[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sun Jun 24 10:11:01 MDT 2012
The branch, master has been updated
via c983ea8 s4-join: Setup correct DNS configuration
via 02cbc3f s4-samba_upgradedns: Do not set DNS account for internal server
via 01f5223 s4-join: Import DNS zones in AD DC join
via 0eab44c selftest: Test unix.whoami with kerberos on plugin_s4_dc
via f199c5d s4-classicupgrade: Allow DNS backend to be specified
via 73a33be s4-drepl: Ensure that the op->source does not get deallocated too early
from 763f9e8 selftest: schema is not automatically reloaded now so if you modify it you have to reload it
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c983ea8e5dc30111f6b8407307c3212635593949
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jun 24 21:10:34 2012 +1000
s4-join: Setup correct DNS configuration
This means we do not need to run samba_upgradedns any more.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Jun 24 18:10:10 CEST 2012 on sn-devel-104
commit 02cbc3fbb601cbbfc86a7048f6d5660d80f14df1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jun 24 20:52:06 2012 +1000
s4-samba_upgradedns: Do not set DNS account for internal server
The internal DNS server does not need the samba-only NAME-dns
account.
Andrew Bartlett
commit 01f52239dc8e13af6e5134667c55d8e0fb7b2f26
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jun 21 23:46:21 2012 +1000
s4-join: Import DNS zones in AD DC join
commit 0eab44c2978553bda303c43875d626fddf32363d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jun 24 18:16:48 2012 +1000
selftest: Test unix.whoami with kerberos on plugin_s4_dc
This also tests the comparison with LDAP on anonymous connections
and marks this as knownfail, while we investigate the correct
behaviour here.
Andrew Bartlett
commit f199c5dbc09912a185feda5aa87dc82e2800ad6a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Jun 24 16:31:37 2012 +1000
s4-classicupgrade: Allow DNS backend to be specified
commit 73a33be036fd7a903c9fecf077534cafe360e427
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 22 09:42:02 2012 +1000
s4-drepl: Ensure that the op->source does not get deallocated too early
We need to have the struct dreplsrv_partition_source_dsa around until the end of the
async op, so we use talloc_reference after carefully checking the callers and
making the modifications required.
This prevents a crash when replicating partitions in the vampire_dc test after
adding DNS replication at join time.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 1 +
source3/selftest/tests.py | 7 +-
source4/dsdb/repl/drepl_extended.c | 14 ++--
source4/dsdb/repl/drepl_out_pull.c | 20 ++++-
source4/dsdb/tests/python/acl.py | 2 +
source4/scripting/bin/samba_upgradedns | 64 +++++++-------
source4/scripting/python/samba/join.py | 74 +++++++++++++----
source4/scripting/python/samba/netcmd/domain.py | 30 +++++--
.../scripting/python/samba/provision/sambadns.py | 89 ++++++++++++++------
source4/scripting/python/samba/upgrade.py | 6 +-
source4/torture/unix/whoami.c | 20 +----
11 files changed, 214 insertions(+), 113 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 4206aa7..d7078d6 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -39,6 +39,7 @@
^samba3.raw.samba3checkfsp.samba3checkfsp\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.acls.generic\(s3dc\) # This fails against smbd
+^samba3.unix.whoami anonymous connection.whoami\(plugin_s4_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token
