mirror of
https://github.com/samba-team/samba.git
synced 2025-01-13 13:18:06 +03:00
samba-tool domain provision: Use "ad dc functional level" to control max functional level
This allows the DC to self-declare a higher level and so allow a 2016 domain to be created, for testing and controlled implementation purposes. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
parent
5d5fd0129a
commit
f94f174db4
python/samba
@ -105,8 +105,8 @@ class cmd_domain_provision(Command):
|
|||||||
help="The server role (domain controller | dc | member server | member | standalone). Default is dc.",
|
help="The server role (domain controller | dc | member server | member | standalone). Default is dc.",
|
||||||
default="domain controller"),
|
default="domain controller"),
|
||||||
Option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
|
Option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
|
||||||
choices=["2000", "2003", "2008", "2008_R2"],
|
choices=["2000", "2003", "2008", "2008_R2", "2016"],
|
||||||
help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2008_R2 Native.",
|
help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native | 2016). Default is (Windows) 2008_R2 Native.",
|
||||||
default="2008_R2"),
|
default="2008_R2"),
|
||||||
Option("--base-schema", type="choice", metavar="BASE-SCHEMA",
|
Option("--base-schema", type="choice", metavar="BASE-SCHEMA",
|
||||||
choices=["2008_R2", "2008_R2_old", "2012", "2012_R2", "2016", "2019"],
|
choices=["2008_R2", "2008_R2_old", "2012", "2012_R2", "2016", "2019"],
|
||||||
|
@ -126,6 +126,7 @@ from samba.samdb import SamDB
|
|||||||
from samba.dbchecker import dbcheck
|
from samba.dbchecker import dbcheck
|
||||||
from samba.provision.kerberos import create_kdc_conf
|
from samba.provision.kerberos import create_kdc_conf
|
||||||
from samba.samdb import get_default_backend_store
|
from samba.samdb import get_default_backend_store
|
||||||
|
from samba import functional_level
|
||||||
|
|
||||||
DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
|
DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
|
||||||
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9"
|
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9"
|
||||||
@ -1353,15 +1354,16 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
|
|||||||
1000, 1000000000, 1000)
|
1000, 1000000000, 1000)
|
||||||
raise ProvisioningError(error)
|
raise ProvisioningError(error)
|
||||||
|
|
||||||
|
domainControllerFunctionality = functional_level.dc_level_from_lp(lp)
|
||||||
|
|
||||||
# ATTENTION: Do NOT change these default values without discussion with the
|
# ATTENTION: Do NOT change these default values without discussion with the
|
||||||
# team and/or release manager. They have a big impact on the whole program!
|
# team and/or release manager. They have a big impact on the whole program!
|
||||||
domainControllerFunctionality = DS_DOMAIN_FUNCTION_2008_R2
|
|
||||||
|
|
||||||
if dom_for_fun_level is None:
|
if dom_for_fun_level is None:
|
||||||
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
|
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
|
||||||
|
|
||||||
if dom_for_fun_level > domainControllerFunctionality:
|
if dom_for_fun_level > domainControllerFunctionality:
|
||||||
raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008_R2). This won't work!")
|
level = functional_level.level_to_string(domainControllerFunctionality)
|
||||||
|
raise ProvisioningError(f"You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level ({level}). This won't work!")
|
||||||
|
|
||||||
domainFunctionality = dom_for_fun_level
|
domainFunctionality = dom_for_fun_level
|
||||||
forestFunctionality = dom_for_fun_level
|
forestFunctionality = dom_for_fun_level
|
||||||
|
Loading…
Reference in New Issue
Block a user