From c764791100079ed447c07ca6b99d33f9695255c3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 4 Apr 2008 12:25:19 +1100 Subject: Clean up provision and rootdse module to hard-code less stuff. In particular, allow for the server DN to be in a different site (possible outcome of a DRS replication). Andrew Bartlett (This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1) --- source4/scripting/python/samba/provision.py | 42 ++++++++++++++--------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 6917aa1a54..02460070b4 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -265,7 +265,8 @@ def provision_paths_from_lp(lp, dnsdomain): return paths def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None, - rootdn=None, domaindn=None, configdn=None, schemadn=None, sitename=None): + rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None, + sitename=None): if hostname is None: hostname = socket.gethostname().split(".")[0].lower() @@ -332,6 +333,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole= names.netbiosname = netbiosname names.hostname = hostname names.sitename = sitename + names.serverdn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (netbiosname, sitename, configdn) return names @@ -543,9 +545,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, samdb.load_ldif_file_add(setup_path("provision_init.ldif")) message("Setting up sam.ldb rootDSE") - setup_samdb_rootdse(samdb, setup_path, names.schemadn, names.domaindn, names.hostname, - names.dnsdomain, names.realm, names.rootdn, names.configdn, names.netbiosname, - names.sitename) + setup_samdb_rootdse(samdb, setup_path, names) if erase: message("Erasing data from partitions") @@ -656,25 +656,22 @@ def setup_idmapdb(path, setup_path, session_info, credentials, lp): idmap_ldb.load_ldif_file_add(setup_path("idmap_init.ldif")) return idmap_ldb -def setup_samdb_rootdse(samdb, setup_path, schemadn, domaindn, hostname, - dnsdomain, realm, rootdn, configdn, netbiosname, - sitename): +def setup_samdb_rootdse(samdb, setup_path, names): """Setup the SamDB rootdse. :param samdb: Sam Database handle :param setup_path: Obtain setup path """ setup_add_ldif(samdb, setup_path("provision_rootdse_add.ldif"), { - "SCHEMADN": schemadn, - "NETBIOSNAME": netbiosname, - "DNSDOMAIN": dnsdomain, - "DEFAULTSITE": sitename, - "REALM": realm, - "DNSNAME": "%s.%s" % (hostname, dnsdomain), - "DOMAINDN": domaindn, - "ROOTDN": rootdn, - "CONFIGDN": configdn, - "VERSION": samba.version(), + "SCHEMADN": names.schemadn, + "NETBIOSNAME": names.netbiosname, + "DNSDOMAIN": names.dnsdomain, + "REALM": names.realm, + "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), + "DOMAINDN": names.domaindn, + "ROOTDN": names.rootdn, + "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn, }) @@ -879,7 +876,8 @@ FILL_DRS = "DRS" def provision(setup_dir, message, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, - rootdn=None, domaindn=None, schemadn=None, configdn=None, + rootdn=None, domaindn=None, schemadn=None, configdn=None, + serverdn=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, @@ -932,7 +930,8 @@ def provision(setup_dir, message, session_info, names = guess_names(lp=lp, hostname=hostname, domain=domain, dnsdomain=realm, serverrole=serverrole, sitename=sitename, - rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn) + rootdn=rootdn, domaindn=domaindn, configdn=configdn, schemadn=schemadn, + serverdn=serverdn) paths = provision_paths_from_lp(lp, names.dnsdomain) @@ -1064,12 +1063,13 @@ def provision(setup_dir, message, session_info, def provision_become_dc(setup_dir=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, + serverdn=None, domain=None, hostname=None, domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, invocationid=None, machinepass=None, dnspass=None, root=None, nobody=None, nogroup=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, - ldap_backend=None, ldap_backend_type=None, sitename=DEFAULTSITE): + ldap_backend=None, ldap_backend_type=None, sitename=None): def message(text): """print a message if quiet is not set.""" @@ -1077,7 +1077,7 @@ def provision_become_dc(setup_dir=None, provision(setup_dir, message, system_session(), None, smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm, - rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, + rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn, domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename); -- cgit From b2805c50eecddfa4cbd0945e713567eddce05895 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 8 Apr 2008 17:28:25 +1000 Subject: Re-add support for the --ldap-backend-port option to provision-backend This option allows Fedora DS multi-master replication to work. I've tried to update the wiki and scripts to the largely consistant with each other. Andrew Bartlett (This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f) --- source4/scripting/python/samba/provision.py | 42 ++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 13 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 02460070b4..80dcd522df 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -288,7 +288,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole= if lp.get("realm").upper() != realm: raise Exception("realm '%s' in %s must match chosen realm '%s'" % - (lp.get("realm"), smbconf, realm)) + (lp.get("realm"), lp.configfile(), realm)) dnsdomain = dnsdomain.lower() @@ -1045,8 +1045,8 @@ def provision(setup_dir, message, session_info, message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig) - message("Once the above files are installed, your server will be ready to use") - message("Server Type: %s" % serverrole) + message("Once the above files are installed, your Samba4 server will be ready to use") + message("Server Role: %s" % serverrole) message("Hostname: %s" % names.hostname) message("NetBIOS Domain: %s" % names.domain) message("DNS Domain: %s" % names.dnsdomain) @@ -1096,7 +1096,7 @@ def provision_backend(setup_dir=None, message=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, domain=None, hostname=None, adminpass=None, root=None, serverrole=None, - ldap_backend_type=None): + ldap_backend_type=None, ldap_backend_port=None): def setup_path(file): return os.path.join(setup_dir, file) @@ -1144,7 +1144,12 @@ def provision_backend(setup_dir=None, message=None, {"SCHEMADN": names.schemadn}) if ldap_backend_type == "fedora-ds": - setup_file(setup_path("fedora-ds.inf"), paths.fedoradsinf, + if ldap_backend_port is not None: + serverport = "ServerPort=%d" % ldap_backend_port + else: + serverport = "" + + setup_file(setup_path("fedorads.inf"), paths.fedoradsinf, {"ROOT": root, "HOSTNAME": hostname, "DNSDOMAIN": names.dnsdomain, @@ -1152,19 +1157,18 @@ def provision_backend(setup_dir=None, message=None, "DOMAINDN": names.domaindn, "LDAPMANAGERDN": names.ldapmanagerdn, "LDAPMANAGERPASS": adminpass, - "SERVERPORT": ""}) + "SERVERPORT": serverport}) - setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, + setup_file(setup_path("fedorads-partitions.ldif"), paths.fedoradspartitions, {"CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, }) - setup_file(setup_path("fedora-partitions.ldif"), paths.fedoradspartitions, - {"CONFIGDN": names.configdn, - "SCHEMADN": names.schemadn, - }) mapping = "schema-map-fedora-ds-1.0" backend_schema = "99_ad.ldif" + + slapdcommand="Initailise Fedora DS with: setup-ds.pl --file=%s" % paths.fedoradsinf + elif ldap_backend_type == "openldap": attrs = ["linkID", "lDAPDisplayName"] res = schemadb.search(expression="(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", base=names.schemadn, scope=SCOPE_SUBTREE, attrs=attrs); @@ -1215,14 +1219,26 @@ refint_attributes""" + refint_attributes + "\n"; ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") - message("Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri) - + if ldap_backend_port is not None: + server_port_string = " -h ldap://0.0.0.0:%d" % ldap_backend_port + else: + server_port_string = "" + slapdcommand="Start slapd with: slapd -f " + paths.ldapdir + "/slapd.conf -h " + ldapi_uri + server_port_string schema_command = "bin/ad2oLschema --option=convert:target=" + ldap_backend_type + " -I " + setup_path(mapping) + " -H tdb://" + schemadb_path + " -O " + os.path.join(paths.ldapdir, backend_schema); os.system(schema_command) + message("Your %s Backend for Samba4 is now configured, and is ready to be started" % ( ldap_backend_type) ) + message("Server Role: %s" % serverrole) + message("Hostname: %s" % names.hostname) + message("DNS Domain: %s" % names.dnsdomain) + message("Base DN: %s" % names.domaindn) + message("LDAP admin DN: %s" % names.ldapmanagerdn) + message("LDAP admin password: %s" % adminpass) + message(slapdcommand) + def create_phpldapadmin_config(path, setup_path, ldapi_uri): """Create a PHP LDAP admin configuration file. -- cgit From ac10ac62c1e9b64280f3566425af08210d57bb04 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 9 Apr 2008 03:51:41 +0200 Subject: Add docstring, PEP8. (This used to be commit f8cac3735c9a19baa313c4b61abee144da303ce1) --- source4/scripting/python/samba/provision.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 80dcd522df..c9cdcdb768 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -264,9 +264,11 @@ def provision_paths_from_lp(lp, dnsdomain): return paths + def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None, rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None, sitename=None): + """Guess configuration settings to use.""" if hostname is None: hostname = socket.gethostname().split(".")