write out a DNS zone file, from the info in the current database */
function provision_dns(subobj, message, paths, session_info, credentials)
{
+ var lp = loadparm_init();
+ if (lp.get("server role") != "domain controller") {
+ message("No DNS zone required for role %s\n", lp.get("server role"));
+ return;
+ }
message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
var ldb = ldb_init();
ldb.session_info = session_info;
message, paths.dns,
subobj);
- message("Please install the zone located in " + paths.dns + " into your DNS server\n");
+ setup_file("named.conf",
+ message, paths.named_conf,
+ subobj);
+
+ message("Please install the zone located in " + paths.dns + " into your DNS server. A sample BIND configuration snippit is at " + paths.named_conf + "\n");
}
/* Write out a DNS zone file, from the info in the current database */
function provision_ldapbase(subobj, message, paths)
{
+ var ok = provision_fix_subobj(subobj, paths);
+ assert(ok);
+
message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
var rdns = split(",", subobj.DOMAINDN);
subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
subobj.POLICYGUID = randguid();
subobj.KRBTGTPASS = randpass(12);
subobj.MACHINEPASS = randpass(12);
+ subobj.DNSPASS = randpass(12);
subobj.ADMINPASS = randpass(12);
subobj.LDAPMANAGERPASS = randpass(12);
subobj.DEFAULTSITE = "Default-First-Site-Name";
subobj.BACKUP = findnss(nss.getgrnam, "backup", "wheel", "root", "staff");
subobj.USERS = findnss(nss.getgrnam, "users", "guest", "other", "unknown", "usr");
- subobj.DNSDOMAIN = strlower(subobj.REALM);
- subobj.DNSNAME = sprintf("%s.%s",
- strlower(subobj.HOSTNAME),
- subobj.DNSDOMAIN);
- rdn_list = split(".", subobj.DNSDOMAIN);
- subobj.DOMAINDN = "DC=" + join(",DC=", rdn_list);
- subobj.DOMAINDN_LDB = "users.ldb";
- subobj.ROOTDN = subobj.DOMAINDN;
- subobj.CONFIGDN = "CN=Configuration," + subobj.ROOTDN;
- subobj.CONFIGDN_LDB = "configuration.ldb";
- subobj.SCHEMADN = "CN=Schema," + subobj.CONFIGDN;
- subobj.SCHEMADN_LDB = "schema.ldb";
-
//Add modules to the list to activate them by default
//beware often order is important
//
"extended_dn",
"asq",
"samldb",
- "password_hash",
"operational",
"objectclass",
"rdn_name",
"show_deleted",
"partition");
subobj.MODULES_LIST = join(",", modules_list);
- subobj.DOMAINDN_MOD = "objectguid";
- subobj.CONFIGDN_MOD = "objectguid";
- subobj.SCHEMADN_MOD = "objectguid";
+ subobj.DOMAINDN_LDB = "users.ldb";
+ subobj.CONFIGDN_LDB = "configuration.ldb";
+ subobj.SCHEMADN_LDB = "schema.ldb";
+ subobj.DOMAINDN_MOD = "pdc_fsmo,password_hash";
+ subobj.CONFIGDN_MOD = "naming_fsmo";
+ subobj.SCHEMADN_MOD = "schema_fsmo";
+ subobj.DOMAINDN_MOD2 = ",objectguid";
+ subobj.CONFIGDN_MOD2 = ",objectguid";
+ subobj.SCHEMADN_MOD2 = ",objectguid";
subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
subobj.ACI = "# no aci for local ldb";
+
return subobj;
}