# Unix SMB/CIFS implementation.
# backend code for provisioning a Samba4 server
-# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2010
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2012
# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008-2009
# Copyright (C) Oliver Liebel <oliver@itc.li> 2008-2009
#
import uuid
import socket
import urllib
-import shutil
import string
import ldb
from samba.dsdb import DS_DOMAIN_FUNCTION_2000
from samba import (
Ldb,
+ MAX_NETBIOS_NAME_LEN,
check_all_substituted,
- read_and_sub_file,
+ is_valid_netbios_char,
setup_file,
substitute_var,
valid_netbios_name,
get_config_descriptor,
get_domain_descriptor
)
-from samba.provision.sambadns import setup_ad_dns, create_dns_update_list
+from samba.provision.common import (
+ setup_path,
+ setup_add_ldif,
+ setup_modify_ldif,
+ )
+from samba.provision.sambadns import (
+ setup_ad_dns,
+ create_dns_update_list
+ )
import samba.param
import samba.registry
from samba.dbchecker import dbcheck
-VALID_NETBIOS_CHARS = " !#$%&'()-.@^_{}~"
DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04fB984F9"
DEFAULTSITE = "Default-First-Site-Name"
LAST_PROVISION_USN_ATTRIBUTE = "lastProvisionUSN"
-def setup_path(file):
- """Return an absolute path to the provision tempate file specified by file"""
- return os.path.join(samba.param.setup_dir(), file)
-
-
class ProvisionPaths(object):
def __init__(self):
self.dns = None
self.winsdb = None
self.private_dir = None
+ self.phpldapadminconfig = None
class ProvisionNames(object):
raise ProvisioningError("Unable to find uid/gid for Domain Admins rid")
return names
+
def update_provision_usn(samdb, low, high, id, replace=False):
"""Update the field provisionUSN in sam.ldb
class ProvisionResult(object):
+ """Result of a provision.
+
+ :ivar server_role: The server role
+ :ivar paths: ProvisionPaths instance
+ :ivar domaindn: The domain dn, as string
+ """
def __init__(self):
+ self.server_role = None
self.paths = None
self.domaindn = None
self.lp = None
self.samdb = None
self.idmap = None
self.names = None
+ self.domainsid = None
+ self.adminpass_generated = None
+ self.adminpass = None
+ self.backend_result = None
+
+ def report_logger(self, logger):
+ """Report this provision result to a logger."""
+ logger.info(
+ "Once the above files are installed, your Samba4 server will "
+ "be ready to use")
+ if self.adminpass_generated:
+ logger.info("Admin password: %s", self.adminpass)
+ logger.info("Server Role: %s", self.server_role)
+ logger.info("Hostname: %s", self.names.hostname)
+ logger.info("NetBIOS Domain: %s", self.names.domain)
+ logger.info("DNS Domain: %s", self.names.dnsdomain)
+ logger.info("DOMAIN SID: %s", self.domainsid)
+
+ if self.paths.phpldapadminconfig is not None:
+ logger.info(
+ "A phpLDAPadmin configuration file suitable for administering "
+ "the Samba 4 LDAP server has been created in %s.",
+ self.paths.phpldapadminconfig)
+
+ if self.backend_result:
+ self.backend_result.report_logger(logger)
def check_install(lp, session_info, credentials):
findnss_gid = lambda names: findnss(grp.getgrnam, names)[2]
-def setup_add_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
- """Setup a ldb in the private dir.
-
- :param ldb: LDB file to import data into
- :param ldif_path: Path of the LDIF file to load
- :param subst_vars: Optional variables to subsitute in LDIF.
- :param nocontrols: Optional list of controls, can be None for no controls
- """
- assert isinstance(ldif_path, str)
- data = read_and_sub_file(ldif_path, subst_vars)
- ldb.add_ldif(data, controls)
-
-
-def setup_modify_ldif(ldb, ldif_path, subst_vars=None,controls=["relax:0"]):
- """Modify a ldb in the private dir.
-
- :param ldb: LDB object.
- :param ldif_path: LDIF file path.
- :param subst_vars: Optional dictionary with substitution variables.
- """
- data = read_and_sub_file(ldif_path, subst_vars)
- ldb.modify_ldif(data, controls)
-
-
-def setup_ldb(ldb, ldif_path, subst_vars):
- """Import a LDIF a file into a LDB handle, optionally substituting
- variables.
-
- :note: Either all LDIF data will be added or none (using transactions).
-
- :param ldb: LDB file to import into.