[0].lower() @@ -400,6 +402,7 @@ def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrol return lp + def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, users_gid, wheel_gid): """setup reasonable name mappings for sam names to unix names. @@ -425,6 +428,7 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, idmap.setup_name_mapping(sid + "-500", idmap.TYPE_UID, root_uid) idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid) + def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, credentials, names, serverrole, ldap_backend=None, @@ -637,6 +641,7 @@ def setup_registry(path, setup_path, session_info, credentials, lp): assert os.path.exists(provision_reg) reg.diff_apply(provision_reg) + def setup_idmapdb(path, setup_path, session_info, credentials, lp): """Setup the idmap database. @@ -656,6 +661,7 @@ def setup_idmapdb(path, setup_path, session_info, credentials, lp): idmap_ldb.load_ldif_file_add(setup_path("idmap_init.ldif")) return idmap_ldb + def setup_samdb_rootdse(samdb, setup_path, names): """Setup the SamDB rootdse. @@ -1060,6 +1066,7 @@ def provision(setup_dir, message, session_info, result.samdb = samdb return result + def provision_become_dc(setup_dir=None, smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, @@ -1081,7 +1088,11 @@ def provision_become_dc(setup_dir=None, domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename); -def setup_db_config(setup_path, file, dbdir): +def setup_db_config(setup_path, dbdir): + """Setup a Berkeley database. + + :param setup_path: Setup path function. + :param dbdir: Database directory.""" if not os.path.isdir(os.path.join(dbdir, "bdb-logs")): os.makedirs(os.path.join(dbdir, "bdb-logs"), 0700); if not os.path.isdir(os.path.join(dbdir, "tmp")): @@ -1211,12 +1222,11 @@ refint_attributes""" + refint_attributes + "\n"; setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "user")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "config")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "db", "schema")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "user")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "config")) + setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "schema")) mapping = "schema-map-openldap-2.3" backend_schema = "backend-schema.schema" - ldapi_uri = "ldapi://" + urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") if ldap_backend_port is not None: -- cgit From 9d2948f4bd5f196904d27c67bf4f0baf7eaefcb0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 9 Apr 2008 14:57:57 +1000 Subject: Don't fill in the secrets DB unless we make the entries. Leave filling in (we still initialise it) the secrets DB for the join or vampire code. Andrew Bartlett (This used to be commit c93208c13ce91b334eadf0ea02fa41354e761e97) --- source4/scripting/python/samba/provision.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index c9cdcdb768..7b4fdb772c 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1011,13 +1011,6 @@ def provision(setup_dir, message, session_info, os.makedirs(os.path.join(policy_path, "User"), 0755) if not os.path.isdir(paths.netlogon): os.makedirs(paths.netlogon, 0755) - secrets_ldb = Ldb(paths.secrets, session_info=session_info, - credentials=credentials, lp=lp) - secretsdb_become_dc(secrets_ldb, setup_path, domain=domain, realm=names.realm, - netbiosname=names.netbiosname, domainsid=domainsid, - keytab_path=paths.keytab, samdb_url=paths.samdb, - dns_keytab_path=paths.dns_keytab, dnspass=dnspass, - machinepass=machinepass, dnsdomain=names.dnsdomain) if samdb_fill == FILL_FULL: setup_name_mappings(samdb, idmap, str(domainsid), names.domaindn, @@ -1029,6 +1022,14 @@ def provision(setup_dir, message, session_info, # Only make a zone file on the first DC, it should be replicated with DNS replication if serverrole == "domain controller": + secrets_ldb = Ldb(paths.secrets, session_info=session_info, + credentials=credentials, lp=lp) + secretsdb_become_dc(secrets_ldb, setup_path, domain=domain, realm=names.realm, + netbiosname=names.netbiosname, domainsid=domainsid, + keytab_path=paths.keytab, samdb_url=paths.samdb, + dns_keytab_path=paths.dns_keytab, dnspass=dnspass, + machinepass=machinepass, dnsdomain=names.dnsdomain) + samdb = SamDB(paths.samdb, session_info=session_info, credentials=credentials, lp=lp) -- cgit From b202b6e7d45cebd9b34c8d319e75f423291b30a0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 9 Apr 2008 15:32:49 +1000 Subject: Fix up provision to specify SERVERDN in more places. Andrew Bartlett (This used to be commit d01d542502f25d6c731204ecb3d33720a1706581) --- source4/scripting/python/samba/provision.