# these show that we still have some differences between our system
# with our internal iconv because it passes except when we bypass our
# internal iconv modules
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 11056b9..4aedbf8 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -303,8 +303,11 @@ for t in tests:
plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
elif t == "unix.whoami":
- plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
- plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:addc=true')
+ plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+ plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U%', description='anonymous connection')
+ plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:addc=true')
+ plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -k yes -U$USERNAME%$PASSWORD --option=torture:addc=true', description='kerberos connection')
+ plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U% --option=torture:addc=true', description='anonymous connection')
elif t == "raw.samba3posixtimedlock":
plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/s3dc/share')
plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/plugin_s4_dc/share')
diff --git a/source4/dsdb/repl/drepl_extended.c b/source4/dsdb/repl/drepl_extended.c
index 69cccb8..8735005 100644
--- a/source4/dsdb/repl/drepl_extended.c
+++ b/source4/dsdb/repl/drepl_extended.c
@@ -39,6 +39,7 @@
source_dsa_dn: the DN of the server that we are replicating from
*/
static WERROR drepl_create_extended_source_dsa(struct dreplsrv_service *service,
+ TALLOC_CTX *mem_ctx,
struct ldb_dn *nc_dn,
struct ldb_dn *source_dsa_dn,
uint64_t min_usn,
@@ -165,7 +166,7 @@ static void extended_op_callback(struct dreplsrv_service *service,
void *cb_data)
{
struct extended_op_data *data = talloc_get_type_abort(cb_data, struct extended_op_data);
- talloc_free(data->sdsa);
+ talloc_unlink(data, data->sdsa);
data->callback(service, err, exop_error, data->callback_data);
talloc_free(data);
}
@@ -184,23 +185,20 @@ WERROR drepl_request_extended_op(struct dreplsrv_service *service,
{
WERROR werr;
struct extended_op_data *data;
- struct dreplsrv_partition_source_dsa *sdsa;
-
- werr = drepl_create_extended_source_dsa(service, nc_dn, source_dsa_dn, min_usn, &sdsa);
- W_ERROR_NOT_OK_RETURN(werr);
data = talloc(service, struct extended_op_data);
W_ERROR_HAVE_NO_MEMORY(data);
+ werr = drepl_create_extended_source_dsa(service, data, nc_dn, source_dsa_dn, min_usn, &data->sdsa);
+ W_ERROR_NOT_OK_RETURN(werr);
+
data->callback = callback;
data->callback_data = callback_data;
- data->sdsa = sdsa;
- werr = dreplsrv_schedule_partition_pull_source(service, sdsa,
+ werr = dreplsrv_schedule_partition_pull_source(service, data->sdsa,
0, extended_op, fsmo_info,
extended_op_callback, data);
if (!W_ERROR_IS_OK(werr)) {
- talloc_free(sdsa);
talloc_free(data);
}
diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c
index 86b513d..58d8778 100644
--- a/source4/dsdb/repl/drepl_out_pull.c
+++ b/source4/dsdb/repl/drepl_out_pull.c
@@ -101,7 +101,25 @@ WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s,
W_ERROR_HAVE_NO_MEMORY(op);
op->service = s;
- op->source_dsa = source;
+ /*
+ * source may either be the long-term list of partners, or
+ * from dreplsrv_partition_source_dsa_temporary(). Because it
+ * can be either, we can't talloc_steal() it here, so we
+ * instead we reference it.
+ *
+ * We never talloc_free() the p->sources pointers - indeed we
+ * never remove them - and the temp source will otherwise go
+ * away with the msg it is allocated on.
+ *
+ * Finally the pointer created in drepl_request_extended_op()
+ * is removed with talloc_unlink().
