1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4:provision - Lets the user choose between the supported forest/domain function levels

Adds a parameter "--function-level" which allows to specify the domain and
forest function level.
This commit is contained in:
Matthias Dieter Wallnöfer 2009-09-22 16:59:29 +02:00
parent b2e8519e32
commit cb50af5fe1
2 changed files with 40 additions and 18 deletions

View File

@ -44,7 +44,7 @@ from credentials import Credentials, DONT_USE_KERBEROS
from auth import system_session, admin_session from auth import system_session, admin_session
from samba import version, Ldb, substitute_var, valid_netbios_name from samba import version, Ldb, substitute_var, valid_netbios_name
from samba import check_all_substituted from samba import check_all_substituted
from samba import DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008, DS_DC_FUNCTION_2008_R2 from samba import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008
from samba.samdb import SamDB from samba.samdb import SamDB
from samba.idmap import IDmapDB from samba.idmap import IDmapDB
from samba.dcerpc import security from samba.dcerpc import security
@ -926,22 +926,33 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainsid, domainguid, policyguid, policyguid_dc, domainsid, domainguid, policyguid, policyguid_dc,
fill, adminpass, krbtgtpass, fill, adminpass, krbtgtpass,
machinepass, invocationid, dnspass, machinepass, invocationid, dnspass,
serverrole, schema=None, ldap_backend=None): serverrole, dom_for_fun_level=None,
schema=None, ldap_backend=None):
"""Setup a complete SAM Database. """Setup a complete SAM Database.
:note: This will wipe the main SAM database file! :note: This will wipe the main SAM database file!
""" """
# Do NOT change these default values without discussion with the team and reslease manager. # ATTENTION: Do NOT change these default values without discussion with the
domainFunctionality = DS_DOMAIN_FUNCTION_2008 # team and/or release manager. They have a big impact on the whole program!
forestFunctionality = DS_DOMAIN_FUNCTION_2008
domainControllerFunctionality = DS_DC_FUNCTION_2008 domainControllerFunctionality = DS_DC_FUNCTION_2008
if dom_for_fun_level is None:
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
if dom_for_fun_level < DS_DOMAIN_FUNCTION_2003:
raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level lower than Windows 2003 (Native). This isn't supported!")
if dom_for_fun_level > domainControllerFunctionality:
raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008). This won't work!")
domainFunctionality = dom_for_fun_level
forestFunctionality = dom_for_fun_level
# Also wipes the database # Also wipes the database
setup_samdb_partitions(path, setup_path, message=message, lp=lp, setup_samdb_partitions(path, setup_path, message=message, lp=lp,
credentials=credentials, session_info=session_info, credentials=credentials, session_info=session_info,
names=names, names=names, ldap_backend=ldap_backend,
ldap_backend=ldap_backend, serverrole=serverrole) serverrole=serverrole)
if (schema == None): if (schema == None):
schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn, schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn,
@ -1136,7 +1147,8 @@ def provision(setup_dir, message, session_info,
policyguid=None, policyguid_dc=None, invocationid=None, policyguid=None, policyguid_dc=None, invocationid=None,
machinepass=None, machinepass=None,
dnspass=None, root=None, nobody=None, users=None, dnspass=None, root=None, nobody=None, users=None,
wheel=None, backup=None, aci=None, serverrole=None, wheel=None, backup=None, aci=None, serverrole=None,
dom_for_fun_level=None,
ldap_backend_extra_port=None, ldap_backend_type=None, ldap_backend_extra_port=None, ldap_backend_type=None,
sitename=None, sitename=None,
ol_mmr_urls=None, ol_olc=None, ol_mmr_urls=None, ol_olc=None,
@ -1155,7 +1167,6 @@ def provision(setup_dir, message, session_info,
else: else:
domainsid = security.dom_sid(domainsid) domainsid = security.dom_sid(domainsid)
# create/adapt the group policy GUIDs # create/adapt the group policy GUIDs
if policyguid is None: if policyguid is None:
policyguid = str(uuid.uuid4()) policyguid = str(uuid.uuid4())
@ -1289,7 +1300,9 @@ def provision(setup_dir, message, session_info,
adminpass=adminpass, krbtgtpass=krbtgtpass, adminpass=adminpass, krbtgtpass=krbtgtpass,
invocationid=invocationid, invocationid=invocationid,
machinepass=machinepass, dnspass=dnspass, machinepass=machinepass, dnspass=dnspass,
serverrole=serverrole, ldap_backend=provision_backend) serverrole=serverrole,
dom_for_fun_level=dom_for_fun_level,
ldap_backend=provision_backend)
if serverrole == "domain controller": if serverrole == "domain controller":
if paths.netlogon is None: if paths.netlogon is None:

View File

@ -93,7 +93,10 @@ parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TY
parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true") parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
parser.add_option("--server-role", type="choice", metavar="ROLE", parser.add_option("--server-role", type="choice", metavar="ROLE",
choices=["domain controller", "dc", "member server", "member", "standalone"], choices=["domain controller", "dc", "member server", "member", "standalone"],
help="Set server role to provision for (default standalone)") help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
choices=["2003", "2008", "2008_R2"],
help="The domain and forest function level (2003 | 2008 | 2008_R2). Default is (Windows) 2008 (Native).")
parser.add_option("--partitions-only", parser.add_option("--partitions-only",
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
parser.add_option("--targetdir", type="string", metavar="DIR", parser.add_option("--targetdir", type="string", metavar="DIR",
@ -164,6 +167,15 @@ elif opts.server_role == "member":
else: else:
server_role = opts.server_role server_role = opts.server_role
if opts.function_level is None:
dom_for_fun_level = None
elif opts.function_level == "2003":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
elif opts.function_level == "2008":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
elif opts.function_level == "2008_R2":
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
creds = credopts.get_credentials(lp) creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS) creds.set_kerberos_state(DONT_USE_KERBEROS)
@ -190,12 +202,9 @@ provision(setup_dir, message,
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
wheel=opts.wheel, users=opts.users, wheel=opts.wheel, users=opts.users,
serverrole=server_role, serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
ldap_backend_extra_port=opts.ldap_backend_extra_port, ldap_backend_extra_port=opts.ldap_backend_extra_port,
ldap_backend_type=opts.ldap_backend_type, ldap_backend_type=opts.ldap_backend_type,
ldapadminpass=opts.ldapadminpass, ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
ol_mmr_urls=opts.ol_mmr_urls, slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
slapd_path=opts.slapd_path, nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode)
setup_ds_path=opts.setup_ds_path,
nosync=opts.nosync,
ldap_dryrun_mode=opts.ldap_dryrun_mode)