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 7b4fdb772c..ff76681c13 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -690,6 +690,7 @@ def setup_self_join(samdb, names, "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, "DOMAINDN": names.domaindn, + "SERVERDN": names.serverdn, "INVOCATIONID": invocationid, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": names.sitename, @@ -773,6 +774,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": names.sitename, "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn, "POLICYGUID": policyguid, "DOMAINDN": names.domaindn, "DOMAINGUID_MOD": domainguid_mod, @@ -803,6 +805,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": names.sitename, "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn }) message("Setting up sam.ldb Samba4 schema") @@ -821,6 +824,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "DOMAIN": names.domain, "SCHEMADN": names.schemadn, "DOMAINDN": names.domaindn, + "SERVERDN": names.serverdn }) message("Setting up display specifiers") @@ -845,6 +849,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": names.sitename, "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn }) if fill == FILL_FULL: -- cgit From ad8e3e41923e20d401294eccd4da028e0f40c904 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 10 Apr 2008 05:23:17 +0200 Subject: Add infrastructure for returning ProvisionResult in C provision code. (This used to be commit 98c3d34eb233be284e8c8994cca337be25c72968) --- source4/scripting/python/samba/provision.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index c9cdcdb768..ccf67a0b4a 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1082,7 +1082,7 @@ def provision_become_dc(setup_dir=None, """print a message if quiet is not set.""" print text - provision(setup_dir, message, system_session(), None, + return provision(setup_dir, message, system_session(), None, smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS, realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn, configdn=configdn, serverdn=serverdn, domain=domain, hostname=hostname, hostip="127.0.0.1", domainsid=domainsid, machinepass=machinepass, serverrole="domain controller", sitename=sitename); -- cgit From 393007315d56d72cd4ebccc204da703b27eb968b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Apr 2008 19:04:43 +1000 Subject: Far less cryptic traceback when you have an existing smb.conf When the user has an existing smb.conf, but no [netlogon] or [sysvol] share, the provision script would trigger a traceback. While we still need to abort in this situation, we do so now with a useful error. Andrew Bartlett (This used to be commit 10a8b7ea487f9725f69b02c4dd9cf5e1f67a23ab) --- source4/scripting/python/samba/provision.py | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 16b1eb2156..4f264b6fc9 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -87,6 +87,7 @@ class ProvisionNames: self.domain = None self.hostname = None self.sitename = None + self.smbconf = None class ProvisionResult: def __init__(self): @@ -262,6 +263,8 @@ def provision_paths_from_lp(lp, dnsdomain): paths.netlogon = lp.get("path", "netlogon") + paths.smbconf = lp.configfile() + return paths @@ -1009,12 +1012,24 @@ def provision(setup_dir, message, session_info, ldap_backend_type=ldap_backend_type) if lp.get("server role") == "domain controller": - policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies", - "{" + policyguid + "}") - os.makedirs(policy_path, 0755) - os.makedirs(os.path.join(policy_path, "Machine"), 0755) - os.makedirs(os.path.join(policy_path, "User"), 0755) - if not os.path.isdir(paths.netlogon): + if paths.netlogon is None: + message("Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.") + message("Please either remove %s or see the template at %s" % + ( paths.smbconf, setup_path("provision.smb.conf.dc"))) + assert(paths.netlogon is not None) + + if paths.sysvol is None: + message("Existing smb.conf does not have a [sysvol] share, but you are configuring a DC.") + message("Please either remove %s or see the template at %s" % + (paths.smbconf, setup_path("provision.smb.conf.dc"))) + assert(paths.sysvol is not None) + + policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies", + "{" + policyguid + "}") + os.makedirs(policy_path, 0755) + os.makedirs(os.path.join(policy_path, "Machine"), 0755) + os.makedirs(os.path.join(policy_path, "User"), 0755) + if not os.path.isdir(paths.netlogon): os.makedirs(paths.netlogon, 0755) if samdb_fill == FILL_FULL: -- cgit From e44f0e7b75a15e61427a6520999d0d79b78e9d2a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Apr 2008 19:33:52 +1000 Subject: Don't reopen the sam.ldb again Andrew Bartlett (This used to be commit b51b8a2d846284de4dff736fc18cf747c188de96) --- source4/scripting/python/samba/provision.py | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 4f264b6fc9..a8d188e7a3 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -741,8 +741,6 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, return samdb message("Pre-loading the Samba 4 and AD schema") - samdb = SamDB(path, session_info=session_info, - credentials=credentials, lp=lp) samdb.set_domain_sid(domainsid) if serverrole == "domain controller": samdb.set_invocation_id(invocationid) -- cgit From f8f4856ab7330db865d1a35abff3ccaf2ac277ba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Apr 2008 15:52:52 +0200 Subject: Fix provision-backend script Andrew Bartlett (This used to be commit ee6e4f8da229ddeca856a6db94236367aae06f63) --- source4/scripting/python/samba/provision.