-#!/usr/bin/env smbscript
+#!/bin/sh
+exec smbscript "$0" ${1+"$@"}
/*
provision a Samba4 server
Copyright Andrew Tridgell 2005
Released under the GNU GPL v2 or later
*/
-options = new Object();
-ok = GetOptions(ARGV, options,
+options = GetOptions(ARGV,
"POPT_AUTOHELP",
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
+ "POPT_COMMON_CREDENTIALS",
'realm=s',
'domain=s',
'domain-guid=s',
'domain-sid=s',
+ 'policy-guid=s',
'host-name=s',
'host-ip=s',
'host-guid=s',
'adminpass=s',
'krbtgtpass=s',
'machinepass=s',
+ 'dnspass=s',
'root=s',
'nobody=s',
'nogroup=s',
'wheel=s',
'users=s',
- 'quiet');
-if (ok == false) {
- println("Failed to parse options: " + options.ERROR);
+ 'quiet',
+ 'blank',
+ 'server-role=s',
+ 'partitions-only',
+ 'ldap-base',
+ 'ldap-backend=s',
+ 'ldap-module=s',
+ 'aci=s');
+
+if (options == undefined) {
+ println("Failed to parse options");
return -1;
}
/*
print a message if quiet is not set
*/
-function message()
+function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
print("
Samba4 provisioning
-provision.pl [options]
+provision [options]
--realm REALM set realm
--domain DOMAIN set domain
--domain-guid GUID set domainguid (otherwise random)
--host-name HOSTNAME set hostname
--host-ip IPADDRESS set ipaddress
--host-guid GUID set hostguid (otherwise random)
+ --policy-guid GUID set group policy guid (otherwise random)
--invocationid GUID set invocationid (otherwise random)
--adminpass PASSWORD choose admin password (otherwise random)
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
--wheel GROUPNAME choose 'wheel' privileged group
--users GROUPNAME choose 'users' group
--quiet Be quiet
-
+ --blank do not add users or groups, just the structure
+ --server-role ROLE Set server role to provision for (default standalone)
+ --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC)
+ --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
+ --ldap-backend LDAPSERVER LDAP server to use for this provision
+ --ldap-module MODULE LDB mapping module to use for the LDAP backend
+ --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain
");
ShowHelp();
}
+/* cope with an initially blank smb.conf */
+var lp = loadparm_init();
+lp.set("realm", options.realm);
+lp.set("workgroup", options.domain);
+lp.set("server role", options["server-role"]);
+lp.reload();
+
var subobj = provision_guess();
for (r in options) {
var key = strupper(join("", split("-", r)));
subobj[key] = options[r];
}
+var blank = (options["blank"] != undefined);
+var ldapbase = (options["ldap-base"] != undefined);
+var ldapbackend = (options["ldap-backend"] != undefined);
+var ldapmodule = (options["ldap-module"] != undefined);
+var partitions_only = (options["partitions-only"] != undefined);
+var paths = provision_default_paths(subobj);
+if (options["aci"] != undefined) {
+ message("set ACI: %s\n", subobj["ACI"]);
+}
+
+message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);
+
+provision_fix_subobj(subobj, paths);
+
+if (ldapbackend) {
+ if (options["ldap-backend"] == "ldapi") {
+ subobj.LDAPBACKEND = subobj.LDAPI_URI;
+ }
+ if (!ldapmodule) {
+ subobj.LDAPMODULE = "entryuuid";
+ subobj.TDB_MODULES_LIST = "";
+ }
+ subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
+ subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
+ subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
+ subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
+ subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
+ subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
+ message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
+}
+
+if (!provision_validate(subobj, message)) {
+ return -1;
+}
+
+var system_session = system_session();
+var creds = options.get_credentials();
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
-provision(subobj, message);
+if (ldapbase) {
+ provision_ldapbase(subobj, message, paths);
+ message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
+} else if (partitions_only) {
+ provision_become_dc(subobj, message, false, paths, system_session);
+} else {
+ provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
+ provision_dns(subobj, message, paths, system_session, creds);
+ message("To reproduce this provision, run with:\n");
+/* There has to be a better way than this... */
+ message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF);
+ if (subobj.DOMAINGUID != undefined) {
+ message("--domain-guid='%s' \\\n", subobj.DOMAINGUID);
+ }
+ if (subobj.HOSTGUID != undefined) {
+ message("--host-guid='%s' \\\n", subobj.HOSTGUID);
+ }
+ message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
+ message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
+ message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
+ message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
+ message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
+ message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE);
+ if (ldapbackend) {
+ message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND);
+ }
+ if (ldapmodule) {
+ message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE);
+ }
+ message("--aci='" + subobj.ACI + "' \\\n")
+}
+
+
message("All OK\n");
return 0;