+ *
+ */
+ op->source_dsa = talloc_reference(op, source);
+ if (!op->source_dsa) {
+ return WERR_NOMEM;
+ }
+
op->options = options;
op->extended_op = extended_op;
op->fsmo_info = fsmo_info;
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index bbd4343..94bc504 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -1627,6 +1627,7 @@ class AclSPNTests(AclTests):
# same as for join_RODC, but do not set any SPNs
def create_rodc(self, ctx):
+ ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
ctx.never_reveal_sid = [ "<SID=%s-%s>" % (ctx.domsid, security.DOMAIN_RID_RODC_DENY),
@@ -1656,6 +1657,7 @@ class AclSPNTests(AclTests):
ctx.join_add_objects()
def create_dc(self, ctx):
+ ctx.nc_list = [ ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
ctx.secure_channel_type = misc.SEC_CHAN_BDC
ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP |
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 831b81d..c1220bc 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -421,41 +421,41 @@ if __name__ == '__main__':
except Exception:
raise
- # Check if dns-HOSTNAME account exists and create it if required
- try:
- dn = 'samAccountName=dns-%s,CN=Principals' % hostname
- msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
- dnssecret = msg[0]['secret'][0]
- except Exception:
- logger.info("Adding dns-%s account" % hostname)
-
+ # Special stuff for DLZ backend
+ if opts.dns_backend == "BIND9_DLZ":
+ # Check if dns-HOSTNAME account exists and create it if required
try:
- msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
- expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=['clearTextPassword'])
- dn = msg[0].dn
- ldbs.sam.delete(dn)
+ dn = 'samAccountName=dns-%s,CN=Principals' % hostname
+ msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
+ dnssecret = msg[0]['secret'][0]
except Exception:
- pass
-
- dnspass = samba.generate_random_password(128, 255)
- setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
- "DNSDOMAIN": dnsdomain,
- "DOMAINDN": domaindn,
- "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
- "HOSTNAME" : hostname,
- "DNSNAME" : dnsname }
- )
-
- secretsdb_setup_dns(ldbs.secrets, names,
- paths.private_dir, realm=names.realm,
- dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
- else:
- logger.info("dns-%s account already exists" % hostname)
+ logger.info("Adding dns-%s account" % hostname)
+
+ try:
+ msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+ expression='(sAMAccountName=dns-%s)' % (hostname),
+ attrs=['clearTextPassword'])
+ dn = msg[0].dn
+ ldbs.sam.delete(dn)
+ except Exception:
+ pass
+
+ dnspass = samba.generate_random_password(128, 255)
+ setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {
+ "DNSDOMAIN": dnsdomain,
+ "DOMAINDN": domaindn,
+ "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
+ "HOSTNAME" : hostname,
+ "DNSNAME" : dnsname }
+ )
+
+ secretsdb_setup_dns(ldbs.secrets, names,
+ paths.private_dir, realm=names.realm,
+ dnsdomain=names.dnsdomain,
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ else:
+ logger.info("dns-%s account already exists" % hostname)
- # Special stuff for DLZ backend
- if opts.dns_backend == "BIND9_DLZ":
# This forces a re-creation of dns directory and all the files within
# It's an overkill, but it's easier to re-create a samdb copy, rather
# than trying to fix a broken copy.
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index a683ee6..9ef7d3d 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -28,6 +28,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.schema import Schema
from samba.net import Net
+from samba.provision.sambadns import setup_bind9_dns
import logging
import talloc
import random
@@ -47,13 +48,20 @@ class dc_join(object):
def __init__(ctx, server=None, creds=None, lp=None, site=None,
netbios_name=None, targetdir=None, domain=None,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
ctx.creds = creds
ctx.lp = lp
ctx.site = site
ctx.netbios_name = netbios_name
ctx.targetdir = targetdir
ctx.use_ntvfs = use_ntvfs
+ if dns_backend is None:
+ ctx.dns_backend = "NONE"
+ else:
+ ctx.dns_backend = dns_backend
+
+ ctx.nc_list = []
+ ctx.full_nc_list = []
ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
ctx.net = Net(creds=ctx.creds, lp=ctx.lp)
@@ -402,14 +410,14 @@ class dc_join(object):
if ctx.RODC:
rec["objectCategory"] = "CN=NTDS-DSA-RO,%s" % ctx.schema_dn
- rec["msDS-HasFullReplicaNCs"] = nc_list
