import shutil
from credentials import Credentials, DONT_USE_KERBEROS
-from auth import system_session
+from auth import system_session, admin_session
from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \
DS_BEHAVIOR_WIN2008
from samba.samdb import SamDB
return paths
-def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None,
- rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None,
- sitename=None):
+def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
+ serverrole=None, rootdn=None, domaindn=None, configdn=None,
+ schemadn=None, serverdn=None, sitename=None):
"""Guess configuration settings to use."""
if hostname is None:
else:
domain_oc = "samba4LocalDomain"
+#impersonate domain admin
+ admin_session_info = admin_session(lp, str(domainsid))
+ samdb.set_session_info(admin_session_info)
+
setup_add_ldif(samdb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
"DOMAIN_OC": domain_oc
dnspass=dnspass,
machinepass=machinepass,
domainsid=domainsid, policyguid=policyguid,
- setup_path=setup_path, domainControllerFunctionality=domainControllerFunctionality)
+ setup_path=setup_path,
+ domainControllerFunctionality=domainControllerFunctionality)
except:
samdb.transaction_cancel()
def provision(setup_dir, message, session_info,
- credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None,
+ credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL,
+ realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None,
policyguid=None, invocationid=None, machinepass=None,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None,
- ldap_backend_extra_port=None, ldap_backend_type=None, sitename=None,
+ ldap_backend_extra_port=None, ldap_backend_type=None,
+ sitename=None,
ol_mmr_urls=None, ol_olc=None,
setup_ds_path=None, slapd_path=None, nosync=False,
ldap_dryrun_mode=False):
if ldap_backend_type:
# We only support an LDAP backend over ldapi://
- provision_backend = ProvisionBackend(paths=paths, setup_path=setup_path, lp=lp, credentials=credentials,
+ provision_backend = ProvisionBackend(paths=paths, setup_path=setup_path,
+ lp=lp, credentials=credentials,
names=names,
- message=message, hostname=hostname,
- root=root, schema=schema, ldap_backend_type=ldap_backend_type,
+ message=message, hostname=hostname,
+ root=root, schema=schema,
+ ldap_backend_type=ldap_backend_type,
ldapadminpass=ldapadminpass,
ldap_backend_extra_port=ldap_backend_extra_port,
ol_mmr_urls=ol_mmr_urls,
if serverrole == "domain controller":
secrets_ldb = Ldb(paths.secrets, session_info=session_info,
credentials=credentials, lp=lp)
- secretsdb_become_dc(secrets_ldb, setup_path, domain=domain, realm=names.realm,
- netbiosname=names.netbiosname, domainsid=domainsid,
- keytab_path=paths.keytab, samdb_url=paths.samdb,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
- machinepass=machinepass, dnsdomain=names.dnsdomain)
+ secretsdb_become_dc(secrets_ldb, setup_path, domain=domain,
+ realm=names.realm,
+ netbiosname=names.netbiosname,
+ domainsid=domainsid,
+ keytab_path=paths.keytab, samdb_url=paths.samdb,
+ dns_keytab_path=paths.dns_keytab,
+ dnspass=dnspass, machinepass=machinepass,
+ dnsdomain=names.dnsdomain)
domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
assert isinstance(domainguid, str)
message("See %s for an example configuration include file for BIND" % paths.namedconf)
message("and %s for further documentation required for secure DNS updates" % paths.namedtxt)
- create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain,
- hostname=names.hostname, realm=names.realm)
+ create_krb5_conf(paths.krb5conf, setup_path,
+ dnsdomain=names.dnsdomain, hostname=names.hostname,
+ realm=names.realm)
message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf)
def provision_become_dc(setup_dir=None,
smbconf=None, targetdir=None, realm=None,
- rootdn=None, domaindn=None, schemadn=None, configdn=None,
- serverdn=None,
+ rootdn=None, domaindn=None, schemadn=None,
+ configdn=None, serverdn=None,
domain=None, hostname=None, domainsid=None,
adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, invocationid=None, machinepass=None,
dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, serverrole=None,
- ldap_backend=None, ldap_backend_type=None, sitename=None, debuglevel=1):
+ ldap_backend=None, ldap_backend_type=None,
+ sitename=None, debuglevel=1):
def message(text):
"""print a message if quiet is not set."""
glue.set_debug_level(debuglevel)
return provision(setup_dir, message, system_session(), None,
- smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm,
- rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn,
- domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename)
-
+ smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
+ realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
+ configdn=configdn, serverdn=serverdn, domain=domain,
+ hostname=hostname, hostip="127.0.0.1", domainsid=domainsid,
+ machinepass=machinepass, serverrole="domain controller",
+ sitename=sitename)
+
def setup_db_config(setup_path, dbdir):
"""Setup a Berkeley database.
self.ldap_backend_type = ldap_backend_type
if ldap_backend_type == "fedora-ds":
- provision_fds_backend(self, paths=paths, setup_path=setup_path, names=names, message=message,
- hostname=hostname, ldapadminpass=ldapadminpass, root=root,
- schema=schema, ldap_backend_extra_port=ldap_backend_extra_port,
- setup_ds_path=setup_ds_path, slapd_path=slapd_path,
- nosync=nosync, ldap_dryrun_mode=ldap_dryrun_mode)
+ provision_fds_backend(self, paths=paths, setup_path=setup_path,
+ names=names, message=message,
+ hostname=hostname,
+ ldapadminpass=ldapadminpass, root=root,
+ schema=schema,
+ ldap_backend_extra_port=ldap_backend_extra_port,
+ setup_ds_path=setup_ds_path,
+ slapd_path=slapd_path,
+ nosync=nosync,
+ ldap_dryrun_mode=ldap_dryrun_mode)
elif ldap_backend_type == "openldap":
- provision_openldap_backend(self, paths=paths, setup_path=setup_path, names=names, message=message,
- hostname=hostname, ldapadminpass=ldapadminpass, root=root,
- schema=schema, ldap_backend_extra_port=ldap_backend_extra_port,
+ provision_openldap_backend(self, paths=paths, setup_path=setup_path,
+ names=names, message=message,
+ hostname=hostname,
+ ldapadminpass=ldapadminpass, root=root,
+ schema=schema,
+ ldap_backend_extra_port=ldap_backend_extra_port,
ol_mmr_urls=ol_mmr_urls,
slapd_path=slapd_path,
- nosync=nosync, ldap_dryrun_mode=ldap_dryrun_mode)
+ nosync=nosync,
+ ldap_dryrun_mode=ldap_dryrun_mode)
else:
raise ProvisioningError("Unknown LDAP backend type selected")
raise ProvisioningError("slapd died before we could make a connection to it")
-def provision_openldap_backend(result, paths=None, setup_path=None, names=None, message=None,
+def provision_openldap_backend(result, paths=None, setup_path=None, names=None,
+ message=None,
hostname=None, ldapadminpass=None, root=None,
schema=None,
ldap_backend_extra_port=None,
os.remove(paths.slapdconf)
-def provision_fds_backend(result, paths=None, setup_path=None, names=None, message=None,
+def provision_fds_backend(result, paths=None, setup_path=None, names=None,
+ message=None,
hostname=None, ldapadminpass=None, root=None,
schema=None,
ldap_backend_extra_port=None,
def create_zone_file(path, setup_path, dnsdomain, domaindn,
- hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid):
+ hostip, hostip6, hostname, dnspass, realm, domainguid,
+ hostguid):
"""Write out a DNS zone file, from the info in the current database.
:param path: Path of the new zone file.
})
-
git.samba.org / ira / wip.git / blobdiff