FILL_DRS
)
+from samba.netcmd.pso import cmd_domain_passwordsettings_pso
+from samba.netcmd.domain_backup import cmd_domain_backup
+
string_version_to_constant = {
"2008_R2" : DS_DOMAIN_FUNCTION_2008_R2,
"2012": DS_DOMAIN_FUNCTION_2012,
"(default is %s)" % get_default_backend_store()),
Option("--targetdir", metavar="DIR",
help="Set target directory (where to store provision)", type=str),
- Option("--quiet", help="Be quiet", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"),
+]
+
+common_join_options = [
+ Option("--server", help="DC to join", type=str),
+ Option("--site", help="site to join", type=str),
+ Option("--domain-critical-only",
+ help="only replicate critical domain objects",
+ action="store_true"),
+ Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
+ choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
+ "BIND9_DLZ uses samba4 AD to store zone information, "
+ "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
+ default="SAMBA_INTERNAL"),
+ Option("-v", "--verbose", help="Be verbose", action="store_true")
+]
+
+common_ntvfs_options = [
+ Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
+ action="store_true")
]
def get_testparm_var(testparm, smbconf, varname):
]
ntvfs_options = [
- Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for "
takes_options.extend(openldap_options)
if samba.is_ntvfs_fileserver_built():
- takes_options.extend(ntvfs_options)
+ takes_options.extend(common_ntvfs_options)
+ takes_options.extend(ntvfs_options)
takes_args = []
"credopts": options.CredentialsOptions,
}
- takes_options = [
- Option("--server", help="DC to join", type=str),
- Option("--site", help="site to join", type=str),
- Option("--domain-critical-only",
- help="only replicate critical domain objects",
- action="store_true"),
- Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
- choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
- help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
- "BIND9_DLZ uses samba4 AD to store zone information, "
- "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
- default="SAMBA_INTERNAL"),
- Option("--verbose", help="Be verbose", action="store_true")
- ]
+ takes_options = []
+ takes_options.extend(common_join_options)
takes_options.extend(common_provision_join_options)
- ntvfs_options = [
- Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
- ]
-
if samba.is_ntvfs_fileserver_built():
- takes_options.extend(ntvfs_options)
+ takes_options.extend(common_ntvfs_options)
takes_args = ["domain", "role?"]
}
takes_options = [
- Option("--server", help="DC to join", type=str),
- Option("--site", help="site to join", type=str),
Option("--parent-domain", help="parent domain to create subdomain under", type=str),
- Option("--domain-critical-only",
- help="only replicate critical domain objects",
- action="store_true"),
Option("--adminpass", type="string", metavar="PASSWORD",
help="choose adminstrator password when joining as a subdomain (otherwise random)"),
- Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
- choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
- help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
- "BIND9_DLZ uses samba4 AD to store zone information, "
- "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
- default="SAMBA_INTERNAL"),
- Option("--verbose", help="Be verbose", action="store_true")
]
ntvfs_options = [
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
action="store_true")
]
+ takes_options.extend(common_join_options)
takes_options.extend(common_provision_join_options)
if samba.is_ntvfs_fileserver_built():
metavar="URL", dest="H"),
Option("--remove-other-dead-server", help="Dead DC (name or NTDS GUID) "
"to remove ALL references to (rather than this DC)", type=str),
- Option("--quiet", help="Be quiet", action="store_true"),
- Option("--verbose", help="Be verbose", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"),
+ Option("-v", "--verbose", help="Be verbose", action="store_true"),
]
takes_optiongroups = {
raise CommandError("Unable to search for servers")
if (len(res) == 1):
- raise CommandError("You are the latest server in the domain")
+ raise CommandError("You are the last server in the domain")
server = None
for e in res:
controls=["search_options:1:2"])
if len(res) != 0:
- raise CommandError("Current DC is still the owner of %d role(s), use the role command to transfer roles to another DC" % len(res))
+ raise CommandError("Current DC is still the owner of %d role(s), "
+ "use the role command to transfer roles to "
+ "another DC" %
+ len(res))
self.errf.write("Using %s as partner server for the demotion\n" %
server)
remote_samdb.modify(msg)
remote_samdb.rename(newdn, dc_dn)
if werr == werror.WERR_DS_DRA_NO_REPLICA:
- raise CommandError("The DC %s is not present on (already removed from) the remote server: " % server_dsa_dn, e)
+ raise CommandError("The DC %s is not present on (already "
+ "removed from) the remote server: %s" %
+ (server_dsa_dn, e3))
else:
- raise CommandError("Error while sending a removeDsServer of %s: " % server_dsa_dn, e)
+ raise CommandError("Error while sending a removeDsServer "
+ "of %s: %s" %
+ (server_dsa_dn, e3))
remove_dc.remove_sysvol_references(remote_samdb, logger, dc_name)
except ldb.LdbError as l:
pass
+ # get dns host name for target server to demote, remove dns references
+ remove_dc.remove_dns_references(remote_samdb, logger, samdb.host_dns_name(),
+ ignore_no_name=True)
+
self.errf.write("Demote successful\n")
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("--quiet", help="Be quiet", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
Option("--forest-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
help="The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2)"),
Option("--domain-level", type="choice", choices=["2003", "2008", "2008_R2", "2012", "2012_R2"],
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("--quiet", help="Be quiet", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"), # unused
Option("--complexity", type="choice", choices=["on","off","default"],
help="The password complexity (on | off | default). Default is 'on'"),
Option("--store-plaintext", type="choice", choices=["on","off","default"],
ldb.FLAG_MOD_REPLACE, "lockOutObservationWindow")
msgs.append("Duration to reset account lockout after changed!")