- :param ldif_path: Path to the LDIF file.
- :param subst_vars: Dictionary with substitution variables.
- """
- assert ldb is not None
- ldb.transaction_start()
- try:
- setup_add_ldif(ldb, ldif_path, subst_vars)
- except Exception:
- ldb.transaction_cancel()
- raise
- else:
- ldb.transaction_commit()
-
-
def provision_paths_from_lp(lp, dnsdomain):
"""Set the default paths for provisioning.
return paths
+def determine_netbios_name(hostname):
+ """Determine a netbios name from a hostname."""
+ # remove forbidden chars and force the length to be <16
+ netbiosname = "".join([x for x in hostname if is_valid_netbios_char(x)])
+ return netbiosname[:MAX_NETBIOS_NAME_LEN].upper()
+
+
def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
serverrole=None, rootdn=None, domaindn=None, configdn=None,
schemadn=None, serverdn=None, sitename=None):
netbiosname = lp.get("netbios name")
if netbiosname is None:
- netbiosname = hostname
- # remove forbidden chars
- newnbname = ""
- for x in netbiosname:
- if x.isalnum() or x in VALID_NETBIOS_CHARS:
- newnbname = "%s%c" % (newnbname, x)
- # force the length to be <16
- netbiosname = newnbname[0:15]
- assert netbiosname is not None
+ netbiosname = determine_netbios_name(hostname)
netbiosname = netbiosname.upper()
if not valid_netbios_name(netbiosname):
raise InvalidNetbiosName(netbiosname)
raise ProvisioningError("guess_names: 'realm=%s' in %s must match chosen realm '%s'! Please remove the smb.conf file and let provision generate it" % (lp.get("realm").upper(), realm, lp.configfile))
if lp.get("server role").lower() != serverrole:
- raise ProvisioningError("guess_names: 'server role=%s' in %s must match chosen server role '%s'! Please remove the smb.conf file and let provision generate it" % (lp.get("server role"), serverrole, lp.configfile))
+ raise ProvisioningError("guess_names: 'server role=%s' in %s must match chosen server role '%s'! Please remove the smb.conf file and let provision generate it" % (lp.get("server role"), lp.configfile, serverrole))
if serverrole == "domain controller":
if domain is None:
schemadn = "CN=Schema," + configdn
if sitename is None:
- sitename=DEFAULTSITE
+ sitename = DEFAULTSITE
names = ProvisionNames()
names.rootdn = rootdn
return names
-def make_smbconf(smbconf, hostname, domain, realm, serverrole,
- targetdir, sid_generator="internal", eadb=False, lp=None):
+def make_smbconf(smbconf, hostname, domain, realm, targetdir,
+ serverrole=None, sid_generator=None, eadb=False, lp=None,
+ server_services=None):
"""Create a new smb.conf file based on a couple of basic settings.
"""
assert smbconf is not None
+
if hostname is None:
hostname = socket.gethostname().split(".")[0]
- netbiosname = hostname.upper()
- # remove forbidden chars
- newnbname = ""
- for x in netbiosname:
- if x.isalnum() or x in VALID_NETBIOS_CHARS:
- newnbname = "%s%c" % (newnbname, x)
- #force the length to be <16
- netbiosname = newnbname[0:15]
- else:
- netbiosname = hostname.upper()
+
+ netbiosname = determine_netbios_name(hostname)
if serverrole is None:
serverrole = "standalone"
- assert serverrole in ("domain controller", "member server", "standalone")
- if serverrole == "domain controller":
- smbconfsuffix = "dc"
- elif serverrole == "member server":
- smbconfsuffix = "member"
- elif serverrole == "standalone":
- smbconfsuffix = "standalone"
+ try:
+ smbconfsuffix = {
+ "domain controller": "dc",
+ "member server": "member",
+ "standalone": "standalone"}[serverrole]
+ except KeyError:
+ raise ValueError("server role %r invalid" % serverrole)
if sid_generator is None:
sid_generator = "internal"
privdir = lp.get("private dir")
lp.set("posix:eadb", os.path.abspath(os.path.join(privdir, "eadb.tdb")))
+ if server_services is not None:
+ server_services_line = "server services = " + " ".join(server_services)
+ else:
+ server_services_line = ""
+
if targetdir is not None:
