[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Mon Sep 16 23:34:03 CEST 2013
The branch, master has been updated
via ef830f7 samba-tool domain join: Set server role correctly to "active directory domain controller"
via f75dc8f s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
via 1d92d5b samba-tool domian join: Only print adminpass warning on subdomain creation
via 84dc9f8 samba-tool domain join: Add --quite and --verbose
via 35e56d2 dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
via 650eca0 join.py: Restore support for joining as a subdomain
via cccc0de dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
via 3af4f03 join.py: Handle more error cases with useful exceptions
via a5e4c45 samba-tool domain join subdomain: Set "reveal_internals:0" control so we can see the ncName
via 347b2c6 ldb: Show the type of failing operation in default error message
via bbeca62 join.py: Show which database we failed to find the DN on (clarify local v remote)
via ccb1beb join.py: Handle exceptions when looking for GUID in a DN
from 20999fc tdb: Fix some typos in comments.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ef830f7e7107cd5287903d83519588c9d31b526f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 9 12:15:36 2013 +1200
samba-tool domain join: Set server role correctly to "active directory domain controller"
We changed the magic string when we reworked the list of server roles.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
commit f75dc8f4a54581ed207e7caa2e52211ea24e3554
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 9 09:57:27 2013 +1200
s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1d92d5b19b36ddf15a70e3110caabfe06ba78619
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 9 09:56:58 2013 +1200
samba-tool domian join: Only print adminpass warning on subdomain creation
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 84dc9f8cc17d49bef5b9c37fd818c7599bf5897a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 9 09:53:37 2013 +1200
samba-tool domain join: Add --quite and --verbose
This means we now use logger consistently between doimin join, domain dcpromo
and domain provision.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 35e56d2b71b1dcd906baa70509ec50af39504b5a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 6 15:46:36 2013 +1200
dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 650eca0e061c731614b5fa49756872d11b7b67f0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 6 15:46:05 2013 +1200
join.py: Restore support for joining as a subdomain
This set of patches fixes up the errors that were introduced into the partial support
during the past couple of years.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit cccc0dee04e2e3aecd82ed4cf887f9e36dd4962d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 6 15:39:50 2013 +1200
dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3af4f0377e1ff8b23d415bc4b241bf8cb83c130c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 6 15:38:36 2013 +1200
join.py: Handle more error cases with useful exceptions
This will help track down strange failures in the future.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a5e4c4520af9f7a99aac4117d1225c85b891554d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 16 10:23:07 2013 -0700
samba-tool domain join subdomain: Set "reveal_internals:0" control so we can see the ncName
The issue here is that we create the ncName remotely with DsAddEntry,
and then replicate it back. However, at this point the naming context
pointed at by the ncName does not exist! The issue is that the
extended_dn_out module then hides the link, because it points to a
missing object. The reveal_internals control forces this link to be
returned, and so we can then find the GUID, to create the domain with
the right GUID.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 347b2c65a4b8c219cfdae3306fdc3d793980cbed
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 6 15:37:30 2013 +1200
ldb: Show the type of failing operation in default error message
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit bbeca62ccf4943a93cf6546864439f75e6fd222c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 4 13:03:37 2013 +1200
join.py: Show which database we failed to find the DN on (clarify local v remote)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ccb1beb9a30a413fcf5b85b273b789db15b6be56
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 3 17:41:42 2013 +1200
join.py: Handle exceptions when looking for GUID in a DN
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb_modules.c | 27 +++++++-
python/samba/join.py | 95 ++++++++++++++-----------
python/samba/netcmd/domain.py | 59 ++++++++++++----
source4/dsdb/samdb/ldb_modules/objectclass.c | 54 ++++----------
source4/dsdb/samdb/ldb_modules/util.c | 13 ++++
source4/rpc_server/drsuapi/drsutil.c | 2 +-
6 files changed, 154 insertions(+), 96 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
index 4403656..a39b12d 100644
--- a/lib/ldb/common/ldb_modules.c
+++ b/lib/ldb/common/ldb_modules.c
@@ -554,8 +554,33 @@ int ldb_next_request(struct ldb_module *module, struct ldb_request *request)
return ret;
}
if (!ldb_errstring(module->ldb)) {
+ const char *op;
+ switch (request->operation) {
+ case LDB_SEARCH:
+ op = "LDB_SEARCH";
+ break;
+ case LDB_ADD:
+ op = "LDB_ADD";
+ break;
+ case LDB_MODIFY:
+ op = "LDB_MODIFY";
+ break;
+ case LDB_DELETE:
+ op = "LDB_DELETE";
+ break;
+ case LDB_RENAME:
+ op = "LDB_RENAME";
+ break;
+ case LDB_EXTENDED:
+ op = "LDB_EXTENDED";
+ break;
+ default:
+ op = "request";
+ break;
+ }
+
/* Set a default error string, to place the blame somewhere */
- ldb_asprintf_errstring(module->ldb, "error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret);
+ ldb_asprintf_errstring(module->ldb, "error in module %s: %s during %s (%d)", module->ops->name, ldb_strerror(ret), op, ret);
}
if (!(request->handle->flags & LDB_HANDLE_FLAG_DONE_CALLED)) {
diff --git a/python/samba/join.py b/python/samba/join.py
index b2f4da4..15db67f 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -49,10 +49,11 @@ class DCJoinException(Exception):
class dc_join(object):
"""Perform a DC join."""
