Attachment #4525 for bug #27027





    def __init__(ctx, server=None, creds=None, lp=None, site=None,
            netbios_name=None, targetdir=None, domain=None,
            machinepass=None, promote_existing=False, keep_existing=False):
        ctx.creds = creds
        ctx.lp = lp
        ctx.site = site


        ctx.promote_existing = promote_existing
        ctx.promote_from_dn = None
        ctx.keep_existing = keep_existing

        ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
        ctx.net = Net(creds=ctx.creds, lp=ctx.lp)

        ctx.promote_from_dn = res[0].dn


    def dc_account_exists(ctx):
        res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
                               expression='sAMAccountName=%s' % ldb.binary_encode(ctx.samname),
                               attrs=["msDS-krbTgtLink", "userAccountControl", "serverReferenceBL", "rIDSetReferences"])

        if len(res) == 0:
            print "Could not find domain account '%s'" % ctx.samname
        elif (int(res[0]["userAccountControl"][0]) & (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT|samba.dsdb.UF_SERVER_TRUST_ACCOUNT) != 0):
            raise Exception("Account %s is a domain member or a bare NT4 BDC, use 'samba-tool domain dcpromo' instead'" % ctx.samname)
        elif "msDS-krbTgtLink" in res[0] or "serverReferenceBL" in res[0] or "rIDSetReferences" in res[0]:
            print "Account '%s' appears to be an active DC" % ctx.samname

        if len(res) != 0:
            ctx.promote_from_dn = res[0].dn
            return True
        else
            return False


    def find_dc(ctx, domain):
        '''find a writeable DC for the given domain'''
        try:

    def do_join(ctx):
        if ctx.promote_existing:
            ctx.promote_possible()
        elif ctr.keep_existing and ctx.dc_account_exists():
            ctx.promote_existing = True
        else:
            ctx.cleanup_old_join()



def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
              targetdir=None, domain=None, domain_critical_only=False,
              machinepass=None, promote_existing=False, keep_existing=False):
    """join as a RODC"""

    ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
                  machinepass, promote_existing, keep_existing)

    lp.set("workgroup", ctx.domain_name)
    print("workgroup is %s" % ctx.domain_name)


def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
            targetdir=None, domain=None, domain_critical_only=False,
            machinepass=None, promote_existing=False, keep_existing=False):
    """join as a DC"""
    ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
                  machinepass, promote_existing, keep_existing)

    lp.set("workgroup", ctx.domain_name)
    print("workgroup is %s" % ctx.domain_name)

Lines 155-160 Link Here

(-)samba4-4.0.0~alpha17~git201110100928.orig/source4/scripting/python/samba/netcmd/domain.py (-2 / +6 lines)
155	Option("--domain-critical-only",	155	Option("--domain-critical-only",
156	help="only replicate critical domain objects",	156	help="only replicate critical domain objects",
157	action="store_true"),	157	action="store_true"),
		158	Option("--keep-existing",
		159	help="keep the SID during join",
		160	action="store_true"),
158	Option("--machinepass", type=str, metavar="PASSWORD",	161	Option("--machinepass", type=str, metavar="PASSWORD",
159	help="choose machine password (otherwise random)")	162	help="choose machine password (otherwise random)")
160	]	163	]
Lines 177-182 Link Here
177	role = role.upper()	180	role = role.upper()
178		181
179	if role is None or role == "MEMBER":	182	if role is None or role == "MEMBER":
		183	self.outf.write("ignoring option --keep-exising, currently not implemented for MEMBER\n")
180	(join_password, sid, domain_name) = net.join_member(domain,	184	(join_password, sid, domain_name) = net.join_member(domain,
181	netbios_name,	185	netbios_name,
182	LIBNET_JOIN_AUTOMATIC,	186	LIBNET_JOIN_AUTOMATIC,
Lines 188-200 Link Here
188	join_DC(server=server, creds=creds, lp=lp, domain=domain,	192	join_DC(server=server, creds=creds, lp=lp, domain=domain,
189	site=site, netbios_name=netbios_name, targetdir=targetdir,	193	site=site, netbios_name=netbios_name, targetdir=targetdir,
190	domain_critical_only=domain_critical_only,	194	domain_critical_only=domain_critical_only,
191	machinepass=machinepass)	195	machinepass=machinepass, keep_existing=keep_existing)
192	return	196	return
193	elif role == "RODC":	197	elif role == "RODC":
194	join_RODC(server=server, creds=creds, lp=lp, domain=domain,	198	join_RODC(server=server, creds=creds, lp=lp, domain=domain,
195	site=site, netbios_name=netbios_name, targetdir=targetdir,	199	site=site, netbios_name=netbios_name, targetdir=targetdir,
196	domain_critical_only=domain_critical_only,	200	domain_critical_only=domain_critical_only,
197	machinepass=machinepass)	201	machinepass=machinepass, keep_existing=keep_existing)
198	return	202	return
199	elif role == "SUBDOMAIN":	203	elif role == "SUBDOMAIN":
200	netbios_domain = lp.get("workgroup")	204	netbios_domain = lp.get("workgroup")