+ rec["msDS-HasFullReplicaNCs"] = ctx.nc_list
rec["options"] = "37"
ctx.samdb.add(rec, ["rodc_join:1:1"])
else:
rec["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
rec["HasMasterNCs"] = nc_list
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
- rec["msDS-HasMasterNCs"] = nc_list
+ rec["msDS-HasMasterNCs"] = ctx.nc_list
rec["options"] = "1"
rec["invocationId"] = ndr_pack(ctx.invocation_id)
ctx.DsAddEntry([rec])
@@ -555,7 +563,7 @@ class dc_join(object):
rec2["objectCategory"] = "CN=NTDS-DSA,%s" % ctx.schema_dn
rec2["HasMasterNCs"] = nc_list
if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
- rec2["msDS-HasMasterNCs"] = nc_list
+ rec2["msDS-HasMasterNCs"] = ctx.nc_list
rec2["options"] = "1"
rec2["invocationId"] = ndr_pack(ctx.invocation_id)
@@ -596,7 +604,7 @@ class dc_join(object):
hostname=ctx.myname, domainsid=ctx.domsid,
machinepass=ctx.acct_pass, serverrole="domain controller",
sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
- use_ntvfs=ctx.use_ntvfs, dns_backend="NONE")
+ use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend)
print "Provision OK for domain DN %s" % presult.domaindn
ctx.local_samdb = presult.samdb
ctx.lp = presult.lp
@@ -635,7 +643,7 @@ class dc_join(object):
targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="domain controller",
lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6,
- dns_backend="BIND9_DLZ")
+ dns_backend=ctx.dns_backend)
print("Provision OK for domain %s" % ctx.names.dnsdomain)
def join_replicate(ctx):
@@ -687,6 +695,17 @@ class dc_join(object):
repl.replicate(ctx.base_dn, source_dsa_invocation_id,
destination_dsa_guid, rodc=ctx.RODC,
replica_flags=ctx.domain_replica_flags)
+
+ if 'DC=DomainDnsZones,%s' % ctx.base_dn in ctx.nc_list:
+ repl.replicate('DC=DomainDnsZones,%s' % ctx.base_dn, source_dsa_invocation_id,
+ destination_dsa_guid, rodc=ctx.RODC,
+ replica_flags=ctx.replica_flags)
+
+ if 'DC=ForestDnsZones,%s' % ctx.root_dn in ctx.nc_list:
+ repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id,
+ destination_dsa_guid, rodc=ctx.RODC,
+ replica_flags=ctx.replica_flags)
+
if ctx.RODC:
repl.replicate(ctx.acct_dn, source_dsa_invocation_id,
destination_dsa_guid,
@@ -723,10 +742,12 @@ class dc_join(object):
def join_finalise(ctx):
'''finalise the join, mark us synchronised and setup secrets db'''
+ logger = logging.getLogger("provision")
+ logger.addHandler(logging.StreamHandler(sys.stdout))
+
print "Sending DsReplicateUpdateRefs for all the partitions"
- ctx.send_DsReplicaUpdateRefs(ctx.schema_dn)
- ctx.send_DsReplicaUpdateRefs(ctx.config_dn)
- ctx.send_DsReplicaUpdateRefs(ctx.base_dn)
+ for nc in ctx.full_nc_list:
+ ctx.send_DsReplicaUpdateRefs(nc)
print "Setting isSynchronized and dsServiceName"
m = ldb.Message()
@@ -751,6 +772,15 @@ class dc_join(object):
secure_channel_type=ctx.secure_channel_type,
key_version_number=ctx.key_version_number)
+ if ctx.dns_backend.startswith("BIND9_"):
+ dnspass = samba.generate_random_password(128, 255)
+
+ setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid),
+ ctx.names, ctx.paths, ctx.lp, logger,
+ dns_backend=ctx.dns_backend,
+ dnspass=dnspass, os_level=ctx.behavior_version,
+ targetdir=ctx.targetdir)
+
def join_setup_trusts(ctx):
'''provision the local SAM'''
@@ -865,6 +895,20 @@ class dc_join(object):
def do_join(ctx):
+ ctx.nc_list = [ ctx.config_dn, ctx.schema_dn ]
+ ctx.full_nc_list = [ctx.base_dn, ctx.config_dn, ctx.schema_dn ]
+
+ if not ctx.subdomain:
+ ctx.nc_list += [ctx.base_dn]
+ if ctx.dns_backend != "NONE":
+ ctx.nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
+
+ if ctx.dns_backend != "NONE":
+ ctx.full_nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
+ ctx.full_nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
+ ctx.nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
+
+
ctx.cleanup_old_join()
try:
ctx.join_add_objects()
@@ -883,11 +927,11 @@ class dc_join(object):
def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
"""join as a RODC"""
ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
- machinepass, use_ntvfs)
+ machinepass, use_ntvfs, dns_backend)
lp.set("workgroup", ctx.domain_name)
print("workgroup is %s" % ctx.domain_name)
@@ -937,10 +981,10 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
"""join as a DC"""
ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
- machinepass, use_ntvfs)
+ machinepass, use_ntvfs, dns_backend)
