2015-10-09 15:06:52 +02:00
# Unix SMB/CIFS implementation
#
# Backend code for provisioning a Samba AD server
#
# Copyright (c) 2015 Andreas Schneider <asn@samba.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from samba . provision . kerberos_implementation import (
2017-05-03 09:19:38 +02:00
kdb_modules_dir )
2017-05-03 09:04:45 +02:00
from samba import is_heimdal_built
2015-10-09 15:06:52 +02:00
import os
2018-07-30 18:20:39 +12:00
2017-05-03 09:19:38 +02:00
def create_kdc_conf ( kdcconf , realm , domain , logdir ) :
2015-10-09 15:06:52 +02:00
2017-05-03 09:04:45 +02:00
if is_heimdal_built ( ) :
2015-10-09 15:06:52 +02:00
return
# Do nothing if kdc.conf has been set
if ' KRB5_KDC_PROFILE ' in os . environ :
return
# We are in selftest
if ' SAMBA_SELFTEST ' in os . environ and ' MITKRB5 ' in os . environ :
return
2017-05-03 09:19:38 +02:00
assert kdcconf is not None
2015-10-09 15:06:52 +02:00
assert domain is not None
domain = domain . upper ( )
assert realm is not None
realm = realm . upper ( )
f = open ( kdcconf , ' w ' )
try :
f . write ( " [kdcdefaults] \n " )
f . write ( " \t kdc_ports = 88 \n " )
f . write ( " \t kdc_tcp_ports = 88 \n " )
f . write ( " \t kadmind_port = 464 \n " )
2021-10-11 10:55:52 +02:00
f . write ( " \t restrict_anonymous_to_tgt = true \n " )
2015-10-09 15:06:52 +02:00
f . write ( " \n " )
f . write ( " [realms] \n " )
f . write ( " \t %s = { \n " % realm )
2021-10-11 10:55:52 +02:00
f . write ( " \t \t master_key_type = aes256-cts \n " )
f . write ( " \t \t default_principal_flags = +preauth \n " )
2015-10-09 15:06:52 +02:00
f . write ( " \t } \n " )
f . write ( " \n " )
f . write ( " \t %s = { \n " % realm . lower ( ) )
2021-10-11 10:55:52 +02:00
f . write ( " \t \t master_key_type = aes256-cts \n " )
f . write ( " \t \t default_principal_flags = +preauth \n " )
2015-10-09 15:06:52 +02:00
f . write ( " \t } \n " )
f . write ( " \n " )
f . write ( " \t %s = { \n " % domain )
2021-10-11 10:55:52 +02:00
f . write ( " \t \t master_key_type = aes256-cts \n " )
f . write ( " \t \t default_principal_flags = +preauth \n " )
2015-10-09 15:06:52 +02:00
f . write ( " \t } \n " )
f . write ( " \n " )
f . write ( " [dbmodules] \n " )
2017-08-06 11:50:55 +02:00
f . write ( " \t db_module_dir = %s \n " % kdb_modules_dir )
2015-10-09 15:06:52 +02:00
f . write ( " \n " )
f . write ( " \t %s = { \n " % realm )
f . write ( " \t \t db_library = samba \n " )
f . write ( " \t } \n " )
f . write ( " \n " )
f . write ( " \t %s = { \n " % realm . lower ( ) )
f . write ( " \t \t db_library = samba \n " )
f . write ( " \t } \n " )
f . write ( " \n " )
f . write ( " \t %s = { \n " % domain )
f . write ( " \t \t db_library = samba \n " )
f . write ( " \t } \n " )
f . write ( " \n " )
f . write ( " [logging] \n " )
f . write ( " \t kdc = FILE: %s /mit_kdc.log \n " % logdir )
f . write ( " \t admin_server = FILE: %s /mit_kadmin.log \n " % logdir )
f . write ( " \n " )
finally :
f . close ( )