- def __init__(ctx, server=None, creds=None, lp=None, site=None,
+ def __init__(ctx, logger=None, server=None, creds=None, lp=None, site=None,
netbios_name=None, targetdir=None, domain=None,
machinepass=None, use_ntvfs=False, dns_backend=None,
promote_existing=False):
+ ctx.logger = logger
ctx.creds = creds
ctx.lp = lp
ctx.site = site
@@ -72,9 +73,9 @@ class dc_join(object):
if server is not None:
ctx.server = server
else:
- print("Finding a writeable DC for domain '%s'" % domain)
+ ctx.logger.info("Finding a writeable DC for domain '%s'" % domain)
ctx.server = ctx.find_dc(domain)
- print("Found DC %s" % ctx.server)
+ ctx.logger.info("Found DC %s" % ctx.server)
ctx.samdb = SamDB(url="ldap://%s" % ctx.server,
session_info=system_session(),
@@ -154,6 +155,7 @@ class dc_join(object):
ctx.drsuapi = None
ctx.managedby = None
ctx.subdomain = False
+ ctx.adminpass = None
def del_noerror(ctx, dn, recursive=False):
if recursive:
@@ -302,8 +304,12 @@ class dc_join(object):
res = ctx.samdb.search(base='CN=Partitions,%s' % ctx.config_dn, attrs=['fSMORoleOwner'],
scope=ldb.SCOPE_BASE, controls=["extended_dn:1:1"])
if not 'fSMORoleOwner' in res[0]:
- raise DCJoinException("Can't find naming master on partition DN %s" % ctx.partition_dn)
- master_guid = str(misc.GUID(ldb.Dn(ctx.samdb, res[0]['fSMORoleOwner'][0]).get_extended_component('GUID')))
+ raise DCJoinException("Can't find naming master on partition DN %s in %s" % (ctx.partition_dn, ctx.samdb.url))
+ try:
+ master_guid = str(misc.GUID(ldb.Dn(ctx.samdb, res[0]['fSMORoleOwner'][0]).get_extended_component('GUID')))
+ except KeyError:
+ raise DCJoinException("Can't find GUID in naming master on partition DN %s" % res[0]['fSMORoleOwner'][0])
+
master_host = '%s._msdcs.%s' % (master_guid, ctx.dnsforest)
return master_host
@@ -709,17 +715,15 @@ class dc_join(object):
print "Calling bare provision"
- logger = logging.getLogger("provision")
- logger.addHandler(logging.StreamHandler(sys.stdout))
smbconf = ctx.lp.configfile
- presult = provision(logger, system_session(), None, smbconf=smbconf,
+ presult = provision(ctx.logger, system_session(), None, smbconf=smbconf,
targetdir=ctx.targetdir, samdb_fill=FILL_DRS, realm=ctx.realm,
rootdn=ctx.root_dn, domaindn=ctx.base_dn,
schemadn=ctx.schema_dn, configdn=ctx.config_dn,
serverdn=ctx.server_dn, domain=ctx.domain_name,
hostname=ctx.myname, domainsid=ctx.domsid,
- machinepass=ctx.acct_pass, serverrole="domain controller",
+ machinepass=ctx.acct_pass, serverrole="active directory domain controller",
sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend)
print "Provision OK for domain DN %s" % presult.domaindn
@@ -741,26 +745,31 @@ class dc_join(object):
ctx.samdb.set_invocation_id(str(ctx.invocation_id))
ctx.local_samdb = ctx.samdb
- print("Finding domain GUID from ncName")
+ ctx.logger.info("Finding domain GUID from ncName")
res = ctx.local_samdb.search(base=ctx.partition_dn, scope=ldb.SCOPE_BASE, attrs=['ncName'],
- controls=["extended_dn:1:1"])
- domguid = str(misc.GUID(ldb.Dn(ctx.samdb, res[0]['ncName'][0]).get_extended_component('GUID')))
- print("Got domain GUID %s" % domguid)
+ controls=["extended_dn:1:1", "reveal_internals:0"])
- print("Calling own domain provision")
+ if 'nCName' not in res[0]:
+ raise DCJoinException("Can't find naming context on partition DN %s in %s" % (ctx.partition_dn, ctx.samdb.url))
+
+ try:
+ domguid = str(misc.GUID(ldb.Dn(ctx.samdb, res[0]['ncName'][0]).get_extended_component('GUID')))
