Attachment #4273 for bug #26504

Lines 57-62 Link Here

(-)univention-samba4/scripts/setup-s4.sh (-4 / +16 lines)
57	bindpwd="${!OPTIND}"	57	bindpwd="${!OPTIND}"
58	OPTIND=$((OPTIND+1))	58	OPTIND=$((OPTIND+1))
59	;;	59	;;
		60	sitename)
		61	sitename="${!OPTIND}"
		62	OPTIND=$((OPTIND+1))
		63	;;
60	help)	64	help)
61	usage	65	usage
62	;;	66	;;
Lines 146-155 Link Here
146	DOMAIN_SID="$(univention-newsid)"	150	DOMAIN_SID="$(univention-newsid)"
147	fi	151	fi
148		152
149	/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \	153	if [ -z "$sitename" ]; then
150	--function-level="$samba4_function_level" \	154	/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \
151	--adminpass="$adminpw" --server-role='domain controller' \	155	--function-level="$samba4_function_level" \
152	--machinepass="$(</etc/machine.secret)" 2>&1 \| tee -a "$LOGFILE"	156	--adminpass="$adminpw" --server-role='domain controller' \
		157	--machinepass="$(</etc/machine.secret)" 2>&1 \| tee -a "$LOGFILE"
		158	else
		159	/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \
		160	--function-level="$samba4_function_level" \
		161	--adminpass="$adminpw" --server-role='domain controller' \
		162	--sitename="$sitename" \
		163	--machinepass="$(</etc/machine.secret)" 2>&1 \| tee -a "$LOGFILE"
		164	fi
153		165
154	else	166	else
155		167




			--ignore-exists
}

create_local_rid_pool() {
	numberofrids="$1"

	floor=2100
	ceil="$(($floor + $numberofrids - 1))"

	if [ "$ceil" -ge 5000 ]; then
		echo "ERROR: RID value must stay below minimum UDM-allocated rid (5002)"
		ceil=4999
	fi

	ridrange="$floor-$ceil"
	ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOF
		dn: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
		objectClass: rIDSet
		cn: RID Set
		showInAdvancedViewOnly: TRUE
		name: RID Set
		rIDAllocationPool: $ridrange
		rIDPreviousAllocationPool: $ridrange
		rIDUsedPool: 0
		rIDNextRID: $floor
		%EOF

	ldbmodify -H /var/lib/samba/private/sam.ldb <<-%EOF
		dn: CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
		changetype: modify
		replace: rIDSetReferences
		rIDSetReferences: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
		%EOF
}
### --- END helper functions ---

extract_binddn_and_bindpwd_from_args "$@"

			## site join
			create_site "$samba4_join_site"

			is_ucr_true samba4/provision/secondary
			if [ $? -eq 0 ]; then

				## site provision

				if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
					## Provision another instance of Samba4
					/usr/share/univention-samba4/scripts/setup-s4.sh "$@" --sitename "$samba4_join_site"

				if [ $? != 0 ]; then
					# try again with --server
					if [ -n "$samba4_dc" ]; then
						samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$samba4_dc" \
											--machinepass="$(cat /etc/machine.secret)" \
											--site="$samba4_join_site" \
											--domain-critical-only
					else
						samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$ldap_master" \
											--machinepass="$(cat /etc/machine.secret)" \
											--site="$samba4_join_site" \
											--domain-critical-only
					fi
				fi

				# create MicrosoftDNS container
				ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOT
					dn: CN=MicrosoftDNS,CN=System,$samba4_ldap_base
					objectClass: top
					objectClass: container
					cn: MicrosoftDNS
					%EOT

			else

				samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \

			fi
		fi

		is_ucr_true samba4/service/drepl
		if [ $? -eq 1 ]; then
			create_local_rid_pool 2000
		fi

		## Adding DNS records is currently necessary, probably this can be avoided with samba_dnsupdate
		## see https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#A_note_on_DNS_updates
		if [ -z "$samba4_join_site" ]; then

Return to bug 26504

Lines 133-169 Link Here

(-)univention-samba4/96univention-samba4.inst (-63 / +6 lines)
133	--ignore-exists	133	--ignore-exists
134	}	134	}
135		135
136	create_local_rid_pool() {
137	numberofrids="$1"
138
139	floor=2100
140	ceil="$(($floor + $numberofrids - 1))"
141
142	if [ "$ceil" -ge 5000 ]; then
143	echo "ERROR: RID value must stay below minimum UDM-allocated rid (5002)"
144	ceil=4999
145	fi
146
147	ridrange="$floor-$ceil"
148	ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOF
149	dn: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
150	objectClass: rIDSet
151	cn: RID Set
152	showInAdvancedViewOnly: TRUE
153	name: RID Set
154	rIDAllocationPool: $ridrange
155	rIDPreviousAllocationPool: $ridrange
156	rIDUsedPool: 0
157	rIDNextRID: $floor
158	%EOF
159
160	ldbmodify -H /var/lib/samba/private/sam.ldb <<-%EOF
161	dn: CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
162	changetype: modify
163	replace: rIDSetReferences
164	rIDSetReferences: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
165	%EOF
166	}
167	### --- END helper functions ---	136	### --- END helper functions ---
168		137
169	extract_binddn_and_bindpwd_from_args "$@"	138	extract_binddn_and_bindpwd_from_args "$@"
Lines 283-320 Link Here
283	## site join	252	## site join
284	create_site "$samba4_join_site"	253	create_site "$samba4_join_site"
285		254
286	is_ucr_true samba4/join/essentialonly	255	is_ucr_true samba4/provision/secondary
287	if [ $? -eq 0 ]; then	256	if [ $? -eq 0 ]; then
288		257
289	## site join with essential DRS replication only	258	## site provision
290		259
291	samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \	260	if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
292	--machinepass="$(cat /etc/machine.secret)" \	261	## Provision another instance of Samba4
293	--site="$samba4_join_site" \	262	/usr/share/univention-samba4/scripts/setup-s4.sh "$@" --sitename "$samba4_join_site"
294	--domain-critical-only	263
295	if [ $? != 0 ]; then
296	# try again with --server
297	if [ -n "$samba4_dc" ]; then
298	samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$samba4_dc" \
299	--machinepass="$(cat /etc/machine.secret)" \
300	--site="$samba4_join_site" \
301	--domain-critical-only
302	else
303	samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$ldap_master" \
304	--machinepass="$(cat /etc/machine.secret)" \
305	--site="$samba4_join_site" \
306	--domain-critical-only
307	fi
308	fi	264	fi
309		265
310	# create MicrosoftDNS container
311	ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOT
312	dn: CN=MicrosoftDNS,CN=System,$samba4_ldap_base
313	objectClass: top
314	objectClass: container
315	cn: MicrosoftDNS
316	%EOT
317
318	else	266	else
319		267
320	samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \	268	samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \
Lines 336-346 Link Here
336	fi	284	fi
337	fi	285	fi
338		286
339	is_ucr_true samba4/service/drepl
340	if [ $? -eq 1 ]; then
341	create_local_rid_pool 2000
342	fi
343
344	## Adding DNS records is currently necessary, probably this can be avoided with samba_dnsupdate	287	## Adding DNS records is currently necessary, probably this can be avoided with samba_dnsupdate
345	## see https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#A_note_on_DNS_updates	288	## see https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#A_note_on_DNS_updates
346	if [ -z "$samba4_join_site" ]; then	289	if [ -z "$samba4_join_site" ]; then