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index a8d188e7a3..45965a2429 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1166,6 +1166,7 @@ def provision_backend(setup_dir=None, message=None, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": DEFAULTSITE, "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn }) setup_add_ldif(schemadb, setup_path("schema_samba4.ldif"), @@ -1241,9 +1242,9 @@ refint_attributes""" + refint_attributes + "\n"; setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "user")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "config")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "schema")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, "user")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, "config")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, "schema")) mapping = "schema-map-openldap-2.3" backend_schema = "backend-schema.schema" -- cgit From 2ddd23a8754258b7322f37a0e0b97587b23f338b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Apr 2008 17:10:47 +0200 Subject: Re-add 'db' subdirectory for LDAP backend provision Andrew Bartlett (This used to be commit 19890c0d15adf4f099365f276a4bfdd3f4de52b6) --- source4/scripting/python/samba/provision.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 45965a2429..0e8840646c 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1242,9 +1242,9 @@ refint_attributes""" + refint_attributes + "\n"; setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) - setup_db_config(setup_path, os.path.join(paths.ldapdir, "user")) - setup_db_config(setup_path, os.path.join(paths.ldapdir, "config")) - setup_db_config(setup_path, os.path.join(paths.ldapdir, "schema")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, os.path.join("db", "user"))) + setup_db_config(setup_path, os.path.join(paths.ldapdir, os.path.join("db", "config"))) + setup_db_config(setup_path, os.path.join(paths.ldapdir, os.path.join("db", "schema"))) mapping = "schema-map-openldap-2.3" backend_schema = "backend-schema.schema" -- cgit From 5319d9620b9ef68b3687d76aeaba5fa5d5c57a18 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 11 May 2008 03:31:26 +0200 Subject: Use consistent function names with the standard Python uuid module that is available in >= 2.4. (This used to be commit 60d458e3195eef6baf655fee0da7c3f68517e8e6) --- source4/scripting/python/samba/provision.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 0e8840646c..60fa22e6c4 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -910,7 +910,7 @@ def provision(setup_dir, message, session_info, domainsid = security.Sid(domainsid) if policyguid is None: - policyguid = uuid.random() + policyguid = uuid.uuid4() if adminpass is None: adminpass = misc.random_password(12) if krbtgtpass is None: @@ -960,7 +960,7 @@ def provision(setup_dir, message, session_info, assert serverrole in ("domain controller", "member server", "standalone") if invocationid is None and serverrole == "domain controller": - invocationid = uuid.random() + invocationid = uuid.uuid4() if not os.path.exists(paths.private_dir): os.mkdir(paths.private_dir) -- cgit From 251f6bd99159337b24b8aa8298a5c98de153bce0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 11 May 2008 04:36:37 +0200 Subject: make sure to always use string version of uuid rather than object. (This used to be commit bcd5fc7dc9899deb9fa84fdeeb21ed2ddb921308) --- source4/scripting/python/samba/provision.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 60fa22e6c4..ad8eb8bffd 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -689,6 +689,7 @@ def setup_self_join(samdb, names, domainsid, invocationid, setup_path, policyguid): """Join a host to its own domain.""" + assert isinstance(invocationid, str) setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, @@ -910,7 +911,7 @@ def provision(setup_dir, message, session_info, domainsid = security.Sid(domainsid) if policyguid is None: - policyguid = uuid.uuid4() + policyguid = str(uuid.uuid4()) if adminpass is None: adminpass = misc.random_password(12) if krbtgtpass is None: @@ -960,7 +961,7 @@ def provision(setup_dir, message, session_info, assert serverrole in ("domain controller", "member server", "standalone") if invocationid is None and serverrole == "domain controller": - invocationid = uuid.uuid4() + invocationid = str(uuid.uuid4()) if not os.path.exists(paths.private_dir): os.mkdir(paths.private_dir) -- cgit