- if max_pwd_age > 0 and min_pwd_age >= max_pwd_age:
+ if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age:
raise CommandError("Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age))
if len(m) == 0:
"""Manage password policy settings."""
subcommands = {}
+ subcommands["pso"] = cmd_domain_passwordsettings_pso()
subcommands["show"] = cmd_domain_passwordsettings_show()
subcommands["set"] = cmd_domain_passwordsettings_set()
help="Path to samba classic DC testparm utility from the previous installation. This allows the default paths of the previous installation to be followed"),
Option("--targetdir", type="string", metavar="DIR",
help="Path prefix where the new Samba 4.0 AD domain should be initialised"),
- Option("--quiet", help="Be quiet", action="store_true"),
- Option("--verbose", help="Be verbose", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"),
+ Option("-v", "--verbose", help="Be verbose", action="store_true"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
]
ntvfs_options = [
- Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
- action="store_true"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for "
default="auto")
]
if samba.is_ntvfs_fileserver_built():
+ takes_options.extend(common_ntvfs_options)
takes_options.extend(ntvfs_options)
takes_args = ["smbconf"]
if runtime is None:
return False
- err32 = self._uint32(runtime[0])
+ err32 = self._uint32(runtime.args[0])
if err32 == val:
return True
class LocalRuntimeError(CommandError):
def __init__(exception_self, self, runtime, message):
- err32 = self._uint32(runtime[0])
- errstr = runtime[1]
+ err32 = self._uint32(runtime.args[0])
+ errstr = runtime.args[1]
msg = "LOCAL_DC[%s]: %s - ERROR(0x%08X) - %s" % (
self.local_server, message, err32, errstr)
CommandError.__init__(exception_self, msg)
class RemoteRuntimeError(CommandError):
def __init__(exception_self, self, runtime, message):
- err32 = self._uint32(runtime[0])
- errstr = runtime[1]
+ err32 = self._uint32(runtime.args[0])
+ errstr = runtime.args[1]
msg = "REMOTE_DC[%s]: %s - ERROR(0x%08X) - %s" % (
self.remote_server, message, err32, errstr)
CommandError.__init__(exception_self, msg)
class LocalLdbError(CommandError):
def __init__(exception_self, self, ldb_error, message):
- errval = ldb_error[0]
- errstr = ldb_error[1]
+ errval = ldb_error.args[0]
+ errstr = ldb_error.args[1]
msg = "LOCAL_DC[%s]: %s - ERROR(%d) - %s" % (
self.local_server, message, errval, errstr)
CommandError.__init__(exception_self, msg)
return (policy, info)
+ def get_netlogon_dc_unc(self, conn, server, domain):
+ try:
+ info = conn.netr_DsRGetDCNameEx2(server,
+ None, 0, None, None, None,
+ netlogon.DS_RETURN_DNS_NAME)
+ return info.dc_unc
+ except RuntimeError:
+ return conn.netr_GetDcName(server, domain)
+
def get_netlogon_dc_info(self, conn, server):
info = conn.netr_DsRGetDCNameEx2(server,
None, 0, None, None, None,
self.outf.write("Namespaces[%d]%s:\n" % (
len(fti.entries), tln_string))
- for i in xrange(0, len(fti.entries)):
- e = fti.entries[i]
+ for i, e in enumerate(fti.entries):
flags = e.flags
collision_string = ""
raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server")
try:
- remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server)
+ remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon,
+ remote_server, domain)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info")
