my $dnsname;
my $basedn;
my $defaultsite = "Default-First-Site-Name";
+my $usn = 1;
# return the current NTTIME as an integer
sub nttime()
}
my $opt_domainguid = randguid();
-my $hostguid = randguid();
+my $opt_hostguid = randguid();
+my $opt_invocationid = randguid();
sub randsid()
{
return $pass;
}
+my $joinpass = randpass();
+
sub ldaptime()
{
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time);
return randguid();
}
+ if ($var eq "NEWSCHEMAGUID") {
+ return randguid();
+ }
+
if ($var eq "DOMAINGUID") {
return $opt_domainguid;
}
if ($var eq "HOSTGUID") {
- return $hostguid;
+ return $opt_hostguid;
+ }
+
+ if ($var eq "INVOCATIONID") {
+ return $opt_invocationid;
}
if ($var eq "DEFAULTSITE") {
return randpass();
}
+ if ($var eq "JOINPASS") {
+ return $joinpass;
+ }
+
if ($var eq "NTTIME") {
return "" . nttime();
}
return $opt_users;
}
+ if ($var eq "USN") {
+ my $ret = $usn;
+ $usn = $ret + 1;
+ return $ret;
+ }
+
die "ERROR: Uknown substitution variable $var\n";
}
+
+####################################################################
+# substitute all variables in a string
+sub apply_substitutions($)
+{
+ my $data = shift;
+ my $res = "";
+ while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
+ my $sub = substitute($2);
+ $res .= "$1$sub";
+ $data = $3;
+ }
+ $res .= $data;
+ return $res;
+}
+
+
#####################################################################
# write a string into a file
sub FileSave($$)
objectClass: foreignSecurityPrincipal
cn: $sid
description: $desc
-distinguishedName: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN}
instanceType: 4
whenCreated: \${LDAPTIME}
whenChanged: \${LDAPTIME}
Samba4 provisioning
provision.pl [options]
- --realm REALM set realm
- --domain DOMAIN set domain
- --hostname HOSTNAME set hostname
- --hostip IPADDRESS set ipaddress
- --adminpass PASSWORD choose admin password (otherwise random)
- --nobody USERNAME choose 'nobody' user
- --nogroup GROUPNAME choose 'nogroup' group
- --wheel GROUPNAME choose 'wheel' privileged group
- --users GROUPNAME choose 'users' group
+ --realm REALM set realm
+ --domain DOMAIN set domain
+ --domain-guid GUID set domainguid (otherwise random)
+ --domain-sid SID set domainsid (otherwise random)
+ --host-name HOSTNAME set hostname
+ --host-ip IPADDRESS set ipaddress
+ --host-guid GUID set hostguid (otherwise random)
+ --invocationid GUID set invocationid (otherwise random)
+ --adminpass PASSWORD choose admin password (otherwise random)
+ --nobody USERNAME choose 'nobody' user
+ --nogroup GROUPNAME choose 'nogroup' group
+ --wheel GROUPNAME choose 'wheel' privileged group
+ --users GROUPNAME choose 'users' group
You must provide at least a realm and domain
'domain=s' => \$opt_domain,
'domain-guid=s' => \$opt_domainguid,
'domain-sid=s' => \$opt_domainsid,
- 'hostname=s' => \$opt_hostname,
- 'hostip=s' => \$opt_hostip,
+ 'host-name=s' => \$opt_hostname,
+ 'host-ip=s' => \$opt_hostip,
+ 'host-guid=s' => \$opt_hostguid,
+ 'invocationid=s' => \$opt_invocationid,
'adminpass=s' => \$opt_adminpass,
'nobody=s' => \$opt_nobody,
'nogroup=s' => \$opt_nogroup,
print "chose random Administrator password '$opt_adminpass'\n";
}
-my $res = "";
-
-print "applying substitutions ...\n";
+# allow provisioning to be run from the source directory
+$ENV{"PATH"} .= ":bin";
-while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
- my $sub = substitute($2);
- $res .= "$1$sub";
- $data = $3;
-}
-$res .= $data;
-print "saving ldif to newsam.ldif ...\n";
+my $res = apply_substitutions($data);
-FileSave("newsam.ldif", $res);
+my $newdb = "newdb." . int(rand(1000));
-unlink("newsam.ldb");
+print "Putting new database files in $newdb\n";
-print "creating newsam.ldb ...\n";
+mkdir($newdb) || die "Unable to create temporary directory $newdb\n";
-# allow provisioning to be run from the source directory
-$ENV{"PATH"} .= ":bin";
+FileSave("$newdb/sam.ldif", $res);
-system("ldbadd -H newsam.ldb newsam.ldif");
+print "creating $newdb/sam.ldb ...\n";
-print "done\n";
+system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n";
$data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n";
-$res = "";
+$res = apply_substitutions($data);
-print "applying substitutions ...\n";
+FileSave("$newdb/rootdse.ldif", $res);
-while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
- my $sub = substitute($2);
- $res .= "$1$sub";
- $data = $3;
-}
-$res .= $data;
+print "creating $newdb/rootdse.ldb ...\n";
-print "saving ldif to newrootdse.ldif ...\n";
+system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n";
-FileSave("newrootdse.ldif", $res);
+$data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n";
-unlink("newrootdse.ldb");
+$res = apply_substitutions($data);
-print "creating newrootdse.ldb ...\n";
+FileSave("$newdb/secrets.ldif", $res);
-system("ldbadd -H newrootdse.ldb newrootdse.ldif");
+print "creating $newdb/secrets.ldb ...\n";
-print "done\n";
-
-print "generating dns zone file ...\n";
+system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n";
$data = FileLoad("provision.zone") || die "Unable to load provision.zone\n";
-$res = "";
-
-print "applying substitutions ...\n";
-
-while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) {
- my $sub = substitute($2);
- $res .= "$1$sub";
- $data = $3;
-}
-$res .= $data;
+$res = apply_substitutions($data);
-print "saving dns zone to newdns.zone ...\n";
+print "saving dns zone to $newdb/dns.zone ...\n";
FileSave("$dnsdomain.zone", $res);
-print "done\n";
-
-unlink("newhklm.ldb");
-
-print "creating newhklm.ldb ... \n";
-
-system("ldbadd -H newhklm.ldb hklm.ldif");
+print "creating $newdb/hklm.ldb ... \n";
-print "done\n";
+system("ldbadd -H $newdb/hklm.ldb hklm.ldif") == 0 || die "Failed to create hklm.ldb\n";
print "
Installation:
-- Please move newsam.ldb to sam.ldb in the private/ directory of your
+- Please move $newdb/*.ldb to the private/ directory of your
Samba4 installation
-- Please move newrootdse.ldb to rootdse.ldb in the private/ directory
- of your Samba4 installation
-- Please move newhklm.ldb to hklm.ldb in the private/ directory
- of your Samba4 installation
-- Please use $dnsdomain.zone to in BIND dns server
+- Please use $newdb/dnsdomain.zone in BIND on your dns server
";