+ except KeyError:
+ raise DCJoinException("Can't find GUID in naming master on partition DN %s" % res[0]['ncName'][0])
- logger = logging.getLogger("provision")
- logger.addHandler(logging.StreamHandler(sys.stdout))
+ ctx.logger.info("Got domain GUID %s" % domguid)
+
+ ctx.logger.info("Calling own domain provision")
secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp)
presult = provision_fill(ctx.local_samdb, secrets_ldb,
- logger, ctx.names, ctx.paths, domainsid=security.dom_sid(ctx.domsid),
+ ctx.logger, ctx.names, ctx.paths, domainsid=security.dom_sid(ctx.domsid),
domainguid=domguid,
targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN,
- machinepass=ctx.acct_pass, serverrole="domain controller",
+ machinepass=ctx.acct_pass, serverrole="active directory domain controller",
lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6,
- dns_backend=ctx.dns_backend)
+ dns_backend=ctx.dns_backend, adminpass=ctx.adminpass)
print("Provision OK for domain %s" % ctx.names.dnsdomain)
def join_replicate(ctx):
@@ -865,15 +874,12 @@ class dc_join(object):
def join_finalise(ctx):
"""Finalise the join, mark us synchronised and setup secrets db."""
- logger = logging.getLogger("provision")
- logger.addHandler(logging.StreamHandler(sys.stdout))
-
# FIXME we shouldn't do this in all cases
# If for some reasons we joined in another site than the one of
# DC we just replicated from then we don't need to send the updatereplicateref
# as replication between sites is time based and on the initiative of the
# requesting DC
- print "Sending DsReplicateUpdateRefs for all the replicated partitions"
+ ctx.logger.info("Sending DsReplicateUpdateRefs for all the replicated partitions")
for nc in ctx.full_nc_list:
ctx.send_DsReplicaUpdateRefs(nc)
@@ -903,7 +909,7 @@ class dc_join(object):
"invocationId",
0)
- print "Setting isSynchronized and dsServiceName"
+ ctx.logger.info("Setting isSynchronized and dsServiceName")
m = ldb.Message()
m.dn = ldb.Dn(ctx.local_samdb, '@ROOTDSE')
m["isSynchronized"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_REPLACE, "isSynchronized")
@@ -916,7 +922,7 @@ class dc_join(object):
secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp)
- print "Setting up secrets database"
+ ctx.logger.info("Setting up secrets database")
secretsdb_self_join(secrets_ldb, domain=ctx.domain_name,
realm=ctx.realm,
dnsdomain=ctx.dnsdomain,
@@ -928,7 +934,7 @@ class dc_join(object):
if ctx.dns_backend.startswith("BIND9_"):
setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid),
- ctx.names, ctx.paths, ctx.lp, logger,
+ ctx.names, ctx.paths, ctx.lp, ctx.logger,
dns_backend=ctx.dns_backend,
dnspass=ctx.dnspass, os_level=ctx.behavior_version,
targetdir=ctx.targetdir,
@@ -1059,7 +1065,8 @@ class dc_join(object):
ctx.nc_list += [ctx.domaindns_zone]
if ctx.dns_backend != "NONE":
- ctx.full_nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
+ if not ctx.subdomain:
+ ctx.full_nc_list += ['DC=DomainDnsZones,%s' % ctx.base_dn]
ctx.full_nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
ctx.nc_list += ['DC=ForestDnsZones,%s' % ctx.root_dn]
@@ -1083,20 +1090,20 @@ class dc_join(object):
raise
-def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
+def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
machinepass=None, use_ntvfs=False, dns_backend=None,
promote_existing=False):
"""Join as a RODC."""
- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
+ ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain,
machinepass, use_ntvfs, dns_backend, promote_existing)
lp.set("workgroup", ctx.domain_name)
- print("workgroup is %s" % ctx.domain_name)
+ logger.info("workgroup is %s" % ctx.domain_name)
lp.set("realm", ctx.realm)
- print("realm is %s" % ctx.realm)
+ logger.info("realm is %s" % ctx.realm)
ctx.krbtgt_dn = "CN=krbtgt_%s,CN=Users,%s" % (ctx.myname, ctx.base_dn)
@@ -1135,22 +1142,22 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
ctx.do_join()
- print "Joined domain %s (SID %s) as an RODC" % (ctx.domain_name, ctx.domsid)
+ logger.info("Joined domain %s (SID %s) as an RODC" % (ctx.domain_name, ctx.domsid))
-def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
+def join_DC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
machinepass=None, use_ntvfs=False, dns_backend=None,
promote_existing=False):
"""Join as a DC."""
- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain,
+ ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain,
machinepass, use_ntvfs, dns_backend, promote_existing)
lp.set("workgroup", ctx.domain_name)
- print("workgroup is %s" % ctx.domain_name)
+ logger.info("workgroup is %s" % ctx.domain_name)
lp.set("realm", ctx.realm)
- print("realm is %s" % ctx.realm)
+ logger.info("realm is %s" % ctx.realm)
ctx.userAccountControl = samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION
@@ -1167,16 +1174,20 @@ def join_DC(server=None, creds=None, lp=None, site=None, netbios_name=None,
ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY
ctx.do_join()
- print "Joined domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid)
+ logger.info("Joined domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid))
-def join_subdomain(server=None, creds=None, lp=None, site=None,
+def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None,
netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None,
- netbios_domain=None, machinepass=None, use_ntvfs=False,
+ netbios_domain=None, machinepass=None, adminpass=None, use_ntvfs=False,
dns_backend=None):
"""Join as a DC."""
- ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, parent_domain,
+ ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, parent_domain,
machinepass, use_ntvfs, dns_backend)
ctx.subdomain = True
+ if adminpass is None:
+ ctx.adminpass = samba.generate_random_password(12, 32)
+ else:
+ ctx.adminpass = adminpass
ctx.parent_domain_name = ctx.domain_name
ctx.domain_name = netbios_domain
ctx.realm = dnsdomain
@@ -1186,7 +1197,7 @@ def join_subdomain(server=None, creds=None, lp=None, site=None,
ctx.partition_dn = "CN=%s,CN=Partitions,%s" % (ctx.domain_name, ctx.config_dn)
ctx.naming_master = ctx.get_naming_master()
if ctx.naming_master != ctx.server:
- print("Reconnecting to naming master %s" % ctx.naming_master)
+ logger.info("Reconnecting to naming master %s" % ctx.naming_master)
ctx.server = ctx.naming_master
ctx.samdb = SamDB(url="ldap://%s" % ctx.server,
session_info=system_session(),
@@ -1211,4 +1222,4 @@ def join_subdomain(server=None, creds=None, lp=None, site=None,
ctx.domain_replica_flags = ctx.replica_flags
ctx.do_join()
- print "Created domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid)
+ ctx.logger.info("Created domain %s (SID %s) as a DC" % (ctx.domain_name, ctx.domsid))
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 4ba305c..e7269c6 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -452,15 +452,18 @@ class cmd_domain_dcpromo(Command):
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
"BIND9_DLZ uses samba4 AD to store zone information, "
"NONE skips the DNS setup entirely (this DC will not be a DNS server)",
- default="SAMBA_INTERNAL")
- ]
+ default="SAMBA_INTERNAL"),
+ Option("--quiet", help="Be quiet", action="store_true"),
+ Option("--verbose", help="Be verbose", action="store_true")
+ ]
takes_args = ["domain", "role?"]
