Attachment #4273 for bug #26504

(-)univention-samba4/scripts/setup-s4.sh (-4 / +16 lines)

Lines 57-62	Link Here

				bindpwd="${!OPTIND}"

				bindpwd="${!OPTIND}"

				OPTIND=$((OPTIND+1))

				OPTIND=$((OPTIND+1))

;;

;;

			sitename)

				sitename="${!OPTIND}"

				OPTIND=$((OPTIND+1))

;;

			help)

			help)

				usage

				usage

;;

;;

Lines 146-155	Link Here

146

		DOMAIN_SID="$(univention-newsid)"

150

		DOMAIN_SID="$(univention-newsid)"

147

fi

151

fi

148

152

149

	/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \

153

	if [ -z "$sitename" ]; then

150

						--function-level="$samba4_function_level" \

154

		/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \

151

						--adminpass="$adminpw" --server-role='domain controller'	\

155

							--function-level="$samba4_function_level" \

152

						--machinepass="$(</etc/machine.secret)" 2>&1 | tee -a "$LOGFILE"

156

							--adminpass="$adminpw" --server-role='domain controller'	\

157

							--machinepass="$(</etc/machine.secret)" 2>&1 | tee -a "$LOGFILE"

158

	else

159

		/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \

160

							--function-level="$samba4_function_level" \

161

							--adminpass="$adminpw" --server-role='domain controller'	\

162

							--sitename="$sitename" \

163

							--machinepass="$(</etc/machine.secret)" 2>&1 | tee -a "$LOGFILE"

164

fi

153

165

154

else

166

else

155

167




			--ignore-exists
}

create_local_rid_pool() {
	numberofrids="$1"

	floor=2100
	ceil="$(($floor + $numberofrids - 1))"

	if [ "$ceil" -ge 5000 ]; then
		echo "ERROR: RID value must stay below minimum UDM-allocated rid (5002)"
		ceil=4999
	fi

	ridrange="$floor-$ceil"
	ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOF
		dn: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
		objectClass: rIDSet
		cn: RID Set
		showInAdvancedViewOnly: TRUE
		name: RID Set
		rIDAllocationPool: $ridrange
		rIDPreviousAllocationPool: $ridrange
		rIDUsedPool: 0
		rIDNextRID: $floor
		%EOF

	ldbmodify -H /var/lib/samba/private/sam.ldb <<-%EOF
		dn: CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
		changetype: modify
		replace: rIDSetReferences
		rIDSetReferences: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
		%EOF
}
### --- END helper functions ---

extract_binddn_and_bindpwd_from_args "$@"

			## site join
			create_site "$samba4_join_site"

			is_ucr_true samba4/provision/secondary
			if [ $? -eq 0 ]; then

				## site provision

				if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
					## Provision another instance of Samba4
					/usr/share/univention-samba4/scripts/setup-s4.sh "$@" --sitename "$samba4_join_site"

				if [ $? != 0 ]; then
					# try again with --server
					if [ -n "$samba4_dc" ]; then
						samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$samba4_dc" \
											--machinepass="$(cat /etc/machine.secret)" \
											--site="$samba4_join_site" \
											--domain-critical-only
					else
						samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$ldap_master" \
											--machinepass="$(cat /etc/machine.secret)" \
											--site="$samba4_join_site" \
											--domain-critical-only
					fi
				fi

				# create MicrosoftDNS container
				ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOT
					dn: CN=MicrosoftDNS,CN=System,$samba4_ldap_base
					objectClass: top
					objectClass: container
					cn: MicrosoftDNS
					%EOT

			else

				samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \

			fi
		fi

		is_ucr_true samba4/service/drepl
		if [ $? -eq 1 ]; then
			create_local_rid_pool 2000
		fi

		## Adding DNS records is currently necessary, probably this can be avoided with samba_dnsupdate
		## see https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#A_note_on_DNS_updates
		if [ -z "$samba4_join_site" ]; then

Return to bug 26504