privatedir_line = "private dir = " + os.path.abspath(os.path.join(targetdir, "private"))
lockdir_line = "lock dir = " + os.path.abspath(targetdir)
"PRIVATEDIR_LINE": privatedir_line,
"LOCKDIR_LINE": lockdir_line,
"STATEDIR_LINE": statedir_line,
- "CACHEDIR_LINE": cachedir_line
+ "CACHEDIR_LINE": cachedir_line,
+ "SERVER_SERVICES_LINE": server_services_line
})
# reload the smb.conf
# this ensures that any smb.conf parameters that were set
# on the provision/join command line are set in the resulting smb.conf
f = open(smbconf, mode='w')
- lp.dump(f, False)
- f.close()
-
+ try:
+ lp.dump(f, False)
+ finally:
+ f.close()
def setup_name_mappings(idmap, sid, root_uid, nobody_uid,
lp=lp, options=["modules:"])
ldap_backend_line = "# No LDAP backend"
- if provision_backend.type is not "ldb":
+ if provision_backend.type != "ldb":
ldap_backend_line = "ldapBackend: %s" % provision_backend.ldap_uri
samdb.transaction_start()
logger.info("Setting up sam.ldb rootDSE")
setup_samdb_rootdse(samdb, names)
- except Exception:
+ except:
samdb.transaction_cancel()
raise
else:
path = paths.secrets
- secrets_ldb = Ldb(path, session_info=session_info,
- lp=lp)
+ secrets_ldb = Ldb(path, session_info=session_info, lp=lp)
secrets_ldb.erase()
secrets_ldb.load_ldif_file_add(setup_path("secrets_init.ldif"))
- secrets_ldb = Ldb(path, session_info=session_info,
- lp=lp)
+ secrets_ldb = Ldb(path, session_info=session_info, lp=lp)
secrets_ldb.transaction_start()
try:
secrets_ldb.load_ldif_file_add(setup_path("secrets.ldif"))
"LDAPADMINREALM": backend_credentials.get_realm(),
"LDAPADMINPASS_B64": b64encode(backend_credentials.get_password())
})
- except Exception:
+ except:
secrets_ldb.transaction_cancel()
raise
return secrets_ldb
-
def setup_privileges(path, session_info, lp):
"""Setup the privileges database.
})
-def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
- domainsid, next_rid, invocationid,
- policyguid, policyguid_dc, domainControllerFunctionality,
- ntdsguid, dc_rid=None):
+def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
+ dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc,
+ domainControllerFunctionality, ntdsguid=None, dc_rid=None):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
if ntdsguid is not None:
"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn})
- # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
+ # If we are setting up a subdomain, then this has been replicated in, so we
+ # don't need to add it
if fill == FILL_FULL:
setup_add_ldif(samdb, setup_path("provision_self_join_config.ldif"), {
"CONFIGDN": names.configdn,
domainControllerFunctionality)})
# Setup fSMORoleOwner entries to point at the newly created DC entry
- setup_modify_ldif(samdb, setup_path("provision_self_join_modify_config.ldif"), {
+ setup_modify_ldif(samdb,
+ setup_path("provision_self_join_modify_config.ldif"), {
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DEFAULTSITE": names.sitename,
system_session_info = system_session()
samdb.set_session_info(system_session_info)
- # Setup fSMORoleOwner entries to point at the newly created DC entry
-
- # to modify a serverReference under cn=config when we are a subdomain, we must
+ # Setup fSMORoleOwner entries to point at the newly created DC entry to
+ # modify a serverReference under cn=config when we are a subdomain, we must
# be system due to ACLs
setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
"DOMAINDN": names.domaindn,
:param guid: The GUID of the policy
:return: A string with the complete path to the policy folder
"""
-
if guid[0] != "{":
guid = "{%s}" % guid
policy_path = os.path.join(sysvolpath, dnsdomain, "Policies", guid)
def create_gpo_struct(policy_path):
if not os.path.exists(policy_path):
os.makedirs(policy_path, 0775)
- open(os.path.join(policy_path, "GPT.INI"), 'w').write(
- "[General]\r\nVersion=0")
+ f = open(os.path.join(policy_path, "GPT.INI"), 'w')
+ try:
