mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4:provision - Lets the user choose between the supported forest/domain function levels
Adds a parameter "--function-level" which allows to specify the domain and forest function level.
This commit is contained in:
parent
b2e8519e32
commit
cb50af5fe1
@ -44,7 +44,7 @@ from credentials import Credentials, DONT_USE_KERBEROS
|
|||||||
from auth import system_session, admin_session
|
from auth import system_session, admin_session
|
||||||
from samba import version, Ldb, substitute_var, valid_netbios_name
|
from samba import version, Ldb, substitute_var, valid_netbios_name
|
||||||
from samba import check_all_substituted
|
from samba import check_all_substituted
|
||||||
from samba import DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008, DS_DC_FUNCTION_2008_R2
|
from samba import DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008, DS_DC_FUNCTION_2008
|
||||||
from samba.samdb import SamDB
|
from samba.samdb import SamDB
|
||||||
from samba.idmap import IDmapDB
|
from samba.idmap import IDmapDB
|
||||||
from samba.dcerpc import security
|
from samba.dcerpc import security
|
||||||
@ -926,22 +926,33 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
|
|||||||
domainsid, domainguid, policyguid, policyguid_dc,
|
domainsid, domainguid, policyguid, policyguid_dc,
|
||||||
fill, adminpass, krbtgtpass,
|
fill, adminpass, krbtgtpass,
|
||||||
machinepass, invocationid, dnspass,
|
machinepass, invocationid, dnspass,
|
||||||
serverrole, schema=None, ldap_backend=None):
|
serverrole, dom_for_fun_level=None,
|
||||||
|
schema=None, ldap_backend=None):
|
||||||
"""Setup a complete SAM Database.
|
"""Setup a complete SAM Database.
|
||||||
|
|
||||||
:note: This will wipe the main SAM database file!
|
:note: This will wipe the main SAM database file!
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Do NOT change these default values without discussion with the team and reslease manager.
|
# ATTENTION: Do NOT change these default values without discussion with the
|
||||||
domainFunctionality = DS_DOMAIN_FUNCTION_2008
|
# team and/or release manager. They have a big impact on the whole program!
|
||||||
forestFunctionality = DS_DOMAIN_FUNCTION_2008
|
|
||||||
domainControllerFunctionality = DS_DC_FUNCTION_2008
|
domainControllerFunctionality = DS_DC_FUNCTION_2008
|
||||||
|
|
||||||
|
if dom_for_fun_level is None:
|
||||||
|
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
|
||||||
|
if dom_for_fun_level < DS_DOMAIN_FUNCTION_2003:
|
||||||
|
raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level lower than Windows 2003 (Native). This isn't supported!")
|
||||||
|
|
||||||
|
if dom_for_fun_level > domainControllerFunctionality:
|
||||||
|
raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008). This won't work!")
|
||||||
|
|
||||||
|
domainFunctionality = dom_for_fun_level
|
||||||
|
forestFunctionality = dom_for_fun_level
|
||||||
|
|
||||||
# Also wipes the database
|
# Also wipes the database
|
||||||
setup_samdb_partitions(path, setup_path, message=message, lp=lp,
|
setup_samdb_partitions(path, setup_path, message=message, lp=lp,
|
||||||
credentials=credentials, session_info=session_info,
|
credentials=credentials, session_info=session_info,
|
||||||
names=names,
|
names=names, ldap_backend=ldap_backend,
|
||||||
ldap_backend=ldap_backend, serverrole=serverrole)
|
serverrole=serverrole)
|
||||||
|
|
||||||
if (schema == None):
|
if (schema == None):
|
||||||
schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn,
|
schema = Schema(setup_path, domainsid, schemadn=names.schemadn, serverdn=names.serverdn,
|
||||||
@ -1136,7 +1147,8 @@ def provision(setup_dir, message, session_info,
|
|||||||
policyguid=None, policyguid_dc=None, invocationid=None,
|
policyguid=None, policyguid_dc=None, invocationid=None,
|
||||||
machinepass=None,
|
machinepass=None,
|
||||||
dnspass=None, root=None, nobody=None, users=None,
|
dnspass=None, root=None, nobody=None, users=None,
|
||||||
wheel=None, backup=None, aci=None, serverrole=None,
|
wheel=None, backup=None, aci=None, serverrole=None,
|
||||||
|
dom_for_fun_level=None,
|
||||||
ldap_backend_extra_port=None, ldap_backend_type=None,
|
ldap_backend_extra_port=None, ldap_backend_type=None,
|
||||||
sitename=None,
|
sitename=None,
|
||||||
ol_mmr_urls=None, ol_olc=None,