lp.set("workgroup", ctx.domain_name)
print("workgroup is %s" % ctx.domain_name)
@@ -967,10 +1011,10 @@ def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
def join_subdomain(server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, parent_domain=None, dnsdomain=None, netbios_domain=None,
- machinepass=None, use_ntvfs=False):
+ machinepass=None, use_ntvfs=False, dns_backend=None):
"""join as a DC"""
ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain,
- machinepass, use_ntvfs)
+ machinepass, use_ntvfs, dns_backend)
ctx.subdomain = True
ctx.parent_domain_name = ctx.domain_name
ctx.domain_name = netbios_domain
diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py
index e4b1241..4e73a29 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -148,15 +148,21 @@ class cmd_domain_join(Command):
Option("--machinepass", type=str, metavar="PASSWORD",
help="choose machine password (otherwise random)"),
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
- action="store_true")
- ]
+ action="store_true"),
+ Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
+ choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server, " \
+ "BIND9_DLZ uses samba4 AD to store zone information (default), " \
+ "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
+ default="BIND9_DLZ")
+ ]
takes_args = ["domain", "role?"]
def run(self, domain, role=None, sambaopts=None, credopts=None,
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None,
- use_ntvfs=False):
+ use_ntvfs=False, dns_backend=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -181,13 +187,13 @@ class cmd_domain_join(Command):
join_DC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
- machinepass=machinepass, use_ntvfs=use_ntvfs)
+ machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
return
elif role == "RODC":
join_RODC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
- machinepass=machinepass, use_ntvfs=use_ntvfs)
+ machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
return
elif role == "SUBDOMAIN":
netbios_domain = lp.get("workgroup")
@@ -195,7 +201,7 @@ class cmd_domain_join(Command):
parent_domain = ".".join(domain.split(".")[1:])
join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain, parent_domain=parent_domain,
site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir,
- machinepass=machinepass, use_ntvfs=use_ntvfs)
+ machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
return
else:
raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
@@ -839,12 +845,20 @@ class cmd_domain_classicupgrade(Command):
Option("--verbose", help="Be verbose", action="store_true"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"], metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto"),
+ Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
+ choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server, " \
+ "BIND9_FLATFILE uses bind9 text database to store zone information, " \
+ "BIND9_DLZ uses samba4 AD to store zone information (default), " \
+ "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
+ default="BIND9_DLZ")
]
takes_args = ["smbconf"]
def run(self, smbconf=None, targetdir=None, dbdir=None, testparm=None,
- quiet=False, verbose=False, use_xattrs=None, sambaopts=None, versionopts=None):
+ quiet=False, verbose=False, use_xattrs=None, sambaopts=None, versionopts=None,
+ dns_backend=None):
if not os.path.exists(smbconf):
raise CommandError("File %s does not exist" % smbconf)
@@ -928,7 +942,7 @@ class cmd_domain_classicupgrade(Command):
logger.info("Provisioning")
upgrade_from_samba3(samba3, logger, targetdir, session_info=system_session(),
- useeadb=eadb)
+ useeadb=eadb, dns_backend=dns_backend)
class cmd_domain(SuperCommand):
"""Domain management"""
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py
index 5c3e6ba..257efd6 100644
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -1011,30 +1011,65 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_back
domainguid, names.ntdsguid, dnsadmins_sid)
if dns_backend.startswith("BIND9_"):
- secretsdb_setup_dns(secretsdb, names,
- paths.private_dir, realm=names.realm,
- dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
-
- create_dns_dir(logger, paths)
-
- if dns_backend == "BIND9_FLATFILE":
- create_zone_file(lp, logger, paths, targetdir, site=site,
- dnsdomain=names.dnsdomain, hostip=hostip, hostip6=hostip6,
--
Samba Shared Repository
More information about the samba-cvs
mailing list