+ f.write("[General]\r\nVersion=0")
+ finally:
+ f.close()
p = os.path.join(policy_path, "MACHINE")
if not os.path.exists(p):
os.makedirs(p, 0775)
return samdb
+
def fill_samdb(samdb, lp, names,
logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
msg["subRefs"] = ldb.MessageElement(names.configdn , ldb.FLAG_MOD_ADD,
"subRefs")
- except Exception:
+ except:
samdb.transaction_cancel()
raise
else:
})
logger.info("Setting up self join")
- setup_self_join(samdb, admin_session_info, names=names, fill=fill, invocationid=invocationid,
- dnspass=dnspass,
- machinepass=machinepass,
- domainsid=domainsid,
- next_rid=next_rid,
- dc_rid=dc_rid,
- policyguid=policyguid,
- policyguid_dc=policyguid_dc,
- domainControllerFunctionality=domainControllerFunctionality,
- ntdsguid=ntdsguid)
+ setup_self_join(samdb, admin_session_info, names=names, fill=fill,
+ invocationid=invocationid,
+ dnspass=dnspass,
+ machinepass=machinepass,
+ domainsid=domainsid,
+ next_rid=next_rid,
+ dc_rid=dc_rid,
+ policyguid=policyguid,
+ policyguid_dc=policyguid_dc,
+ domainControllerFunctionality=domainControllerFunctionality,
+ ntdsguid=ntdsguid)
ntds_dn = "CN=NTDS Settings,%s" % names.serverdn
names.ntdsguid = samdb.searchone(basedn=ntds_dn,
attribute="objectGUID", expression="", scope=ldb.SCOPE_BASE)
assert isinstance(names.ntdsguid, str)
- except Exception:
+ except:
samdb.transaction_cancel()
raise
else:
if invocationid is None:
invocationid = str(uuid.uuid4())
- if adminpass is None:
- adminpass = samba.generate_random_password(12, 32)
if krbtgtpass is None:
krbtgtpass = samba.generate_random_password(128, 255)
if machinepass is None:
# fix any dangling GUIDs from the provision
logger.info("Fixing provision GUIDs")
- chk = dbcheck(samdb, samdb_schema=samdb, verbose=False, fix=True, yes=True, quiet=True)
+ chk = dbcheck(samdb, samdb_schema=samdb, verbose=False, fix=True, yes=True,
+ quiet=True)
samdb.transaction_start()
- # a small number of GUIDs are missing because of ordering issues in the
- # provision code
- for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']:
- chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn),
- scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory'])
- chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn,
- scope=ldb.SCOPE_ONELEVEL,
- attrs=['ipsecOwnersReference',
- 'ipsecFilterReference',
- 'ipsecISAKMPReference',
- 'ipsecNegotiationPolicyReference',
- 'ipsecNFAReference'])
- samdb.transaction_commit()
+ try:
+ # a small number of GUIDs are missing because of ordering issues in the
+ # provision code
+ for schema_obj in ['CN=Domain', 'CN=Organizational-Person', 'CN=Contact', 'CN=inetOrgPerson']:
+ chk.check_database(DN="%s,%s" % (schema_obj, names.schemadn),
+ scope=ldb.SCOPE_BASE, attrs=['defaultObjectCategory'])
+ chk.check_database(DN="CN=IP Security,CN=System,%s" % names.domaindn,
+ scope=ldb.SCOPE_ONELEVEL,
+ attrs=['ipsecOwnersReference',
+ 'ipsecFilterReference',
+ 'ipsecISAKMPReference',
+ 'ipsecNegotiationPolicyReference',
+ 'ipsecNFAReference'])
+ except:
+ samdb.transaction_cancel()
+ raise
+ else:
+ samdb.transaction_commit()
+
+
+_ROLES_MAP = {
+ "ROLE_STANDALONE": "standalone",
+ "ROLE_DOMAIN_MEMBER": "member server",
+ "ROLE_DOMAIN_BDC": "domain controller",
+ "ROLE_DOMAIN_PDC": "domain controller",
+ "dc": "domain controller",
+ "member": "member server",
+ "domain controller": "domain controller",
+ "member server": "member server",
+ "standalone": "standalone",
+ }
+
+
+def sanitize_server_role(role):
+ """Sanitize a server role name.
+
+ :param role: Server role
+ :raise ValueError: If the role can not be interpreted
+ :return: Sanitized server role (one of "member server",
+ "domain controller", "standalone")
+ """
+ try:
+ return _ROLES_MAP[role]
+ except KeyError:
+ raise ValueError(role)
def provision(logger, session_info, credentials, smbconf=None,
:note: caution, this wipes all existing data!
