idmap.setup_name_mapping(sid + "-513", idmap.TYPE_GID, users_gid)
-def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
- provision_backend, names, schema,
- serverrole,
+def setup_samdb_partitions(samdb_path, setup_path, logger, lp, session_info,
+ provision_backend, names, schema, serverrole,
erase=False):
"""Setup the partitions for the SAM database.
samdb.transaction_start()
try:
- message("Setting up sam.ldb partitions and settings")
+ logger.info("Setting up sam.ldb partitions and settings")
setup_add_ldif(samdb, setup_path("provision_partitions.ldif"), {
"SCHEMADN": ldb.Dn(schema.ldb, names.schemadn).get_casefold(),
"CONFIGDN": ldb.Dn(schema.ldb, names.configdn).get_casefold(),
"SERVER_ROLE": serverrole
})
- message("Setting up sam.ldb rootDSE")
+ logger.info("Setting up sam.ldb rootDSE")
setup_samdb_rootdse(samdb, setup_path, names)
except:
samdb.transaction_cancel()
create_gpo_struct(policy_path)
-def setup_samdb(path, setup_path, session_info, provision_backend, lp,
- names, message,
- domainsid, domainguid, policyguid, policyguid_dc,
- fill, adminpass, krbtgtpass,
- machinepass, invocationid, dnspass, ntdsguid,
- serverrole, am_rodc, dom_for_fun_level=None,
- schema=None):
+def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
+ logger, domainsid, domainguid, policyguid, policyguid_dc, fill,
+ adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid,
+ serverrole, am_rodc, dom_for_fun_level=None, schema=None):
"""Setup a complete SAM Database.
:note: This will wipe the main SAM database file!
if dom_for_fun_level is None:
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
if dom_for_fun_level < DS_DOMAIN_FUNCTION_2003:
- message("You want to run SAMBA 4 on a domain and forest function level"
- " lower than Windows 2003 (Native). This is not recommended")
+ logger.warning("Running SAMBA 4 on a domain and forest function level"
+ " lower than Windows 2003 (Native) is not recommended.")
if dom_for_fun_level > domainControllerFunctionality:
raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008). This won't work!")
forestFunctionality = dom_for_fun_level
# Also wipes the database
- setup_samdb_partitions(path, setup_path, message=message, lp=lp,
+ setup_samdb_partitions(path, setup_path, logger=logger, lp=lp,
provision_backend=provision_backend, session_info=session_info,
names=names, serverrole=serverrole, schema=schema)
credentials=provision_backend.credentials, lp=lp, global_schema=False,
am_rodc=am_rodc)
- message("Pre-loading the Samba 4 and AD schema")
+ logger.info("Pre-loading the Samba 4 and AD schema")
# Load the schema from the one we computed earlier
samdb.set_schema_from_ldb(schema.ldb)
samdb.set_invocation_id(invocationid)
samdb.set_ntds_settings_dn("CN=NTDS Settings,%s" % names.serverdn)
- message("Adding DomainDN: %s" % names.domaindn)
+ logger.info("Adding DomainDN: %s" % names.domaindn)
#impersonate domain admin
admin_session_info = admin_session(lp, str(domainsid))
"SAMBA_VERSION_STRING": version
})
- message("Adding configuration container")
+ logger.info("Adding configuration container")
descr = b64encode(get_config_descriptor(domainsid))
setup_add_ldif(samdb, setup_path("provision_configuration_basedn.ldif"), {
"CONFIGDN": names.configdn,
})
# The LDIF here was created when the Schema object was constructed
- message("Setting up sam.ldb schema")
+ logger.info("Setting up sam.ldb schema")
samdb.add_ldif(schema.schema_dn_add, controls=["relax:0"])
samdb.modify_ldif(schema.schema_dn_modify)
samdb.write_prefixes_from_schema()
setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
{"SCHEMADN": names.schemadn})
- message("Reopening sam.ldb with new schema")
+ logger.info("Reopening sam.ldb with new schema")
except:
samdb.transaction_cancel()
raise
try:
samdb.invocation_id = invocationid
- message("Setting up sam.ldb configuration data")
+ logger.info("Setting up sam.ldb configuration data")
setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
"CONFIGDN": names.configdn,
"NETBIOSNAME": names.netbiosname,
"DOMAIN_FUNCTIONALITY": str(domainFunctionality)
})
- message("Setting up display specifiers")
+ logger.info("Setting up display specifiers")
display_specifiers_ldif = read_ms_ldif(setup_path('display-specifiers/DisplaySpecifiers-Win2k8R2.txt'))
display_specifiers_ldif = substitute_var(display_specifiers_ldif, {"CONFIGDN": names.configdn})
check_all_substituted(display_specifiers_ldif)
samdb.add_ldif(display_specifiers_ldif)
- message("Adding users container")