From 25ea110c3814abcb824adb3619a44622ba8d2936 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Sat, 17 May 2008 23:24:48 -0500 Subject: provision: Create instructions for enabling DNS GSS-TSIG updates. Added code to the python provisioning to create the named.conf file that was previously generated by the EJS provisioning. Updated the named.conf template to provide the additional details necessary to get things working. (This used to be commit 0b7a6bfcba1b906dc4d461882b4c3fe3c91c44e0) --- source4/scripting/python/samba/provision.py | 32 ++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index ad8eb8bffd..4818a79f00 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -236,6 +236,7 @@ def provision_paths_from_lp(lp, dnsdomain): paths.secrets = os.path.join(paths.private_dir, lp.get("secrets database") or "secrets.ldb") paths.templates = os.path.join(paths.private_dir, "templates.ldb") paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone") + paths.namedconf = os.path.join(paths.private_dir, "named.conf") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") paths.phpldapadminconfig = os.path.join(paths.private_dir, @@ -1059,12 +1060,14 @@ def provision(setup_dir, message, session_info, scope=SCOPE_SUBTREE) assert isinstance(hostguid, str) - create_zone_file(paths.dns, setup_path, samdb, + create_zone_file(paths.dns, paths.namedconf, setup_path, samdb, hostname=names.hostname, hostip=hostip, hostip6=hostip6, dnsdomain=names.dnsdomain, domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, - domainguid=domainguid, hostguid=hostguid) + domainguid=domainguid, hostguid=hostguid, + private_dir=paths.private_dir, keytab_name=paths.dns_keytab) message("Please install the zone located in %s into your DNS server" % paths.dns) + message("See %s if you want to use secure GSS-TSIG updates" % paths.namedconf) create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) @@ -1281,12 +1284,18 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri): {"S4_LDAPI_URI": ldapi_uri}) -def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, - hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid): +def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaindn, + hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid, + private_dir, keytab_name): """Write out a DNS zone file, from the info in the current database. + + Also writes a file with stubs appropriate for a DNS configuration file + (including GSS-TSIG configuration), and details as to some of the other + configuration changes that may be necessary. - :param path: Path of the new file. - :param setup_path": Setup path function. + :param path_zone: Path of the new zone file. + :param path_conf: Path of the config stubs file. + :param setup_path: Setup path function. :param samdb: SamDB object :param dnsdomain: DNS Domain name :param domaindn: DN of the Domain @@ -1307,7 +1316,7 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, hostip6_base_line = " IN AAAA " + hostip6 hostip6_host_line = hostname + " IN AAAA " + hostip6 - setup_file(setup_path("provision.zone"), path, { + setup_file(setup_path("provision.zone"), path_zone, { "DNSPASS_B64": b64encode(dnspass), "HOSTNAME": hostname, "DNSDOMAIN": dnsdomain, @@ -1321,6 +1330,15 @@ def create_zone_file(path, setup_path, samdb, dnsdomain, domaindn, "HOSTIP6_HOST_LINE": hostip6_host_line, }) + setup_file(setup_path("named.conf"), path_conf, { + "DNSDOMAIN": dnsdomain, + "REALM": realm, + "REALM_WC": "*." + ".".join(realm.split(".")[1:]), + "HOSTNAME": hostname, + "DNS_KEYTAB": keytab_name, + "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name), + }) + def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): """Load schema for the SamDB. -- cgit From bf3f3af92677bce8f03b0dd2be552d6c8c730ca1 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Wed, 21 May 2008 18:12:36 -0500 Subject: provision: Generate krb5.conf template separate from named.conf template. (This used to be commit ebf130e9e57b640129cf0d05dbd7d210b71ea371) --- source4/scripting/python/samba/provision.py | 74 ++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 22 deletions(-) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 4818a79f00..69c7e8846d 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -237,6 +237,7 @@ def provision_paths_from_lp(lp, dnsdomain): paths.templates = os.path.join(paths.private_dir, "templates.ldb") paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone") paths.namedconf = os.path.join(paths.private_dir, "named.conf") + paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") paths.phpldapadminconfig = os.path.join(paths.private_dir, @@ -1059,16 +1060,23 @@ def provision(setup_dir, message, session_info, expression="(&(objectClass=computer)(cn=%s))" % names.hostname, scope=SCOPE_SUBTREE) assert