"""
- roles = {}
- roles["ROLE_STANDALONE"] = "standalone"
- roles["ROLE_DOMAIN_MEMBER"] = "member server"
- roles["ROLE_DOMAIN_BDC"] = "domain controller"
- roles["ROLE_DOMAIN_PDC"] = "domain controller"
- roles["dc"] = "domain controller"
- roles["member"] = "member server"
- roles["domain controller"] = "domain controller"
- roles["member server"] = "member server"
- roles["standalone"] = "standalone"
-
try:
- serverrole = roles[serverrole]
- except KeyError:
+ serverrole = sanitize_server_role(serverrole)
+ except ValueError:
raise ProvisioningError('server role (%s) should be one of "domain controller", "member server", "standalone"' % serverrole)
if ldapadminpass is None:
# Make a new, random password between Samba and it's LDAP server
- ldapadminpass=samba.generate_random_password(128, 255)
+ ldapadminpass = samba.generate_random_password(128, 255)
if backend_type is None:
backend_type = "ldb"
if not os.path.exists(os.path.dirname(smbconf)):
os.makedirs(os.path.dirname(smbconf))
+ server_services = None
+ if dns_backend == "SAMBA_INTERNAL":
+ server_services = ["+dns"]
+
# only install a new smb.conf if there isn't one there already
if os.path.exists(smbconf):
# if Samba Team members can't figure out the weird errors
# loading an empty smb.conf gives, then we need to be smarter.
# Pretend it just didn't exist --abartlet
- data = open(smbconf, 'r').read()
- data = data.lstrip()
+ f = open(smbconf, 'r')
+ try:
+ data = f.read().lstrip()
+ finally:
+ f.close()
if data is None or data == "":
make_smbconf(smbconf, hostname, domain, realm,
- serverrole, targetdir, sid_generator, useeadb,
- lp=lp)
+ targetdir, serverrole=serverrole,
+ sid_generator=sid_generator, eadb=useeadb,
+ lp=lp, server_services=server_services)
else:
- make_smbconf(smbconf, hostname, domain, realm, serverrole,
- targetdir, sid_generator, useeadb, lp=lp)
+ make_smbconf(smbconf, hostname, domain, realm, targetdir,
+ serverrole=serverrole, sid_generator=sid_generator,
+ eadb=useeadb, lp=lp, server_services=server_services)
if lp is None:
lp = samba.param.LoadParm()
# only install a new shares config db if there is none
if not os.path.exists(paths.shareconf):
logger.info("Setting up share.ldb")
- share_ldb = Ldb(paths.shareconf, session_info=session_info,
- lp=lp)
+ share_ldb = Ldb(paths.shareconf, session_info=session_info, lp=lp)
share_ldb.load_ldif_file_add(setup_path("share.ldif"))
logger.info("Setting up secrets.ldb")
try:
logger.info("Setting up the registry")
- setup_registry(paths.hklm, session_info,
- lp=lp)
+ setup_registry(paths.hklm, session_info, lp=lp)
logger.info("Setting up the privileges database")
setup_privileges(paths.privilege, session_info, lp=lp)
logger.info("Setting up idmap db")
- idmap = setup_idmapdb(paths.idmapdb,
- session_info=session_info, lp=lp)
+ idmap = setup_idmapdb(paths.idmapdb, session_info=session_info, lp=lp)
setup_name_mappings(idmap, sid=str(domainsid),
root_uid=root_uid, nobody_uid=nobody_uid,
if serverrole == "domain controller":
if paths.netlogon is None:
- logger.info("Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.")
- logger.info("Please either remove %s or see the template at %s" %
- (paths.smbconf, setup_path("provision.smb.conf.dc")))
- assert paths.netlogon is not None
+ raise MissingShareError("netlogon", paths.smbconf,
+ setup_path("provision.smb.conf.dc"))
if paths.sysvol is None:
- logger.info("Existing smb.conf does not have a [sysvol] share, but you"
- " are configuring a DC.")
