import samba.getopt as options
from samba.netcmd import Command, CommandError, Option
+
class cmd_testparm(Command):
"""Syntax check the configuration file."""
# These are harder to do with the new code structure
Option("--show-all-parameters", action="store_true", default=False,
help="Show the parameters, type, possible values")
- ]
+ ]
takes_args = []
try:
lp = sambaopts.get_loadparm()
- except RuntimeError, err:
+ except RuntimeError as err:
raise CommandError(err)
# We need this to force the output
else:
if section_name is not None or parameter_name is not None:
if parameter_name is None:
- lp[section_name].dump(sys.stdout, lp.default_service,
- verbose)
+ try:
+ section = lp[section_name]
+ except KeyError:
+ if section_name in ['global', 'globals']:
+ lp.dump_globals()
+ else:
+ raise CommandError(f"Unknown section {section_name}")
+ else:
+ section.dump(lp.default_service, verbose)
else:
- lp.dump_a_parameter(sys.stdout, parameter_name, section_name)
+ try:
+ lp.dump_a_parameter(parameter_name, section_name)
+ except RuntimeError as e:
+ raise CommandError(e)
else:
if not suppress_prompt:
self.outf.write("Press enter to see a dump of your service definitions\n")
sys.stdin.readline()
- lp.dump(sys.stdout, verbose)
+ lp.dump(verbose)
if valid:
return
else:
valid = False
role = lp.get("server role")
- charset = lp.get("unix charset").upper()
- if role in ["active directory domain controller", "domain controller", "dc"] and charset not in ["UTF-8", "UTF8"]:
+ if role in ["active directory domain controller", "domain controller", "dc"]:
+ charset = lp.get("unix charset").upper()
+ if charset not in ["UTF-8", "UTF8"]:
+ logger.warning(
+ "When acting as Active Directory domain controller, "
+ "unix charset is expected to be UTF-8.")
+ vfsobjects = lp.get("vfs objects")
+ if vfsobjects:
+ for entry in ['dfs_samba4', 'acl_xattr']:
+ if entry not in vfsobjects:
+ logger.warning(
+ "When acting as Active Directory domain controller, " +
+ entry + " should be in vfs objects.")
+
+ strong_auth = lp.get("ldap server require strong auth")
+ if strong_auth == "allow_sasl_over_tls":
logger.warning(
- "When acting as Active Directory domain controller, "
- "unix charset is expected to be UTF-8.")
+ "WARNING: You have not configured "
+ "'ldap server require strong auth = "
+ "allow_sasl_over_tls'.\n"
+ "Please change to 'yes' (preferred) or "
+ "'allow_sasl_without_tls_channel_bindings' "
+ "(if really needed).")
return valid
# this is totally ugly, a real `quick' hack
for s in lp.services():
if (self.allow_access(lp.get("hosts deny"), lp.get("hosts allow"), cname,
- caddr) and
+ caddr) and
self.allow_access(lp.get("hosts deny", s), lp.get("hosts allow", s),
- cname, caddr)):
+ cname, caddr)):
logger.info("Allow connection from %s (%s) to %s", cname, caddr, s)
else:
logger.info("Deny connection from %s (%s) to %s", cname, caddr, s)