View | Details | Raw Unified | Return to bug 38983 | Differences between
and this patch

Collapse All | Expand All

(-)takeover.py (-13 / +36 lines)
 Lines 1408-1414    Link Here 
1408 
		if not "hosts/static/%s" % self.ad_server_ip in self.ucr:
 1408 
		if not "hosts/static/%s" % self.ad_server_ip in self.ucr:
1409 
			msg=[]
 1409 
			msg=[]
1410 
			msg.append("")
 1410 
			msg.append("")
1411 
			msg.append("Error: given IP %s was not mapped to a hostname in phase I.")
 1411 
			msg.append("Error: given IP %s was not mapped to a hostname in phase I." % (self.ad_server_ip,))
1412 
			msg.append("       Please complete phase I of the takeover before initiating the FSMO takeover.")
 1412 
			msg.append("       Please complete phase I of the takeover before initiating the FSMO takeover.")
1413 
			log.error("\n".join(msg))
 1413 
			log.error("\n".join(msg))
1414 
			raise TakeoverError(_("The Active Directory domain join was not completed successfully yet."))
 1414 
			raise TakeoverError(_("The Active Directory domain join was not completed successfully yet."))
 Lines 1732-1738    Link Here 
1732 
		if dns_SPN_account_password[0] == '-':	## avoid passing an option
 1732 
		if dns_SPN_account_password[0] == '-':	## avoid passing an option
1733 
			dns_SPN_account_password= '#%s' % dns_SPN_account_password
 1733 
			dns_SPN_account_password= '#%s' % dns_SPN_account_password
1734 
		dns_SPN_account_name = "dns-%s" % self.ucr["hostname"]
 1734 
		dns_SPN_account_name = "dns-%s" % self.ucr["hostname"]
1735 
		run_and_output_to_log(["samba-tool", "user", "add", dns_SPN_account_name, dns_SPN_account_password], log.debug, print_commandline = False)
 1735 

            

            

              
              

              1736
              
		dnsKeyVersion = 1	## default

            

            


              1737
              
		msgs = self.samdb.search(base="CN=%s,CN=Users,%s" % (dns_SPN_account_name, self.ucr["samba4/ldap/base"]), scope=samba.ldb.SCOPE_BASE,

            

            


              1738
              
							attrs=["msDS-KeyVersionNumber"])

            

            


              1739
              
		if msgs:

            

            


              1740
              
			log.warn("CN=%s,CN=User already exists in sam.ldb" % dns_SPN_account_name)

            

            


              1741
              
			run_and_output_to_log(["samba-tool", "user", "setpassword", dns_SPN_account_name, "--newpassword=%s" % (dns_SPN_account_password, )], log.debug, print_commandline = False)

            

            


              1742
              
		else:

            

            


              1743
              
			returncode = run_and_output_to_log(["samba-tool", "user", "add", dns_SPN_account_name, dns_SPN_account_password], log.debug, print_commandline = False)

            

            


              1744
              
			if returncode != 0:

            

            


              1745
              
				log.error("Adding CN=%s,CN=User failed!" % dns_SPN_account_name)

            

            


              1746
              
				return

            

            


              1747
              

            

        

          1736
          
		run_and_output_to_log(["samba-tool", "user", "setexpiry", "--noexpiry", dns_SPN_account_name], log.debug)

          1748
          
		run_and_output_to_log(["samba-tool", "user", "setexpiry", "--noexpiry", dns_SPN_account_name], log.debug)

        

        

          1737
          
		delta = ldb.Message()

          1749
          
		delta = ldb.Message()

        

        

          1738
          
		delta.dn = ldb.Dn(self.samdb, "CN=%s,CN=Users,%s" % (dns_SPN_account_name, self.ucr["samba4/ldap/base"]))

          1750
          
		delta.dn = ldb.Dn(self.samdb, "CN=%s,CN=Users,%s" % (dns_SPN_account_name, self.ucr["samba4/ldap/base"]))

        

  

    

    

       Lines 1739-1745
       
    
  Link Here 
    

  

        

          1739
          
		delta["servicePrincipalName"] = ldb.MessageElement("DNS/%s" % self.local_fqdn, ldb.FLAG_MOD_REPLACE, "servicePrincipalName")

          1751
          
		delta["servicePrincipalName"] = ldb.MessageElement("DNS/%s" % self.local_fqdn, ldb.FLAG_MOD_REPLACE, "servicePrincipalName")

        

        

          1740
          
		self.samdb.modify(delta)

          1752
          
		self.samdb.modify(delta)

        

        

          1741
          

          1753
          

        

            

              1742
              
		dnsKeyVersion = 1	## default

              
              
            

        