- logger.info("Please either remove %s or see the template at %s" %
- (paths.smbconf, setup_path("provision.smb.conf.dc")))
- assert paths.sysvol is not None
+ raise MissingShareError("sysvol", paths.smbconf,
+ setup_path("provision.smb.conf.dc"))
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0755)
+ if adminpass is None:
+ adminpass = samba.generate_random_password(12, 32)
+ adminpass_generated = True
+ else:
+ adminpass_generated = False
+
if samdb_fill == FILL_FULL:
- provision_fill(samdb, secrets_ldb, logger,
- names, paths, schema=schema, targetdir=targetdir,
- samdb_fill=samdb_fill, hostip=hostip, hostip6=hostip6, domainsid=domainsid,
- next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,
- krbtgtpass=krbtgtpass, domainguid=domainguid,
- policyguid=policyguid, policyguid_dc=policyguid_dc,
- invocationid=invocationid, machinepass=machinepass,
- ntdsguid=ntdsguid, dns_backend=dns_backend, dnspass=dnspass,
- serverrole=serverrole, dom_for_fun_level=dom_for_fun_level,
- am_rodc=am_rodc, lp=lp)
+ provision_fill(samdb, secrets_ldb, logger, names, paths,
+ schema=schema, targetdir=targetdir, samdb_fill=samdb_fill,
+ hostip=hostip, hostip6=hostip6, domainsid=domainsid,
+ next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,
+ krbtgtpass=krbtgtpass, domainguid=domainguid,
+ policyguid=policyguid, policyguid_dc=policyguid_dc,
+ invocationid=invocationid, machinepass=machinepass,
+ ntdsguid=ntdsguid, dns_backend=dns_backend,
+ dnspass=dnspass, serverrole=serverrole,
+ dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
+ lp=lp)
create_krb5_conf(paths.krb5conf,
dnsdomain=names.dnsdomain, hostname=names.hostname,
if serverrole == "domain controller":
create_dns_update_list(lp, logger, paths)
- provision_backend.post_setup()
+ backend_result = provision_backend.post_setup()
provision_backend.shutdown()
create_phpldapadmin_config(paths.phpldapadminconfig,
ldapi_url)
- except Exception:
+ except:
secrets_ldb.transaction_cancel()
raise
logger.info("Failed to chown %s to bind gid %u",
dns_keytab_path, paths.bind_gid)
- logger.info("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php",
- paths.phpldapadminconfig)
-
- logger.info("Once the above files are installed, your Samba4 server will be ready to use")
- logger.info("Server Role: %s" % serverrole)
- logger.info("Hostname: %s" % names.hostname)
- logger.info("NetBIOS Domain: %s" % names.domain)
- logger.info("DNS Domain: %s" % names.dnsdomain)
- logger.info("DOMAIN SID: %s" % str(domainsid))
- if samdb_fill == FILL_FULL:
- logger.info("Admin password: %s" % adminpass)
- if provision_backend.type is not "ldb":
- if provision_backend.credentials.get_bind_dn() is not None:
- logger.info("LDAP Backend Admin DN: %s" %
- provision_backend.credentials.get_bind_dn())
- else:
- logger.info("LDAP Admin User: %s" %
- provision_backend.credentials.get_username())
-
- logger.info("LDAP Admin Password: %s" %
- provision_backend.credentials.get_password())
-
- if provision_backend.slapd_command_escaped is not None:
- # now display slapd_command_file.txt to show how slapd must be
- # started next time
- logger.info("Use later the following commandline to start slapd, then Samba:")
- logger.info(provision_backend.slapd_command_escaped)
- logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh",
- provision_backend.ldapdir)
-
result = ProvisionResult()
+ result.server_role = serverrole
result.domaindn = domaindn
result.paths = paths
result.names = names
result.lp = lp
result.samdb = samdb
result.idmap = idmap
+ result.domainsid = str(domainsid)
+
+ if samdb_fill == FILL_FULL:
+ result.adminpass_generated = adminpass_generated
+ result.adminpass = adminpass
+ else:
+ result.adminpass_generated = False
+ result.adminpass = None
+
+ result.backend_result = backend_result
+
return result
serverdn=None, domain=None, hostname=None, domainsid=None,
adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None,
policyguid_dc=None, invocationid=None, machinepass=None, dnspass=None,
- dns_backend=None, root=None, nobody=None, users=None, wheel=None, backup=None,
- serverrole=None, ldap_backend=None, ldap_backend_type=None,
- sitename=None, debuglevel=1):
+ dns_backend=None, root=None, nobody=None, users=None, wheel=None,
+ backup=None, serverrole=None, ldap_backend=None,
+ ldap_backend_type=None, sitename=None, debuglevel=1):
logger = logging.getLogger("provision")
samba.set_debug_level(debuglevel)
class InvalidNetbiosName(Exception):
"""A specified name was not a valid NetBIOS name."""
+
def __init__(self, name):
super(InvalidNetbiosName, self).__init__(
"The name '%r' is not a valid NetBIOS name" % name)
+
+
+class MissingShareError(ProvisioningError):
+
+ def __init__(self, name, smbconf, smbconf_template):
+ super(MissingShareError, self).__init__(
+ "Existing smb.conf does not have a [%s] share, but you are "
+ "configuring a DC. Please either remove %s or see the template "
+ "at %s" % (name, smbconf, smbconf_template))