sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

s4-provision Add support for fixing the DC rid to a particular value

Browse Source 
This will allow an upgraded DC to keep its SID, while being upgraded
to AD.  We also watch for the highest RID in the existing DB to set
next_rid for other additional users.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2011-08-13 13:32:18 +10:00
parent daa78ead19
commit 070b970a9d
2 changed files with 29 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
source4/scripting/python/samba/provision/__init__.py
View File

@ -1069,13 +1069,17 @@ def setup_samdb_rootdse(samdb, names):
def setup_self_join(samdb, names, machinepass, dnspass, def setup_self_join(samdb, names, machinepass, dnspass,
domainsid, next_rid, invocationid, domainsid, next_rid, invocationid,
policyguid, policyguid_dc, domainControllerFunctionality, policyguid, policyguid_dc, domainControllerFunctionality,
ntdsguid): ntdsguid, dc_rid=None):
"""Join a host to its own domain.""" """Join a host to its own domain."""
assert isinstance(invocationid, str) assert isinstance(invocationid, str)
if ntdsguid is not None: if ntdsguid is not None:
ntdsguid_line = "objectGUID: %s\n"%ntdsguid ntdsguid_line = "objectGUID: %s\n"%ntdsguid
else: else:
ntdsguid_line = "" ntdsguid_line = ""
if dc_rid is None:
dc_rid = next_rid
setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
"CONFIGDN": names.configdn, "CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn, "SCHEMADN": names.schemadn,
@ -1086,7 +1090,7 @@ def setup_self_join(samdb, names, machinepass, dnspass,
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
"MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')), "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
"DOMAINSID": str(domainsid), "DOMAINSID": str(domainsid),
"DCRID": str(next_rid), "DCRID": str(dc_rid),
"SAMBA_VERSION_STRING": version, "SAMBA_VERSION_STRING": version,
"NTDSGUID": ntdsguid_line, "NTDSGUID": ntdsguid_line,
"DOMAIN_CONTROLLER_FUNCTIONALITY": str( "DOMAIN_CONTROLLER_FUNCTIONALITY": str(
@ -1175,12 +1179,15 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
logger, domainsid, domainguid, policyguid, policyguid_dc, fill, logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid, adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
serverrole, am_rodc=False, dom_for_fun_level=None, schema=None, serverrole, am_rodc=False, dom_for_fun_level=None, schema=None,
next_rid=1000): next_rid=None, dc_rid=None):
"""Setup a complete SAM Database. """Setup a complete SAM Database.
:note: This will wipe the main SAM database file! :note: This will wipe the main SAM database file!
""" """
if next_rid is None:
next_rid = 1000
# Provision does not make much sense values larger than 1000000000 # Provision does not make much sense values larger than 1000000000
# as the upper range of the rIDAvailablePool is 1073741823 and # as the upper range of the rIDAvailablePool is 1073741823 and
# we don't want to create a domain that cannot allocate rids. # we don't want to create a domain that cannot allocate rids.
@ -1386,14 +1393,15 @@ def setup_samdb(path, session_info, provision_backend, lp, names,
logger.info("Setting up self join") logger.info("Setting up self join")
setup_self_join(samdb, names=names, invocationid=invocationid, setup_self_join(samdb, names=names, invocationid=invocationid,
dnspass=dnspass, dnspass=dnspass,
machinepass=machinepass, machinepass=machinepass,
domainsid=domainsid, domainsid=domainsid,
next_rid=next_rid, next_rid=next_rid,
policyguid=policyguid, dc_rid=dc_rid,
policyguid_dc=policyguid_dc, policyguid=policyguid,
domainControllerFunctionality=domainControllerFunctionality, policyguid_dc=policyguid_dc,
ntdsguid=ntdsguid) domainControllerFunctionality=domainControllerFunctionality,
ntdsguid=ntdsguid)
ntds_dn = "CN=NTDS Settings,%s" % names.serverdn ntds_dn = "CN=NTDS Settings,%s" % names.serverdn
names.ntdsguid = samdb.searchone(basedn=ntds_dn, names.ntdsguid = samdb.searchone(basedn=ntds_dn,
@ -1510,7 +1518,7 @@ def provision(logger, session_info, credentials, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
next_rid=1000, adminpass=None, ldapadminpass=None, krbtgtpass=None, next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None,
domainguid=None, policyguid=None, policyguid_dc=None, domainguid=None, policyguid=None, policyguid_dc=None,
invocationid=None, machinepass=None, ntdsguid=None, dnspass=None, invocationid=None, machinepass=None, ntdsguid=None, dnspass=None,
root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None,
@ -1712,7 +1720,7 @@ def provision(logger, session_info, credentials, smbconf=None,
invocationid=invocationid, machinepass=machinepass, invocationid=invocationid, machinepass=machinepass,
dnspass=dnspass, ntdsguid=ntdsguid, serverrole=serverrole, dnspass=dnspass, ntdsguid=ntdsguid, serverrole=serverrole,
dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc, dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
next_rid=next_rid) next_rid=next_rid, dc_rid=dc_rid)
if serverrole == "domain controller": if serverrole == "domain controller":
if paths.netlogon is None: if paths.netlogon is None:

11
source4/scripting/python/samba/upgrade.py
View File

@ -416,8 +416,9 @@ def upgrade_from_samba3(samba3, logger, session_info, smbconf, targetdir):
# Find machine account and password # Find machine account and password
machinepass = None machinepass = None
machinerid = 2000 machinerid = None
machinesid = None machinesid = None
next_rid = 1000
try: try:
machinepass = secrets_db.get_machine_password(netbiosname) machinepass = secrets_db.get_machine_password(netbiosname)
@ -456,18 +457,22 @@ def upgrade_from_samba3(samba3, logger, session_info, smbconf, targetdir):
userlist = old_passdb.search_users(0) userlist = old_passdb.search_users(0)
userdata = {} userdata = {}
for entry in userlist: for entry in userlist:
if machinesid and machinerid == entry['rid']: if machinerid and machinerid == entry['rid']:
continue continue
username = entry['account_name'] username = entry['account_name']
if entry['rid'] < 1000: if entry['rid'] < 1000:
print("Skipping wellknown rid=%d (for username=%s)\n" % (entry['rid'], username)) print("Skipping wellknown rid=%d (for username=%s)\n" % (entry['rid'], username))
continue continue
if entry['rid'] >= next_rid:
next_rid = entry['rid'] + 1
userdata[username] = old_passdb.getsampwnam(username) userdata[username] = old_passdb.getsampwnam(username)
# Do full provision # Do full provision
result = provision(logger, session_info, None, result = provision(logger, session_info, None,
targetdir=targetdir, realm=realm, domain=domainname, targetdir=targetdir, realm=realm, domain=domainname,
domainsid=domainsid, next_rid=machinerid, domainsid=domainsid, next_rid=next_rid,
dc_rid=machinerid,
hostname=netbiosname, machinepass=machinepass, hostname=netbiosname, machinepass=machinepass,
serverrole=serverrole, samdb_fill=FILL_FULL) serverrole=serverrole, samdb_fill=FILL_FULL)