isinstance(hostguid, str) - - create_zone_file(paths.dns, paths.namedconf, setup_path, samdb, - hostname=names.hostname, hostip=hostip, - hostip6=hostip6, dnsdomain=names.dnsdomain, - domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, - domainguid=domainguid, hostguid=hostguid, - private_dir=paths.private_dir, keytab_name=paths.dns_keytab) + + create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain, + domaindn=names.domaindn, hostip=hostip, + hostip6=hostip6, hostname=names.hostname, + dnspass=dnspass, realm=names.realm, + domainguid=domainguid, hostguid=hostguid) message("Please install the zone located in %s into your DNS server" % paths.dns) - message("See %s if you want to use secure GSS-TSIG updates" % paths.namedconf) - + + create_named_conf(paths.namedconf, setup_path, realm=names.realm, + dnsdomain=names.dnsdomain, private_dir=paths.private_dir, + keytab_name=paths.dns_keytab) + message("See %s for example configuration statements for secure GSS-TSIG updates" % paths.namedconf) + + create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain, + hostname=names.hostname, realm=names.realm) + message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf) + create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) @@ -1284,19 +1292,12 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri): {"S4_LDAPI_URI": ldapi_uri}) -def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaindn, - hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid, - private_dir, keytab_name): +def create_zone_file(path, setup_path, dnsdomain, domaindn, + hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid): """Write out a DNS zone file, from the info in the current database. - Also writes a file with stubs appropriate for a DNS configuration file - (including GSS-TSIG configuration), and details as to some of the other - configuration changes that may be necessary. - - :param path_zone: Path of the new zone file. - :param path_conf: Path of the config stubs file. + :param path: Path of the new zone file. :param setup_path: Setup path function. - :param samdb: SamDB object :param dnsdomain: DNS Domain name :param domaindn: DN of the Domain :param hostip: Local IPv4 IP @@ -1316,7 +1317,7 @@ def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaind hostip6_base_line = " IN AAAA " + hostip6 hostip6_host_line = hostname + " IN AAAA " + hostip6 - setup_file(setup_path("provision.zone"), path_zone, { + setup_file(setup_path("provision.zone"), path, { "DNSPASS_B64": b64encode(dnspass), "HOSTNAME": hostname, "DNSDOMAIN": dnsdomain, @@ -1330,15 +1331,44 @@ def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaind "HOSTIP6_HOST_LINE": hostip6_host_line, }) - setup_file(setup_path("named.conf"), path_conf, { +def create_named_conf(path, setup_path, realm, dnsdomain, + private_dir, keytab_name): + """Write out a file containing zone statements suitable for inclusion in a + named.conf file (including GSS-TSIG configuration). + + :param path: Path of the new named.conf file. + :param setup_path: Setup path function. + :param realm: Realm name + :param dnsdomain: DNS Domain name + :param private_dir: Path to private directory + :param keytab_name: File name of DNS keytab file + """ + + setup_file(setup_path("named.conf"), path, { "DNSDOMAIN": dnsdomain, "REALM": realm, "REALM_WC": "*." + ".".join(realm.split(".")[1:]), - "HOSTNAME": hostname, "DNS_KEYTAB": keytab_name, "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name), }) +def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm): + """Write out a file containing zone statements suitable for inclusion in a + named.conf file (including GSS-TSIG configuration). + + :param path: Path of the new named.conf file. + :param setup_path: Setup path function. + :param dnsdomain: DNS Domain name + :param hostname: Local hostname + :param realm: Realm name + """ + + setup_file(setup_path("krb5.conf"), path, { + "DNSDOMAIN": dnsdomain, + "HOSTNAME": hostname, + "REALM": realm, + }) + def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename): """Load schema for the SamDB. -- cgit From c401aa93573460f10256218a6a1902839b17b884 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 22 May 2008 17:42:18 +0200 Subject: Use restructuredText formatting for docstrings. (This used to be commit 0cc58decd74d20f3d7dff93ddef1c8bce4d49ad0) --- source4/scripting/python/samba/provision.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/scripting/python/samba/provision.py') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 69c7e8846d..68b43eff40 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -43,6 +43,8 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, \ """Functions for setting up a Samba configuration.""" +__docformat__ = "restructuredText" + DEFAULTSITE = "Default-First-Site-Name" class InvalidNetbiosName(Exception): -- cgit