sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s4-join: Setup correct DNS configuration

Browse Source 
This means we do not need to run samba_upgradedns any more.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 24 18:10:10 CEST 2012 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2012-06-24 21:10:34 +10:00
parent 02cbc3fbb6
commit c983ea8e5d
2 changed files with 71 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
source4/scripting/python/samba/join.py
View File

@ -28,6 +28,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.schema import Schema
from samba.net import Net
from samba.provision.sambadns import setup_bind9_dns
import logging
import talloc
import random
@ -642,7 +643,7 @@ class dc_join(object):
targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="domain controller",
lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6,
dns_backend="BIND9_DLZ")
dns_backend=ctx.dns_backend)
print("Provision OK for domain %s" % ctx.names.dnsdomain)
def join_replicate(ctx):
@ -741,6 +742,9 @@ class dc_join(object):
def join_finalise(ctx):
'''finalise the join, mark us synchronised and setup secrets db'''
logger = logging.getLogger("provision")
logger.addHandler(logging.StreamHandler(sys.stdout))
print "Sending DsReplicateUpdateRefs for all the partitions"
for nc in ctx.full_nc_list:
ctx.send_DsReplicaUpdateRefs(nc)
@ -768,6 +772,15 @@ class dc_join(object):
secure_channel_type=ctx.secure_channel_type,
key_version_number=ctx.key_version_number)
if ctx.dns_backend.startswith("BIND9_"):
dnspass = samba.generate_random_password(128, 255)
setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid),
ctx.names, ctx.paths, ctx.lp, logger,
dns_backend=ctx.dns_backend,
dnspass=dnspass, os_level=ctx.behavior_version,
targetdir=ctx.targetdir)
def join_setup_trusts(ctx):
'''provision the local SAM'''

79
source4/scripting/python/samba/provision/sambadns.py
View File

@ -1011,30 +1011,65 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_back
domainguid, names.ntdsguid, dnsadmins_sid)
if dns_backend.startswith("BIND9_"):
secretsdb_setup_dns(secretsdb, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend,
os_level, site=site, dnspass=dnspass, hostip=hostip, hostip6=hostip6,
targetdir=targetdir)
create_dns_dir(logger, paths)
def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend,
os_level, site=None, dnspass=None, hostip=None, hostip6=None,
targetdir=None):
"""Provision DNS information (assuming BIND9 backend in DC role)
if dns_backend == "BIND9_FLATFILE":
create_zone_file(lp, logger, paths, targetdir, site=site,
dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6,
hostname=names.hostname, realm=names.realm,
domainguid=domainguid, ntdsguid=names.ntdsguid)
:param samdb: LDB object connected to sam.ldb file
:param secretsdb: LDB object connected to secrets.ldb file
:param domainsid: Domain SID (as dom_sid object)
:param names: Names shortcut
:param paths: Paths shortcut
:param lp: Loadparm object
:param logger: Logger object
:param dns_backend: Type of DNS backend
:param os_level: Functional level (treated as os level)
:param site: Site to create hostnames in
:param dnspass: Password for bind's DNS account
:param hostip: IPv4 address
:param hostip6: IPv6 address
:param targetdir: Target directory for creating DNS-related files for BIND9
"""
if dns_backend == "BIND9_DLZ" and os_level >= DS_DOMAIN_FUNCTION_2003:
create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid)
if not is_valid_dns_backend(dns_backend) or not dns_backend.startswith("BIND9_"):
raise Exception("Invalid dns backend: %r" % dns_backend)
create_named_conf(paths, realm=names.realm,
dnsdomain=names.dnsdomain, dns_backend=dns_backend)
if not is_valid_os_level(os_level):
raise Exception("Invalid os level: %r" % os_level)
create_named_txt(paths.namedtxt,
realm=names.realm, dnsdomain=names.dnsdomain,
dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
logger.info("and %s for further documentation required for secure DNS "
"updates", paths.namedtxt)
domaindn = names.domaindn
domainguid = get_domainguid(samdb, domaindn)
secretsdb_setup_dns(secretsdb, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
create_dns_dir(logger, paths)
if dns_backend == "BIND9_FLATFILE":
create_zone_file(lp, logger, paths, targetdir, site=site,
dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6,
hostname=names.hostname, realm=names.realm,
domainguid=domainguid, ntdsguid=names.ntdsguid)
if dns_backend == "BIND9_DLZ" and os_level >= DS_DOMAIN_FUNCTION_2003:
create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid)
create_named_conf(paths, realm=names.realm,
dnsdomain=names.dnsdomain, dns_backend=dns_backend)
create_named_txt(paths.namedtxt,
realm=names.realm, dnsdomain=names.dnsdomain,
dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
logger.info("and %s for further documentation required for secure DNS "
"updates", paths.namedtxt)