Return to bug 27027

Lines 50-56 Link Here

(-)samba4-4.0.0~alpha17~git201110100928.orig/source4/scripting/python/samba/join.py (-5 / +27 lines)
50		50
51	def __init__(ctx, server=None, creds=None, lp=None, site=None,	51	def __init__(ctx, server=None, creds=None, lp=None, site=None,
52	netbios_name=None, targetdir=None, domain=None,	52	netbios_name=None, targetdir=None, domain=None,
53	machinepass=None, promote_existing=False):	53	machinepass=None, promote_existing=False, keep_existing=False):
54	ctx.creds = creds	54	ctx.creds = creds
55	ctx.lp = lp	55	ctx.lp = lp
56	ctx.site = site	56	ctx.site = site
Lines 59-64 Link Here
59		59
60	ctx.promote_existing = promote_existing	60	ctx.promote_existing = promote_existing
61	ctx.promote_from_dn = None	61	ctx.promote_from_dn = None
		62	ctx.keep_existing = keep_existing
62		63
63	ctx.creds.set_gensec_features(creds.get_gensec_features() \| gensec.FEATURE_SEAL)	64	ctx.creds.set_gensec_features(creds.get_gensec_features() \| gensec.FEATURE_SEAL)
64	ctx.net = Net(creds=ctx.creds, lp=ctx.lp)	65	ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
Lines 220-225 Link Here
220	ctx.promote_from_dn = res[0].dn	221	ctx.promote_from_dn = res[0].dn
221		222
222		223
		224	def dc_account_exists(ctx):
		225	res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
		226	expression='sAMAccountName=%s' % ldb.binary_encode(ctx.samname),
		227	attrs=["msDS-krbTgtLink", "userAccountControl", "serverReferenceBL", "rIDSetReferences"])
		228
		229	if len(res) == 0:
		230	print "Could not find domain account '%s'" % ctx.samname
		231	elif (int(res[0]["userAccountControl"][0]) & (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT\|samba.dsdb.UF_SERVER_TRUST_ACCOUNT) != 0):
		232	raise Exception("Account %s is a domain member or a bare NT4 BDC, use 'samba-tool domain dcpromo' instead'" % ctx.samname)
		233	elif "msDS-krbTgtLink" in res[0] or "serverReferenceBL" in res[0] or "rIDSetReferences" in res[0]:
		234	print "Account '%s' appears to be an active DC" % ctx.samname
		235
		236	if len(res) != 0:
		237	ctx.promote_from_dn = res[0].dn
		238	return True
		239	else
		240	return False
		241
		242
223	def find_dc(ctx, domain):	243	def find_dc(ctx, domain):
224	'''find a writeable DC for the given domain'''	244	'''find a writeable DC for the given domain'''
225	try:	245	try:
Lines 868-873 Link Here
868	def do_join(ctx):	888	def do_join(ctx):
869	if ctx.promote_existing:	889	if ctx.promote_existing:
870	ctx.promote_possible()	890	ctx.promote_possible()
		891	elif ctr.keep_existing and ctx.dc_account_exists():
		892	ctx.promote_existing = True
871	else:	893	else:
872	ctx.cleanup_old_join()	894	ctx.cleanup_old_join()
873		895
Lines 888-898 Link Here
888		910
889	def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,	911	def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
890	targetdir=None, domain=None, domain_critical_only=False,	912	targetdir=None, domain=None, domain_critical_only=False,
891	machinepass=None, promote_existing=False):	913	machinepass=None, promote_existing=False, keep_existing=False):
892	"""join as a RODC"""	914	"""join as a RODC"""
893		915
894	ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,	916	ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
895	machinepass, promote_existing)	917	machinepass, promote_existing, keep_existing)
896		918
897	lp.set("workgroup", ctx.domain_name)	919	lp.set("workgroup", ctx.domain_name)
898	print("workgroup is %s" % ctx.domain_name)	920	print("workgroup is %s" % ctx.domain_name)
Lines 942-951 Link Here
942		964
943	def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,	965	def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
944	targetdir=None, domain=None, domain_critical_only=False,	966	targetdir=None, domain=None, domain_critical_only=False,
945	machinepass=None, promote_existing=False):	967	machinepass=None, promote_existing=False, keep_existing=False):
946	"""join as a DC"""	968	"""join as a DC"""
947	ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,	969	ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
948	machinepass, promote_existing)	970	machinepass, promote_existing, keep_existing)
949		971
950	lp.set("workgroup", ctx.domain_name)	972	lp.set("workgroup", ctx.domain_name)
951	print("workgroup is %s" % ctx.domain_name)	973	print("workgroup is %s" % ctx.domain_name)