mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
73388ce54c
The keytab in dns.keytab should (I hope) do the job.
Andrew Bartlett
(This used to be commit af4d331eef
)
172 lines
4.9 KiB
Plaintext
Executable File
172 lines
4.9 KiB
Plaintext
Executable File
#!/bin/sh
|
|
exec smbscript "$0" ${1+"$@"}
|
|
/*
|
|
provision a Samba4 server
|
|
Copyright Andrew Tridgell 2005
|
|
Released under the GNU GPL v2 or later
|
|
*/
|
|
|
|
options = GetOptions(ARGV,
|
|
"POPT_AUTOHELP",
|
|
"POPT_COMMON_SAMBA",
|
|
"POPT_COMMON_VERSION",
|
|
"POPT_COMMON_CREDENTIALS",
|
|
'realm=s',
|
|
'domain=s',
|
|
'domain-guid=s',
|
|
'domain-guid=s',
|
|
'domain-sid=s',
|
|
'policy-guid=s',
|
|
'host-name=s',
|
|
'host-ip=s',
|
|
'host-guid=s',
|
|
'invocationid=s',
|
|
'adminpass=s',
|
|
'krbtgtpass=s',
|
|
'machinepass=s',
|
|
'dnspass=s',
|
|
'root=s',
|
|
'nobody=s',
|
|
'nogroup=s',
|
|
'wheel=s',
|
|
'users=s',
|
|
'quiet',
|
|
'blank',
|
|
'partitions-only',
|
|
'ldap-base',
|
|
'ldap-backend=s',
|
|
'ldap-module=s',
|
|
'aci=s');
|
|
|
|
if (options == undefined) {
|
|
println("Failed to parse options");
|
|
return -1;
|
|
}
|
|
|
|
libinclude("base.js");
|
|
libinclude("provision.js");
|
|
|
|
/*
|
|
print a message if quiet is not set
|
|
*/
|
|
function message()
|
|
{
|
|
if (options["quiet"] == undefined) {
|
|
print(vsprintf(arguments));
|
|
}
|
|
}
|
|
|
|
/*
|
|
show some help
|
|
*/
|
|
function ShowHelp()
|
|
{
|
|
print("
|
|
Samba4 provisioning
|
|
|
|
provision [options]
|
|
--realm REALM set realm
|
|
--domain DOMAIN set domain
|
|
--domain-guid GUID set domainguid (otherwise random)
|
|
--domain-sid SID set domainsid (otherwise random)
|
|
--host-name HOSTNAME set hostname
|
|
--host-ip IPADDRESS set ipaddress
|
|
--host-guid GUID set hostguid (otherwise random)
|
|
--policy-guid GUID set group policy guid (otherwise random)
|
|
--invocationid GUID set invocationid (otherwise random)
|
|
--adminpass PASSWORD choose admin password (otherwise random)
|
|
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
|
|
--machinepass PASSWORD choose machine password (otherwise random)
|
|
--root USERNAME choose 'root' unix username
|
|
--nobody USERNAME choose 'nobody' user
|
|
--nogroup GROUPNAME choose 'nogroup' group
|
|
--wheel GROUPNAME choose 'wheel' privileged group
|
|
--users GROUPNAME choose 'users' group
|
|
--quiet Be quiet
|
|
--blank do not add users or groups, just the structure
|
|
--partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC)
|
|
--ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
|
|
--ldap-backend LDAPSERVER LDAP server to use for this provision
|
|
--ldap-module= MODULE LDB mapping module to use for the LDAP backend
|
|
--aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
|
|
You must provide at least a realm and domain
|
|
|
|
");
|
|
exit(1);
|
|
}
|
|
|
|
if (options['host-name'] == undefined) {
|
|
options['host-name'] = hostname();
|
|
}
|
|
|
|
/*
|
|
main program
|
|
*/
|
|
if (options["realm"] == undefined ||
|
|
options["domain"] == undefined ||
|
|
options["host-name"] == undefined) {
|
|
ShowHelp();
|
|
}
|
|
|
|
/* cope with an initially blank smb.conf */
|
|
var lp = loadparm_init();
|
|
lp.set("realm", options.realm);
|
|
lp.set("workgroup", options.domain);
|
|
lp.reload();
|
|
|
|
var subobj = provision_guess();
|
|
for (r in options) {
|
|
var key = strupper(join("", split("-", r)));
|
|
subobj[key] = options[r];
|
|
}
|
|
|
|
var blank = (options["blank"] != undefined);
|
|
var ldapbase = (options["ldap-base"] != undefined);
|
|
var ldapbackend = (options["ldap-backend"] != undefined);
|
|
var ldapmodule = (options["ldap-module"] != undefined);
|
|
var partitions_only = (options["partitions-only"] != undefined);
|
|
var paths = provision_default_paths(subobj);
|
|
if (options["aci"] != undefined) {
|
|
message("set ACI: %s\n", subobj["ACI"]);
|
|
}
|
|
|
|
message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);
|
|
|
|
provision_fix_subobj(subobj, paths);
|
|
|
|
if (ldapbackend) {
|
|
if (options["ldap-backend"] == "ldapi") {
|
|
subobj.LDAPBACKEND = subobj.LDAPI_URI;
|
|
}
|
|
if (!ldapmodule) {
|
|
subobj.LDAPMODULE = "entryUUID";
|
|
}
|
|
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
|
|
subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
|
|
subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
|
|
subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
|
|
subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
|
|
subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
|
|
message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
|
|
}
|
|
|
|
if (!provision_validate(subobj, message)) {
|
|
return -1;
|
|
}
|
|
|
|
var system_session = system_session();
|
|
var creds = options.get_credentials();
|
|
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
|
|
message("Using administrator password: %s\n", subobj.ADMINPASS);
|
|
if (ldapbase) {
|
|
provision_ldapbase(subobj, message, paths);
|
|
message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
|
|
} else if (partitions_only) {
|
|
provision_become_dc(subobj, message, false, paths, system_session);
|
|
} else {
|
|
provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
|
|
provision_dns(subobj, message, paths, system_session, creds);
|
|
}
|
|
message("All OK\n");
|
|
return 0;
|