from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.schema import Schema
from samba.net import Net
+from samba.provision.sambadns import setup_bind9_dns
import logging
import talloc
import random
def __init__(ctx, server=None, creds=None, lp=None, site=None,
netbios_name=None, targetdir=None, domain=None,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
ctx.creds = creds
ctx.lp = lp
ctx.site = site
ctx.netbios_name = netbios_name
ctx.targetdir = targetdir
ctx.use_ntvfs = use_ntvfs
+ if dns_backend is None:
+ ctx.dns_backend = "NONE"
+ else:
+ ctx.dns_backend = dns_backend
+
+ ctx.nc_list = []
+ ctx.full_nc_list = []
ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
if ctx.RODC:
rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn
- rec["msDS-HasFullReplicaNCs"] = nc_list
+ rec["msDS-HasFullReplicaNCs"] = ctx.nc_list
rec["options"] = "37"
ctx.samdb.add(rec, ["rodc_join:1:1"])
else:
rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
rec["HasMasterNCs"] = nc_list
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
- rec["msDS-HasMasterNCs"] = nc_list
+ rec["msDS-HasMasterNCs"] = ctx.nc_list
rec["options"] = "1"
rec["invocationId"] = ndr_pack(ctx.invocation_id)
ctx.DsAddEntry([rec])
rec2["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
rec2["HasMasterNCs"] = nc_list
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
- rec2["msDS-HasMasterNCs"] = nc_list
+ rec2["msDS-HasMasterNCs"] = ctx.nc_list
rec2["options"] = "1"
rec2["invocationId"] = ndr_pack(ctx.invocation_id)
hostname=ctx.myname, domainsid=ctx.domsid,
machinepass=ctx.acct_pass, serverrole="domain controller",
sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
- use_ntvfs=ctx.use_ntvfs, dns_backend="NONE")
+ use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend)
print "Provision OK for domain DN %s" % presult.domaindn
ctx.local_samdb = presult.samdb
ctx.lp = presult.lp
targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="domain controller",
lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6,
- dns_backend="BIND9_DLZ")
+ dns_backend=ctx.dns_backend)
print("Provision OK for domain %s" % ctx.names.dnsdomain)
def join_replicate(ctx):
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
+
+ if 'DC=DomainDnsZones,%s' % ctx.base_dn in ctx.nc_list:
+ repl.replicate('DC=DomainDnsZones,%s' % ctx.base_dn, source_dsa_invocation_id,
+ destination_dsa_guid, rodc=ctx.RODC,
+ replica_flags=ctx.replica_flags)
+
+ if 'DC=ForestDnsZones,%s' % ctx.root_dn in ctx.nc_list:
+ repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id,
+ destination_dsa_guid, rodc=ctx.RODC,
+ replica_flags=ctx.replica_flags)
+
if ctx.RODC:
repl.replicate(ctx.acct_dn, source_dsa_invocation_id,
destination_dsa_guid,
def join_finalise(ctx):
'''finalise the join, mark us synchronised and setup secrets db'''
+ logger = logging.getLogger("provision")
+ logger.addHandler(logging.StreamHandler(sys.stdout))
+
print "Sending DsReplicateUpdateRefs for all the partitions"
- ctx.send_DsReplicaUpdateRefs(ctx.schema_dn)
- ctx.send_DsReplicaUpdateRefs(ctx.config_dn)
- ctx.send_DsReplicaUpdateRefs(ctx.base_dn)
+ for nc in ctx.full_nc_list:
+ ctx.send_DsReplicaUpdateRefs(nc)
print "Setting isSynchronized and dsServiceName"
m = ldb.Message()
secure_channel_type=ctx.secure_channel_type,
key_version_number=ctx.key_version_number)
+ if ctx.dns_backend.startswith("BIND9_"):
+ dnspass = samba.generate_random_password(128, 255)
+
+ setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid),
+ ctx.names, ctx.paths, ctx.lp, logger,
+ dns_backend=ctx.dns_backend,
+ dnspass=dnspass, os_level=ctx.behavior_version,
+ targetdir=ctx.targetdir)
+
def join_setup_trusts(ctx):
'''provision the local SAM'''
def do_join(ctx):
+ ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
+ ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
+
+ if not ctx.subdomain:
+ ctx.nc_list += [ctx.base_dn]
+ if ctx.dns_backend != "NONE":
+ ctx.nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
+
+ if ctx.dns_backend != "NONE":
+ ctx.full_nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
+ ctx.full_nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
+ ctx.nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
+
+
ctx.cleanup_old_join()
try:
ctx.join_add_objects()
def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
"""join as a RODC"""
ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
- machinepass, use_ntvfs)
+ machinepass, use_ntvfs, dns_backend)
lp.set("workgroup", ctx.domain_name)
print("workgroup is %s" % ctx.domain_name)
def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
"""join as a DC"""
ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
- machinepass, use_ntvfs)
+ machinepass, use_ntvfs, dns_backend)
lp.set("workgroup", ctx.domain_name)
print("workgroup is %s" % ctx.domain_name)
def join_subdomain(server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
"""join as a DC"""
ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain,
- machinepass, use_ntvfs)
+ machinepass, use_ntvfs, dns_backend)
ctx.subdomain = True
ctx.parent_domain_name = ctx.domain_name
ctx.domain_name = netbios_domain