          1743
          
		msgs = self.samdb.search(base="CN=%s,CN=Users,%s" % (dns_SPN_account_name, self.ucr["samba4/ldap/base"]), scope=samba.ldb.SCOPE_BASE,

          1754
          
		msgs = self.samdb.search(base="CN=%s,CN=Users,%s" % (dns_SPN_account_name, self.ucr["samba4/ldap/base"]), scope=samba.ldb.SCOPE_BASE,

        

        

          1744
          
							attrs=["msDS-KeyVersionNumber"])

          1755
          
							attrs=["msDS-KeyVersionNumber"])

        

        

          1745
          
		if msgs:

          1756
          
		if msgs:

        

  

    

    

       Lines 1747-1762
       
    
  Link Here 
    

  

        

          1747
          
			dnsKeyVersion = obj["msDS-KeyVersionNumber"][0]

          1758
          
			dnsKeyVersion = obj["msDS-KeyVersionNumber"][0]

        

        

          1748
          

          1759
          

        

        

          1749
          
		secretsdb = samba.Ldb(os.path.join(SAMBA_PRIVATE_DIR, "secrets.ldb"), session_info=system_session(self.lp), lp=self.lp)

          1760
          
		secretsdb = samba.Ldb(os.path.join(SAMBA_PRIVATE_DIR, "secrets.ldb"), session_info=system_session(self.lp), lp=self.lp)

        

          
            

              1750
              
		secretsdb.add({"dn": "samAccountName=%s,CN=Principals" % dns_SPN_account_name,


              1761
              
		msgs = secretsdb.search(base="samAccountName=%s,CN=Principals" % (dns_SPN_account_name,), scope=samba.ldb.SCOPE_BASE,

            

            

              1751
              
			"objectClass": "kerberosSecret",


              1762
              
							attrs=["msDS-KeyVersionNumber"])

            

            

              1752
              
			"privateKeytab": "dns.keytab",


              1763
              
		if msgs:

            

            

              1753
              
			"realm": self.ucr["kerberos/realm"],


              1764
              
			log.warn("samAccountName=%s,CN=Principals already exists in secrets.ldb" % dns_SPN_account_name)

            

            

              1754
              
			"sAMAccountName": dns_SPN_account_name,


              1765
              
			if "msDS-KeyVersionNumber" in obj:

            

            

              1755
              
			"secret": dns_SPN_account_password,


              1766
              
				if dnsKeyVersion != obj["msDS-KeyVersionNumber"][0]:

            

            

              1756
              
			"servicePrincipalName": "DNS/%s" % self.local_fqdn,


              1767
              
					delta = ldb.Message()

            

            

              1757
              
			"saltPrincipal": "DNS/%s@%s" % (self.local_fqdn, self.ucr["kerberos/realm"]),


              1768
              
					delta.dn = obj.dn

            

            

              1758
              
			"name": dns_SPN_account_name,


              1769
              
					delta["secret"] = ldb.MessageElement(dns_SPN_account_password, ldb.FLAG_MOD_REPLACE, "secret")

            

            

              1759
              
			"msDS-KeyVersionNumber": dnsKeyVersion})


              1770
              
					delta["kvno"] = ldb.MessageElement(dnsKeyVersion, ldb.FLAG_MOD_REPLACE, "msDS-KeyVersionNumber")

            

            

              
              

              1771
              
					secretsdb.modify(delta)

            

            


              1772
              
		else:

            

            


              1773
              
			secretsdb.add({"dn": "samAccountName=%s,CN=Principals" % dns_SPN_account_name,

            

            


              1774
              
				"objectClass": "kerberosSecret",

            

            


              1775
              
				"privateKeytab": "dns.keytab",

            

            


              1776
              
				"realm": self.ucr["kerberos/realm"],

            

            


              1777
              
				"sAMAccountName": dns_SPN_account_name,

            

            


              1778
              
				"secret": dns_SPN_account_password,

            

            


              1779
              
				"servicePrincipalName": "DNS/%s" % self.local_fqdn,

            

            


              1780
              
				"saltPrincipal": "DNS/%s@%s" % (self.local_fqdn, self.ucr["kerberos/realm"]),

            

            


              1781
              
				"name": dns_SPN_account_name,

            

            


              1782
              
				"msDS-KeyVersionNumber": dnsKeyVersion})

            

        

          1760
          

          1783
          

        

        

          1761
          
		# returncode = run_and_output_to_log(["/usr/share/univention-samba4/scripts/create_dns-host_spn.py"], log.debug)

          1784
          
		# returncode = run_and_output_to_log(["/usr/share/univention-samba4/scripts/create_dns-host_spn.py"], log.debug)

        

        

          1762
          
		# if returncode != 0:

          1785
          
		# if returncode != 0:

        






  

  Return to bug 38983