|
ol_mmr_urls=None, ol_olc=None,
|
||||||
@ -1155,7 +1167,6 @@ def provision(setup_dir, message, session_info,
|
|||||||
else:
|
else:
|
||||||
domainsid = security.dom_sid(domainsid)
|
domainsid = security.dom_sid(domainsid)
|
||||||
|
|
||||||
|
|
||||||
# create/adapt the group policy GUIDs
|
# create/adapt the group policy GUIDs
|
||||||
if policyguid is None:
|
if policyguid is None:
|
||||||
policyguid = str(uuid.uuid4())
|
policyguid = str(uuid.uuid4())
|
||||||
@ -1289,7 +1300,9 @@ def provision(setup_dir, message, session_info,
|
|||||||
adminpass=adminpass, krbtgtpass=krbtgtpass,
|
adminpass=adminpass, krbtgtpass=krbtgtpass,
|
||||||
invocationid=invocationid,
|
invocationid=invocationid,
|
||||||
machinepass=machinepass, dnspass=dnspass,
|
machinepass=machinepass, dnspass=dnspass,
|
||||||
serverrole=serverrole, ldap_backend=provision_backend)
|
serverrole=serverrole,
|
||||||
|
dom_for_fun_level=dom_for_fun_level,
|
||||||
|
ldap_backend=provision_backend)
|
||||||
|
|
||||||
if serverrole == "domain controller":
|
if serverrole == "domain controller":
|
||||||
if paths.netlogon is None:
|
if paths.netlogon is None:
|
||||||
|
@ -93,7 +93,10 @@ parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TY
|
|||||||
parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
|
parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
|
||||||
parser.add_option("--server-role", type="choice", metavar="ROLE",
|
parser.add_option("--server-role", type="choice", metavar="ROLE",
|
||||||
choices=["domain controller", "dc", "member server", "member", "standalone"],
|
choices=["domain controller", "dc", "member server", "member", "standalone"],
|
||||||
help="Set server role to provision for (default standalone)")
|
help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
|
||||||
|
parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
|
||||||
|
choices=["2003", "2008", "2008_R2"],
|
||||||
|
help="The domain and forest function level (2003 | 2008 | 2008_R2). Default is (Windows) 2008 (Native).")
|
||||||
parser.add_option("--partitions-only",
|
parser.add_option("--partitions-only",
|
||||||
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
|
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
|
||||||
parser.add_option("--targetdir", type="string", metavar="DIR",
|
parser.add_option("--targetdir", type="string", metavar="DIR",
|
||||||
@ -164,6 +167,15 @@ elif opts.server_role == "member":
|
|||||||
else:
|
else:
|
||||||
server_role = opts.server_role
|
server_role = opts.server_role
|
||||||
|
|
||||||
|
if opts.function_level is None:
|
||||||
|
dom_for_fun_level = None
|
||||||
|
elif opts.function_level == "2003":
|
||||||
|
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
|
||||||
|
elif opts.function_level == "2008":
|
||||||
|
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
|
||||||
|
elif opts.function_level == "2008_R2":
|
||||||
|
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
|
||||||
|
|
||||||
creds = credopts.get_credentials(lp)
|
creds = credopts.get_credentials(lp)
|
||||||
|
|
||||||
creds.set_kerberos_state(DONT_USE_KERBEROS)
|
creds.set_kerberos_state(DONT_USE_KERBEROS)
|
||||||
@ -190,12 +202,9 @@ provision(setup_dir, message,
|
|||||||
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
|
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
|
||||||
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
|
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
|
||||||
wheel=opts.wheel, users=opts.users,
|
wheel=opts.wheel, users=opts.users,
|
||||||
serverrole=server_role,
|
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
|
||||||
ldap_backend_extra_port=opts.ldap_backend_extra_port,
|
ldap_backend_extra_port=opts.ldap_backend_extra_port,
|
||||||
ldap_backend_type=opts.ldap_backend_type,
|
ldap_backend_type=opts.ldap_backend_type,
|
||||||
ldapadminpass=opts.ldapadminpass,
|
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
|
||||||
ol_mmr_urls=opts.ol_mmr_urls,
|
slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
|
||||||
slapd_path=opts.slapd_path,
|
nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode)
|
||||||
setup_ds_path=opts.setup_ds_path,
|
|
||||||
nosync=opts.nosync,
|
|
||||||
ldap_dryrun_mode=opts.ldap_dryrun_mode)
|
|
||||||
|
Loading…
Reference in New Issue
Block a user