# this triggers netr_GetForestTrustInformation to our domain.
# and lsaRSetForestTrustInformation() remotely, but new top level
# names are disabled by default.
- remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc,
- local_lsa_info.dns_domain.string,
- netlogon.DS_GFTI_UPDATE_TDO)
+ remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc,
+ local_lsa_info.dns_domain.string,
+ netlogon.DS_GFTI_UPDATE_TDO)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
self.outf.write("Validating incoming trust...\n")
try:
- remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc,
- netlogon.NETLOGON_CONTROL_TC_VERIFY,
- 2,
- local_lsa_info.dns_domain.string)
+ remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc,
+ netlogon.NETLOGON_CONTROL_TC_VERIFY,
+ 2,
+ local_lsa_info.dns_domain.string)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
update_spn_vals.extend(stored_spn_vals)
for upn in add_upn:
- idx = None
- for i in xrange(0, len(update_upn_vals)):
- v = update_upn_vals[i]
- if v.lower() != upn.lower():
- continue
- idx = i
- break
- if idx is not None:
- raise CommandError("Entry already present for value[%s] specified for --add-upn-suffix" % upn)
+ for i, v in enumerate(update_upn_vals):
+ if v.lower() == upn.lower():
+ raise CommandError("Entry already present for "
+ "value[%s] specified for "
+ "--add-upn-suffix" % upn)
update_upn_vals.append(upn)
replace_upn = True
for upn in delete_upn:
idx = None
- for i in xrange(0, len(update_upn_vals)):
- v = update_upn_vals[i]
+ for i, v in enumerate(update_upn_vals):
if v.lower() != upn.lower():
continue
idx = i
replace_upn = True
for spn in add_spn:
- idx = None
- for i in xrange(0, len(update_spn_vals)):
- v = update_spn_vals[i]
- if v.lower() != spn.lower():
- continue
- idx = i
- break
- if idx is not None:
- raise CommandError("Entry already present for value[%s] specified for --add-spn-suffix" % spn)
+ for i, v in enumerate(update_spn_vals):
+ if v.lower() == spn.lower():
+ raise CommandError("Entry already present for "
+ "value[%s] specified for "
+ "--add-spn-suffix" % spn)
update_spn_vals.append(spn)
replace_spn = True
for spn in delete_spn:
idx = None
- for i in xrange(0, len(update_spn_vals)):
- v = update_spn_vals[i]
+ for i, v in enumerate(update_spn_vals):
if v.lower() != spn.lower():
continue
idx = i
update_forest_info.entries = entries
if enable_all:
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME:
continue
if update_forest_info.entries[i].flags == 0:
continue
update_forest_info.entries[i].time = 0
update_forest_info.entries[i].flags &= ~lsa.LSA_TLN_DISABLED_MASK
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
continue
if update_forest_info.entries[i].flags == 0:
for tln in enable_tln:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME:
continue
if r.forest_trust_data.string.lower() != tln.lower():
for tln in disable_tln:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME:
continue
if r.forest_trust_data.string.lower() != tln.lower():
for tln_ex in add_tln_ex:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
continue
if r.forest_trust_data.string.lower() != tln_ex.lower():
tln_dot = ".%s" % tln_ex.lower()
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME:
continue
r_dot = ".%s" % r.forest_trust_data.string.lower()
for tln_ex in delete_tln_ex:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
continue
if r.forest_trust_data.string.lower() != tln_ex.lower():
for nb in enable_nb:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
continue
if r.forest_trust_data.netbios_domain_name.string.upper() != nb.upper():
for nb in disable_nb:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
continue
if r.forest_trust_data.netbios_domain_name.string.upper() != nb.upper():
for sid in enable_sid:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
continue
if r.forest_trust_data.domain_sid != sid:
for sid in disable_sid:
idx = None
- for i in xrange(0, len(update_forest_info.entries)):
- r = update_forest_info.entries[i]
+ for i, r in enumerate(update_forest_info.entries):
if r.type != lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
continue
if r.forest_trust_data.domain_sid != sid:
self.dn = None
self.ldif = ""
- def _ldap_schemaUpdateNow(self, samdb):
- ldif = """
-dn:
-changetype: modify
-add: schemaUpdateNow
-schemaUpdateNow: 1
-"""
- samdb.modify_ldif(ldif)
-
def can_ignore_failure(self, error):
"""Checks if we can safely ignore failure to apply an LDIF update"""
(num, errstr) = error.args
# Otherwise the OID-to-attribute mapping in
# _apply_updates_in_file() won't work, because it
# can't lookup the new OID in the schema
- self._ldap_schemaUpdateNow(samdb)
+ samdb.set_schema_update_now()
samdb.modify_ldif(self.ldif, controls=['relax:0'])
else:
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("--quiet", help="Be quiet", action="store_true"),
- Option("--verbose", help="Be verbose", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"), #unused
+ Option("-v", "--verbose", help="Be verbose", action="store_true"),
Option("--schema", type="choice", metavar="SCHEMA",
choices=["2012", "2012_R2"],
help="The schema file to upgrade to. Default is (Windows) 2012_R2.",
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server", type=str,
metavar="URL", dest="H"),
- Option("--quiet", help="Be quiet", action="store_true"),
- Option("--verbose", help="Be verbose", action="store_true"),
+ Option("-q", "--quiet", help="Be quiet", action="store_true"),
+ Option("-v", "--verbose", help="Be verbose", action="store_true"),
Option("--function-level", type="choice", metavar="FUNCTION_LEVEL",
choices=["2008_R2", "2012", "2012_R2"],
help="The schema file to upgrade to. Default is (Windows) 2012_R2.",
subcommands["tombstones"] = cmd_domain_tombstones()
subcommands["schemaupgrade"] = cmd_domain_schema_upgrade()
subcommands["functionalprep"] = cmd_domain_functional_prep()
+ subcommands["backup"] = cmd_domain_backup()