def run(self, domain, role=None, sambaopts=None, credopts=None,
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None,
- use_ntvfs=False, dns_backend=None):
+ use_ntvfs=False, dns_backend=None,
+ quiet=False, verbose=False):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -468,20 +471,31 @@ class cmd_domain_dcpromo(Command):
if site is None:
site = "Default-First-Site-Name"
+ logger = self.get_logger()
+ if verbose:
+ logger.setLevel(logging.DEBUG)
+ elif quiet:
+ logger.setLevel(logging.WARNING)
+ else:
+ logger.setLevel(logging.INFO)
+
+ if site is None:
+ site = "Default-First-Site-Name"
+
netbios_name = lp.get("netbios name")
if not role is None:
role = role.upper()
if role == "DC":
- join_DC(server=server, creds=creds, lp=lp, domain=domain,
+ join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend,
promote_existing=True)
elif role == "RODC":
- join_RODC(server=server, creds=creds, lp=lp, domain=domain,
+ join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend,
@@ -511,6 +525,8 @@ class cmd_domain_join(Command):
action="store_true"),
Option("--machinepass", type=str, metavar="PASSWORD",
help="choose machine password (otherwise random)"),
+ Option("--adminpass", type="string", metavar="PASSWORD",
+ help="choose adminstrator password when joining as a subdomain (otherwise random)"),
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
action="store_true"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
@@ -518,7 +534,9 @@ class cmd_domain_join(Command):
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
"BIND9_DLZ uses samba4 AD to store zone information, "
"NONE skips the DNS setup entirely (this DC will not be a DNS server)",
- default="SAMBA_INTERNAL")
+ default="SAMBA_INTERNAL"),
+ Option("--quiet", help="Be quiet", action="store_true"),
+ Option("--verbose", help="Be verbose", action="store_true")
]
takes_args = ["domain", "role?"]
@@ -526,7 +544,8 @@ class cmd_domain_join(Command):
def run(self, domain, role=None, sambaopts=None, credopts=None,
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None,
- use_ntvfs=False, dns_backend=None):
+ use_ntvfs=False, dns_backend=None, adminpass=None,
+ quiet=False, verbose=False):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -534,6 +553,14 @@ class cmd_domain_join(Command):
if site is None:
site = "Default-First-Site-Name"
+ logger = self.get_logger()
+ if verbose:
+ logger.setLevel(logging.DEBUG)
+ elif quiet:
+ logger.setLevel(logging.WARNING)
+ else:
+ logger.setLevel(logging.INFO)
+
netbios_name = lp.get("netbios name")
if not role is None:
@@ -546,25 +573,29 @@ class cmd_domain_join(Command):
self.errf.write("Joined domain %s (%s)\n" % (domain_name, sid))
elif role == "DC":
- join_DC(server=server, creds=creds, lp=lp, domain=domain,
+ join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
elif role == "RODC":
- join_RODC(server=server, creds=creds, lp=lp, domain=domain,
+ join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
elif role == "SUBDOMAIN":
+ if not adminpass:
+ logger.info("Administrator password will be set randomly!")
+
netbios_domain = lp.get("workgroup")
if parent_domain is None:
parent_domain = ".".join(domain.split(".")[1:])
- join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain,
- parent_domain=parent_domain, site=site,
- netbios_name=netbios_name, netbios_domain=netbios_domain,
- targetdir=targetdir, machinepass=machinepass,
- use_ntvfs=use_ntvfs, dns_backend=dns_backend)
+ join_subdomain(logger=logger, server=server, creds=creds, lp=lp, dnsdomain=domain,
+ parent_domain=parent_domain, site=site,
+ netbios_name=netbios_name, netbios_domain=netbios_domain,
+ targetdir=targetdir, machinepass=machinepass,
+ use_ntvfs=use_ntvfs, dns_backend=dns_backend,
+ adminpass=adminpass)
else:
raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index f6f7338..8c361e9 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -186,36 +186,6 @@ static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares)
return LDB_SUCCESS;
}
-static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares)
-{
- struct oc_context *ac;
-
- ac = talloc_get_type(req->context, struct oc_context);
-
- if (!ares) {
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
-
- if (ares->type == LDB_REPLY_REFERRAL) {
- return ldb_module_send_referral(ac->req, ares->referral);
- }
-
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- if (ares->type != LDB_REPLY_DONE) {
- talloc_free(ares);
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
-
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
-}
-
/* Fix up the DN to be in the standard form, taking particular care to match the parent DN
This should mean that if the parent is:
@@ -659,7 +629,7 @@ static int objectclass_do_add(struct oc_context *ac)
ret = ldb_build_add_req(&add_req, ldb, ac,
msg,
ac->req->controls,
- ac, oc_op_callback,
+ ac->req, dsdb_next_callback,
ac->req);
LDB_REQ_SET_LOCATION(add_req);
if (ret != LDB_SUCCESS) {
@@ -745,11 +715,19 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req
talloc_free(nc_root);
}
- ret = ldb_build_mod_req(&down_req, ldb, ac,
- msg,
- req->controls, ac,
- oc_changes ? oc_modify_callback : oc_op_callback,
--
Samba Shared Repository
More information about the samba-cvs
mailing list