mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured
This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
parent
5aa9a6c936
commit
444c9ffad7
@ -1594,7 +1594,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
|
||||
invocationid=None, machinepass=None, ntdsguid=None,
|
||||
dns_backend=None, dnspass=None,
|
||||
serverrole=None, dom_for_fun_level=None,
|
||||
am_rodc=False, lp=None, use_ntvfs=False):
|
||||
am_rodc=False, lp=None, use_ntvfs=False, skip_sysvolacl=True):
|
||||
# create/adapt the group policy GUIDs
|
||||
# Default GUID for default policy are described at
|
||||
# "How Core Group Policy Works"
|
||||
@ -1631,8 +1631,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
|
||||
# policy)
|
||||
create_default_gpo(paths.sysvol, names.dnsdomain, policyguid,
|
||||
policyguid_dc)
|
||||
setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid,
|
||||
domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs)
|
||||
if not skip_sysvolacl:
|
||||
setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid,
|
||||
domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs)
|
||||
|
||||
secretsdb_self_join(secrets_ldb, domain=names.domain,
|
||||
realm=names.realm, dnsdomain=names.dnsdomain,
|
||||
@ -1766,7 +1767,8 @@ def provision(logger, session_info, credentials, smbconf=None,
|
||||
ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false",
|
||||
useeadb=False, am_rodc=False,
|
||||
lp=None, use_ntvfs=False,
|
||||
use_rfc2307=False, maxuid=None, maxgid=None):
|
||||
use_rfc2307=False, maxuid=None, maxgid=None,
|
||||
skip_sysvolacl=True):
|
||||
"""Provision samba4
|
||||
|
||||
:note: caution, this wipes all existing data!
|
||||
@ -2014,7 +2016,8 @@ def provision(logger, session_info, credentials, smbconf=None,
|
||||
ntdsguid=ntdsguid, dns_backend=dns_backend,
|
||||
dnspass=dnspass, serverrole=serverrole,
|
||||
dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
|
||||
lp=lp, use_ntvfs=use_ntvfs)
|
||||
lp=lp, use_ntvfs=use_ntvfs,
|
||||
skip_sysvolacl=skip_sysvolacl)
|
||||
|
||||
create_krb5_conf(paths.krb5conf,
|
||||
dnsdomain=names.dnsdomain, hostname=names.hostname,
|
||||
|
||||
@ -26,7 +26,7 @@ import pwd
|
||||
|
||||
from samba import Ldb, registry
|
||||
from samba.param import LoadParm
|
||||
from samba.provision import provision, FILL_FULL, ProvisioningError
|
||||
from samba.provision import provision, FILL_FULL, ProvisioningError, setsysvolacl
|
||||
from samba.samba3 import passdb
|
||||
from samba.samba3 import param as s3param
|
||||
from samba.dcerpc import lsa, samr, security
|
||||
@ -828,7 +828,7 @@ Please fix this account before attempting to upgrade again
|
||||
hostname=netbiosname.lower(), machinepass=machinepass,
|
||||
serverrole=serverrole, samdb_fill=FILL_FULL,
|
||||
useeadb=useeadb, dns_backend=dns_backend, use_rfc2307=True,
|
||||
use_ntvfs=use_ntvfs)
|
||||
use_ntvfs=use_ntvfs, skip_sysvolacl=True)
|
||||
result.report_logger(logger)
|
||||
|
||||
# Import WINS database
|
||||
@ -902,5 +902,9 @@ Please fix this account before attempting to upgrade again
|
||||
s4_passdb.update_sam_account(admin_userdata)
|
||||
logger.info("Administrator password has been set to password of user '%s'", admin_user)
|
||||
|
||||
if result.server_role == "active directory domain controller":
|
||||
setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol, result.paths.root_uid, result.paths.wheel_gid,
|
||||
security.dom_sid(result.domainsid), result.names.dnsdomain, result.names.domaindn, result.lp, use_ntvfs)
|
||||
|
||||
# FIXME: import_registry(registry.Registry(), samba3.get_registry())
|
||||
# FIXME: shares
|
||||
|
||||
Loading…
Reference in New Issue
Block a user