Univention Bugzilla – Attachment 4523 Details for
Bug 27027
Samba 4 Migration
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Upstream dcpromo Patch, angepasst auf die aktuelle UCS Codebasis
dcpromo.patch (text/plain), 9.40 KB, created by
Arvid Requate
on 2012-07-10 16:53 CEST
(
hide
)
Description:
Upstream dcpromo Patch, angepasst auf die aktuelle UCS Codebasis
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2012-07-10 16:53 CEST
Size:
9.40 KB
patch
obsolete
>diff -Nuar samba4-4.0.0~alpha17~git201110100928.orig/source4/scripting/python/samba/join.py samba4-4.0.0~alpha17~git201110100928/source4/scripting/python/samba/join.py >--- samba4-4.0.0~alpha17~git201110100928.orig/source4/scripting/python/samba/join.py 2012-07-04 07:27:21.000000000 +0200 >+++ samba4-4.0.0~alpha17~git201110100928/source4/scripting/python/samba/join.py 2012-07-04 08:25:18.000000000 +0200 >@@ -50,13 +50,16 @@ > > def __init__(ctx, server=None, creds=None, lp=None, site=None, > netbios_name=None, targetdir=None, domain=None, >- machinepass=None): >+ machinepass=None, promote_existing=False): > ctx.creds = creds > ctx.lp = lp > ctx.site = site > ctx.netbios_name = netbios_name > ctx.targetdir = targetdir > >+ ctx.promote_existing = promote_existing >+ ctx.promote_from_dn = None >+ > ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL) > ctx.net = Net(creds=ctx.creds, lp=ctx.lp) > >@@ -198,6 +201,25 @@ > except Exception: > pass > >+ def promote_possible(ctx): >+ '''confirm that the account is just a bare NT4 BDC or a member server, so can be safely promoted''' >+ if ctx.subdomain: >+ # This shouldn't happen >+ raise Exception("Can not promote into a subdomain") >+ >+ res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), >+ expression='sAMAccountName=%s' % ldb.binary_encode(ctx.samname), >+ attrs=["msDS-krbTgtLink", "userAccountControl", "serverReferenceBL", "rIDSetReferences"]) >+ if len(res) == 0: >+ raise Exception("Could not find domain member account '%s' to promote to a DC, use 'samba-tool domain join' instead'" % ctx.samname) >+ if "msDS-krbTgtLink" in res[0] or "serverReferenceBL" in res[0] or "rIDSetReferences" in res[0]: >+ raise Exception("Account '%s' appears to be an active DC, use 'samba-tool domain join' if you must re-create this account" % ctx.samname) >+ if (int(res[0]["userAccountControl"][0]) & (samba.dsdb.UF_WORKSTATION_TRUST_ACCOUNT|samba.dsdb.UF_SERVER_TRUST_ACCOUNT) == 0): >+ raise Exception("Account %s is not a domain member or a bare NT4 BDC, use 'samba-tool domain join' instead'" % ctx.samname) >+ >+ ctx.promote_from_dn = res[0].dn >+ >+ > def find_dc(ctx, domain): > '''find a writeable DC for the given domain''' > try: >@@ -431,13 +453,29 @@ > "dnshostname" : ctx.dnshostname} > if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2008: > rec['msDS-SupportedEncryptionTypes'] = str(samba.dsdb.ENC_ALL_TYPES) >+ elif ctx.promote_existing: >+ rec['msDS-SupportedEncryptionTypes'] = [] > if ctx.managedby: > rec["managedby"] = ctx.managedby >+ elif ctx.promote_existing: >+ rec["managedby"] = [] >+ > if ctx.never_reveal_sid: > rec["msDS-NeverRevealGroup"] = ctx.never_reveal_sid >+ elif ctx.promote_existing: >+ rec["msDS-NeverRevealGroup"] = [] >+ > if ctx.reveal_sid: > rec["msDS-RevealOnDemandGroup"] = ctx.reveal_sid >- ctx.samdb.add(rec) >+ elif ctx.promote_existing: >+ rec["msDS-RevealOnDemandGroup"] = [] >+ >+ if ctx.promote_existing: >+ if ctx.promote_from_dn != ctx.acct_dn: >+ ctx.samdb.rename(ctx.promote_from_dn, ctx.acct_dn) >+ ctx.samdb.modify(ldb.Message.from_dict(ctx.samdb, rec, ldb.FLAG_MOD_REPLACE)) >+ else: >+ ctx.samdb.add(rec) > > if ctx.krbtgt_dn: > ctx.add_krbtgt_account() >@@ -491,7 +529,7 @@ > for i in range(len(ctx.SPNs)): > ctx.SPNs[i] = ctx.SPNs[i].replace("$NTDSGUID", str(ctx.ntds_guid)) > m["servicePrincipalName"] = ldb.MessageElement(ctx.SPNs, >- ldb.FLAG_MOD_ADD, >+ ldb.FLAG_MOD_REPLACE, > "servicePrincipalName") > ctx.samdb.modify(m) > >@@ -828,7 +866,11 @@ > > > def do_join(ctx): >- ctx.cleanup_old_join() >+ if ctx.promote_existing: >+ ctx.promote_possible() >+ else: >+ ctx.cleanup_old_join() >+ > try: > ctx.join_add_objects() > ctx.join_provision() >@@ -846,11 +888,11 @@ > > def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None, > targetdir=None, domain=None, domain_critical_only=False, >- machinepass=None): >+ machinepass=None, promote_existing=False): > """join as a RODC""" > > ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, >- machinepass) >+ machinepass, promote_existing) > > lp.set("workgroup", ctx.domain_name) > print("workgroup is %s" % ctx.domain_name) >@@ -900,10 +942,10 @@ > > def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None, > targetdir=None, domain=None, domain_critical_only=False, >- machinepass=None): >+ machinepass=None, promote_existing=False): > """join as a DC""" > ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain, >- machinepass) >+ machinepass, promote_existing) > > lp.set("workgroup", ctx.domain_name) > print("workgroup is %s" % ctx.domain_name) >diff -Nuar samba4-4.0.0~alpha17~git201110100928.orig/source4/scripting/python/samba/netcmd/domain.py samba4-4.0.0~alpha17~git201110100928/source4/scripting/python/samba/netcmd/domain.py >--- samba4-4.0.0~alpha17~git201110100928.orig/source4/scripting/python/samba/netcmd/domain.py 2012-07-04 07:27:21.000000000 +0200 >+++ samba4-4.0.0~alpha17~git201110100928/source4/scripting/python/samba/netcmd/domain.py 2012-07-04 08:26:14.000000000 +0200 >@@ -76,6 +76,72 @@ > > > >+class cmd_domain_dcpromo(Command): >+ """Promotes an existing domain member or NT4 PDC to an AD DC""" >+ >+ synopsis = "%prog <dnsdomain> [DC|RODC] [options]" >+ >+ takes_optiongroups = { >+ "sambaopts": options.SambaOptions, >+ "versionopts": options.VersionOptions, >+ "credopts": options.CredentialsOptions, >+ } >+ >+ takes_options = [ >+ Option("--server", help="DC to join", type=str), >+ Option("--site", help="site to join", type=str), >+ Option("--targetdir", help="where to store provision", type=str), >+ Option("--domain-critical-only", >+ help="only replicate critical domain objects", >+ action="store_true"), >+ Option("--machinepass", type=str, metavar="PASSWORD", >+ help="choose machine password (otherwise random)"), >+ Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)", >+ action="store_true"), >+ Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", >+ choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"], >+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server, " \ >+ "BIND9_DLZ uses samba4 AD to store zone information (default), " \ >+ "NONE skips the DNS setup entirely (this DC will not be a DNS server)", >+ default="BIND9_DLZ") >+ ] >+ >+ takes_args = ["domain", "role?"] >+ >+ def run(self, domain, role=None, sambaopts=None, credopts=None, >+ versionopts=None, server=None, site=None, targetdir=None, >+ domain_critical_only=False, parent_domain=None, machinepass=None, >+ use_ntvfs=False, dns_backend=None): >+ lp = sambaopts.get_loadparm() >+ creds = credopts.get_credentials(lp) >+ net = Net(creds, lp, server=credopts.ipaddress) >+ >+ if site is None: >+ site = "Default-First-Site-Name" >+ >+ netbios_name = lp.get("netbios name") >+ >+ if not role is None: >+ role = role.upper() >+ >+ if role == "DC": >+ join_DC(server=server, creds=creds, lp=lp, domain=domain, >+ site=site, netbios_name=netbios_name, targetdir=targetdir, >+ domain_critical_only=domain_critical_only, >+ machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, >+ promote_existing=True) >+ return >+ elif role == "RODC": >+ join_RODC(server=server, creds=creds, lp=lp, domain=domain, >+ site=site, netbios_name=netbios_name, targetdir=targetdir, >+ domain_critical_only=domain_critical_only, >+ machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend, >+ promote_existing=True) >+ return >+ else: >+ raise CommandError("Invalid role '%s' (possible values: DC, RODC)" % role) >+ >+ > class cmd_domain_join(Command): > """Joins domain as either member or backup domain controller *""" > >@@ -642,6 +708,7 @@ > subcommands = {} > subcommands["exportkeytab"] = cmd_domain_export_keytab() > subcommands["join"] = cmd_domain_join() >+ subcommands["dcpromo"] = cmd_domain_dcpromo() > subcommands["level"] = cmd_domain_level() > subcommands["machinepassword"] = cmd_domain_machinepassword() > subcommands["passwordsettings"] = cmd_domain_passwordsettings()
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 27027
: 4523 |
4524
|
4525