class cmd_domain_join(Command):
"""Join domain as either member or backup domain controller."""
- synopsis = "%prog <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] [options]"
+ synopsis = "%prog <dnsdomain> [DC|RODC|MEMBER] [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
plaintext_secrets=plaintext_secrets,
backend_store=backend_store,
backend_store_size=backend_store_size)
- elif role == "SUBDOMAIN":
- if not adminpass:
- logger.info("Administrator password will be set randomly!")
-
- netbios_domain = lp.get("workgroup")
- if parent_domain is None:
- parent_domain = ".".join(domain.split(".")[1:])
- join_subdomain(logger=logger, server=server, creds=creds, lp=lp, dnsdomain=domain,
- parent_domain=parent_domain, site=site,
- netbios_name=netbios_name, netbios_domain=netbios_domain,
- targetdir=targetdir, machinepass=machinepass,
- use_ntvfs=use_ntvfs, dns_backend=dns_backend,
- adminpass=adminpass,
- plaintext_secrets=plaintext_secrets,
- backend_store=backend_store,
- backend_store_size=backend_store_size)
+ # elif role == "SUBDOMAIN":
+ # subdomain command removed by Gary Lockyer <gary@catalyst.net.nz>
+ # on the 28th June 2019.
else:
- raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
+ raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC)" % role)
class cmd_domain_demote(Command):
return $ret;
}
-sub provision_subdom_dc($$$)
-{
- my ($self, $prefix, $dcvars) = @_;
- print "PROVISIONING SUBDOMAIN DC...\n";
-
- # We do this so that we don't run the provision. That's the job of 'net vampire'.
- my $samsid = undef; # TODO pass the domain sid all the way down
- my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
- "localsubdc",
- "SAMBASUBDOM",
- "sub.samba.example.com",
- $samsid,
- "2008",
- $dcvars->{PASSWORD},
- undef);
-
- push (@{$ctx->{provision_options}}, "--use-ntvfs");
-
- $ctx->{smb_conf_extra_options} = "
- max xmit = 32K
- server max protocol = SMB2
-
-[sysvol]
- path = $ctx->{statedir}/sysvol
- read only = yes
-
-[netlogon]
- path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
- read only = no
-
-";
-
- my $ret = $self->provision_raw_step1($ctx);
- unless ($ret) {
- return undef;
- }
-
- Samba::mk_krb5_conf($ctx);
- Samba::mk_mitkdc_conf($ctx, abs_path(Samba::bindir_path($self, "shared")));
-
- my $samba_tool = Samba::bindir_path($self, "samba-tool");
- my $cmd = $self->get_cmd_env_vars($ret);
- $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
- $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
- $cmd .= " --adminpass=$ret->{PASSWORD}";
-
- unless (system($cmd) == 0) {
- warn("Join failed\n$cmd");
- return undef;
- }
-
- $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
-
- $self->set_pdc_env_vars($ret, $dcvars);
-
- return $ret;
-}
-
sub provision_ad_dc_ntvfs($$$)
{
my ($self, $prefix, $extra_provision_options) = @_;
vampire_2000_dc => ["fl2000dc"],
vampire_dc => ["ad_dc_ntvfs"],
promoted_dc => ["ad_dc_ntvfs"],
- subdom_dc => ["ad_dc_ntvfs"],
rodc => ["ad_dc_ntvfs"],
rpc_proxy => ["ad_dc_ntvfs"],
return $env;
}
-sub setup_subdom_dc
-{
- my ($self, $path, $dc_vars) = @_;
-
- my $env = $self->provision_subdom_dc($path, $dc_vars);
-
- if (defined $env) {
- if (not defined($self->check_or_start($env, "single"))) {
- return undef;
- }
-
- # force replicated DC to update repsTo/repsFrom
- # for primary domain partitions
- my $samba_tool = Samba::bindir_path($self, "samba-tool");
- my $cmd = "NSS_WRAPPER_HOSTS='$env->{NSS_WRAPPER_HOSTS}' ";
- # as 'subdomain' dc may add data in its local replica
- # we need to synchronize data between DCs
- my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM}));
- my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
- $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
- $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
- $cmd .= "KRB5CCNAME=\"$env->{KRB5_CCACHE}\" ";
- $cmd .= "RESOLV_CONF=\"$env->{RESOLV_CONF}\" ";
- $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
- $cmd .= " $dc_vars->{CONFIGURATION}";
- $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
- # replicate Configuration NC
- my $cmd_repl = "$cmd \"$config_dn\"";
- unless(system($cmd_repl) == 0) {
- warn("Failed to replicate\n$cmd_repl");
- return undef;
- }
- # replicate Default NC
- $cmd_repl = "$cmd \"$base_dn\"";
- unless(system($cmd_repl) == 0) {
- warn("Failed to replicate\n$cmd_repl");
- return undef;
- }
- }
-
- return $env;
-}
-
sub setup_rodc
{
my ($self, $path, $dc_vars) = @_;
git.samba.org / samba.git / commitdiff