+ logger.info("Adding users container")
setup_add_ldif(samdb, setup_path("provision_users_add.ldif"), {
"DOMAINDN": names.domaindn})
- message("Modifying users container")
+ logger.info("Modifying users container")
setup_modify_ldif(samdb, setup_path("provision_users_modify.ldif"), {
"DOMAINDN": names.domaindn})
- message("Adding computers container")
+ logger.info("Adding computers container")
setup_add_ldif(samdb, setup_path("provision_computers_add.ldif"), {
"DOMAINDN": names.domaindn})
- message("Modifying computers container")
+ logger.info("Modifying computers container")
setup_modify_ldif(samdb, setup_path("provision_computers_modify.ldif"), {
"DOMAINDN": names.domaindn})
- message("Setting up sam.ldb data")
+ logger.info("Setting up sam.ldb data")
setup_add_ldif(samdb, setup_path("provision.ldif"), {
"CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
"DOMAINDN": names.domaindn,
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn})
if fill == FILL_FULL:
- message("Setting up sam.ldb users and groups")
+ logger.info("Setting up sam.ldb users and groups")
setup_add_ldif(samdb, setup_path("provision_users.ldif"), {
"DOMAINDN": names.domaindn,
"DOMAINSID": str(domainsid),
"KRBTGTPASS_B64": b64encode(krbtgtpass),
})
- message("Setting up self join")
+ logger.info("Setting up self join")
setup_self_join(samdb, names=names, invocationid=invocationid,
dnspass=dnspass,
machinepass=machinepass,
set_gpo_acl(sysvol,dnsdomain,domainsid,domaindn,samdb,lp)
-def provision(setup_dir, message, session_info,
+def provision(setup_dir, logger, session_info,
credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL,
realm=None,
rootdn=None, domaindn=None, schemadn=None, configdn=None,
if hostip is None:
hostips = samba.interface_ips(lp, False)
if len(hostips) == 0:
- message("No external IPv4 address has been found: I use the loopback.")
+ logger.warning("No external IPv4 address has been found. Using loopback.")
hostip = '127.0.0.1'
else:
hostip = hostips[0]
if len(hostips) > 1:
- message("More than one IPv4 address found: I use " + hostip + ".")
+ logger.warning("More than one IPv4 address found. Using %s.", hostip)
if hostip6 is None:
try:
paths=paths, setup_path=setup_path,
lp=lp, credentials=credentials,
names=names,
- message=message)
+ message=logger.info)
elif backend_type == "existing":
provision_backend = ExistingBackend(backend_type,
paths=paths, setup_path=setup_path,
lp=lp, credentials=credentials,
names=names,
- message=message,
+ message=logger.info,
ldapi_url=ldapi_url)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type,
paths=paths, setup_path=setup_path,
lp=lp, credentials=credentials,
names=names,
- message=message,
+ message=logger.info,
domainsid=domainsid,
schema=schema,
hostname=hostname,
paths=paths, setup_path=setup_path,
lp=lp, credentials=credentials,
names=names,
- message=message,
+ message=logger.info,
domainsid=domainsid,
schema=schema,
hostname=hostname,
# only install a new shares config db if there is none
if not os.path.exists(paths.shareconf):
- message("Setting up share.ldb")
+ logger.info("Setting up share.ldb")
share_ldb = Ldb(paths.shareconf, session_info=session_info,
lp=lp)
share_ldb.load_ldif_file_add(setup_path("share.ldif"))
- message("Setting up secrets.ldb")
+ logger.info("Setting up secrets.ldb")
secrets_ldb = setup_secretsdb(paths.secrets, setup_path,
session_info=session_info,
backend_credentials=provision_backend.secrets_credentials, lp=lp)
- message("Setting up the registry")
+ logger.info("Setting up the registry")
setup_registry(paths.hklm, setup_path, session_info,
lp=lp)
- message("Setting up the privileges database")
+ logger.info("Setting up the privileges database")
setup_privileges(paths.privilege, setup_path, session_info, lp=lp)
- message("Setting up idmap db")
+ logger.info("Setting up idmap db")
idmap = setup_idmapdb(paths.idmapdb, setup_path, session_info=session_info,
lp=lp)
- message("Setting up SAM db")
+ logger.info("Setting up SAM db")
samdb = setup_samdb(paths.samdb, setup_path, session_info,
provision_backend, lp, names,
- message,
+ logger=logger,
domainsid=domainsid,
schema=schema, domainguid=domainguid,
policyguid=policyguid, policyguid_dc=policyguid_dc,
if serverrole == "domain controller":
if paths.netlogon is None:
- message("Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.")
- message("Please either remove %s or see the template at %s" %
+ logger.info("Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.")
