X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=python%2Fsamba%2Fnetcmd%2Fdomain.py;h=becbc498b9e8d752f03fd32b2891c86302c0f5a7;hb=c390728819e73cefbf02e0d52d22805930f4c45b;hp=d50cf3f526c941b0d360618a6d5d7a7f76552eda;hpb=7d435711692a7c6485bb13e626727400d01d21e3;p=samba.git diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index d50cf3f526c..becbc498b9e 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -821,7 +821,10 @@ class cmd_domain_demote(Command): controls=["search_options:1:2"]) if len(res) != 0: - raise CommandError("Current DC is still the owner of %d role(s), use the role command to transfer roles to another DC" % len(res)) + raise CommandError("Current DC is still the owner of %d role(s), " + "use the role command to transfer roles to " + "another DC" % + len(res)) self.errf.write("Using %s as partner server for the demotion\n" % server) @@ -1012,9 +1015,13 @@ class cmd_domain_demote(Command): remote_samdb.modify(msg) remote_samdb.rename(newdn, dc_dn) if werr == werror.WERR_DS_DRA_NO_REPLICA: - raise CommandError("The DC %s is not present on (already removed from) the remote server: " % server_dsa_dn, e) + raise CommandError("The DC %s is not present on (already " + "removed from) the remote server: %s" % + (server_dsa_dn, e3)) else: - raise CommandError("Error while sending a removeDsServer of %s: " % server_dsa_dn, e) + raise CommandError("Error while sending a removeDsServer " + "of %s: %s" % + (server_dsa_dn, e3)) remove_dc.remove_sysvol_references(remote_samdb, logger, dc_name) @@ -1524,7 +1531,7 @@ class cmd_domain_passwordsettings_set(Command): ldb.FLAG_MOD_REPLACE, "lockOutObservationWindow") msgs.append("Duration to reset account lockout after changed!") - if max_pwd_age > 0 and min_pwd_age >= max_pwd_age: + if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age: raise CommandError("Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age)) if len(m) == 0: @@ -1869,6 +1876,15 @@ class DomainTrustCommand(Command): return (policy, info) + def get_netlogon_dc_unc(self, conn, server, domain): + try: + info = conn.netr_DsRGetDCNameEx2(server, + None, 0, None, None, None, + netlogon.DS_RETURN_DNS_NAME) + return info.dc_unc + except RuntimeError: + return conn.netr_GetDcName(server, domain) + def get_netlogon_dc_info(self, conn, server): info = conn.netr_DsRGetDCNameEx2(server, None, 0, None, None, None, @@ -2502,7 +2518,8 @@ class cmd_domain_trust_create(DomainTrustCommand): raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server") try: - remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server) + remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon, + remote_server, domain) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info") @@ -2652,9 +2669,9 @@ class cmd_domain_trust_create(DomainTrustCommand): # this triggers netr_GetForestTrustInformation to our domain. # and lsaRSetForestTrustInformation() remotely, but new top level # names are disabled by default. - remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc, - local_lsa_info.dns_domain.string, - netlogon.DS_GFTI_UPDATE_TDO) + remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc, + local_lsa_info.dns_domain.string, + netlogon.DS_GFTI_UPDATE_TDO) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed") @@ -2705,10 +2722,10 @@ class cmd_domain_trust_create(DomainTrustCommand): if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND: self.outf.write("Validating incoming trust...\n") try: - remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc, - netlogon.NETLOGON_CONTROL_TC_VERIFY, - 2, - local_lsa_info.dns_domain.string) + remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc, + netlogon.NETLOGON_CONTROL_TC_VERIFY, + 2, + local_lsa_info.dns_domain.string) except RuntimeError as error: raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")