+ logger.info("Please either remove %s or see the template at %s" %
(paths.smbconf, setup_path("provision.smb.conf.dc")))
assert paths.netlogon is not None
if paths.sysvol is None:
- message("Existing smb.conf does not have a [sysvol] share, but you"
+ logger.info("Existing smb.conf does not have a [sysvol] share, but you"
" are configuring a DC.")
- message("Please either remove %s or see the template at %s" %
+ logger.info("Please either remove %s or see the template at %s" %
(paths.smbconf, setup_path("provision.smb.conf.dc")))
assert paths.sysvol is not None
setsysvolacl(samdb, paths.netlogon, paths.sysvol, wheel_gid,
domainsid, names.dnsdomain, names.domaindn, lp)
- message("Setting up sam.ldb rootDSE marking as synchronized")
+ logger.info("Setting up sam.ldb rootDSE marking as synchronized")
setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
secretsdb_self_join(secrets_ldb, domain=names.domain,
# Only make a zone file on the first DC, it should be replicated
# with DNS replication
- create_zone_file(lp, message, paths, targetdir, setup_path,
+ create_zone_file(lp, logger.info, paths, targetdir, setup_path,
dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6,
hostname=names.hostname, realm=names.realm,
domainguid=domainguid, ntdsguid=names.ntdsguid)
create_named_txt(paths.namedtxt, setup_path, realm=names.realm,
dnsdomain=names.dnsdomain, private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
- message("See %s for an example configuration include file for BIND" % paths.namedconf)
- message("and %s for further documentation required for secure DNS "
- "updates" % paths.namedtxt)
+ logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
+ logger.info("and %s for further documentation required for secure DNS "
+ "updates", paths.namedtxt)
create_krb5_conf(paths.krb5conf, setup_path,
dnsdomain=names.dnsdomain, hostname=names.hostname,
realm=names.realm)
- message("A Kerberos configuration suitable for Samba 4 has been "
- "generated at %s" % paths.krb5conf)
+ logger.info("A Kerberos configuration suitable for Samba 4 has been "
+ "generated at %s", paths.krb5conf)
if serverrole == "domain controller":
- create_dns_update_list(lp, message, paths, setup_path)
+ create_dns_update_list(lp, logger.info, paths, setup_path)
provision_backend.post_setup()
provision_backend.shutdown()
os.chmod(dns_keytab_path, 0640)
os.chown(dns_keytab_path, -1, paths.bind_gid)
except OSError:
- message("Failed to chown %s to bind gid %u" % (dns_keytab_path,
- paths.bind_gid))
+ logger.info("Failed to chown %s to bind gid %u", dns_keytab_path,
+ paths.bind_gid)
- message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
+ logger.info("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php",
+ paths.phpldapadminconfig)
- message("Once the above files are installed, your Samba4 server will be ready to use")
- message("Server Role: %s" % serverrole)
- message("Hostname: %s" % names.hostname)
- message("NetBIOS Domain: %s" % names.domain)
- message("DNS Domain: %s" % names.dnsdomain)
- message("DOMAIN SID: %s" % str(domainsid))
+ logger.info("Once the above files are installed, your Samba4 server will be ready to use")
+ logger.info("Server Role: %s" % serverrole)
+ logger.info("Hostname: %s" % names.hostname)
+ logger.info("NetBIOS Domain: %s" % names.domain)
+ logger.info("DNS Domain: %s" % names.dnsdomain)
+ logger.info("DOMAIN SID: %s" % str(domainsid))
if samdb_fill == FILL_FULL:
- message("Admin password: %s" % adminpass)
+ logger.info("Admin password: %s" % adminpass)
if provision_backend.type is not "ldb":
if provision_backend.credentials.get_bind_dn() is not None:
- message("LDAP Backend Admin DN: %s" % provision_backend.credentials.get_bind_dn())
+ logger.info("LDAP Backend Admin DN: %s" % provision_backend.credentials.get_bind_dn())
else:
- message("LDAP Admin User: %s" % provision_backend.credentials.get_username())
+ logger.info("LDAP Admin User: %s" % provision_backend.credentials.get_username())
- message("LDAP Admin Password: %s" % provision_backend.credentials.get_password())
+ logger.info("LDAP Admin Password: %s" % provision_backend.credentials.get_password())
if provision_backend.slapd_command_escaped is not None:
# now display slapd_command_file.txt to show how slapd must be started next time
- message("Use later the following commandline to start slapd, then Samba:")
- message(provision_backend.slapd_command_escaped)
- message("This slapd-Commandline is also stored under: " + provision_backend.ldapdir + "/ldap_backend_startup.sh")
+ logger.info("Use later the following commandline to start slapd, then Samba:")
+ logger.info(provision_backend.slapd_command_escaped)
+ logger.info("This slapd-Commandline is also stored under: %s/ldap_backend_startup.sh",
+ provision_backend.ldapdir)
result = ProvisionResult()