[PATCH] s4: Allow to specify the GUID of NTDS Settings from the self joined DC.
Matthieu Patou
mat at matws.net
Fri Sep 18 14:06:35 MDT 2009
---
source4/scripting/python/samba/provision.py | 32 +++++++++++++++---------
source4/setup/provision | 6 +++-
source4/setup/provision_self_join_modify.ldif | 2 +
3 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index e21a3cb..a307884 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -766,7 +766,7 @@ def setup_samdb_rootdse(samdb, setup_path, names):
def setup_self_join(samdb, names,
machinepass, dnspass,
domainsid, invocationid, setup_path,
- policyguid, policyguid_dc, domainControllerFunctionality):
+ policyguid, policyguid_dc, domainControllerFunctionality,ntdsguid):
"""Join a host to its own domain."""
assert isinstance(invocationid, str)
setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
@@ -792,11 +792,17 @@ def setup_self_join(samdb, names,
"DNSDOMAIN": names.dnsdomain,
"DOMAINSID": str(domainsid),
"DOMAINDN": names.domaindn})
-
- # add the NTDSGUID based SPNs
- ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
- names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
+
+ if ntdsguid is not None:
+ ntdsguid_mod = "dn: CN=NTDS Settings,%s\nchangetype: modify\nreplace: objectGUID\nobjectGUID: %s\n-" % (names.serverdn,ntdsguid)
+ names.ntdsguid = ntdsguid
+ else:
+ # add the NTDSGUID based SPNs
+ ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+ names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
expression="", scope=SCOPE_BASE)
+ ntdsguid_mod = ""
+
assert isinstance(names.ntdsguid, str)
# Setup fSMORoleOwner entries to point at the newly created DC entry
@@ -809,7 +815,8 @@ def setup_self_join(samdb, names,
"DEFAULTSITE": names.sitename,
"SERVERDN": names.serverdn,
"NETBIOSNAME": names.netbiosname,
- "NTDSGUID": names.ntdsguid
+ "NTDSGUID": names.ntdsguid,
+ "NTDSGUID_MOD": ntdsguid_mod
})
@@ -818,7 +825,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainsid, domainguid, policyguid, policyguid_dc,
fill, adminpass, krbtgtpass,
machinepass, invocationid, dnspass,
- serverrole, schema=None, ldap_backend=None):
+ serverrole,ntdsguid, schema=None, ldap_backend=None):
"""Setup a complete SAM Database.
:note: This will wipe the main SAM database file!
@@ -992,7 +999,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainsid=domainsid, policyguid=policyguid,
policyguid_dc=policyguid_dc,
setup_path=setup_path,
- domainControllerFunctionality=domainControllerFunctionality)
+ domainControllerFunctionality=domainControllerFunctionality,ntdsguid=ntdsguid)
+
# add the NTDSGUID based SPNs
ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
@@ -1019,7 +1027,7 @@ def provision(setup_dir, message, session_info,
serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None,
domainsid=None, adminpass=None, ldapadminpass=None,
- krbtgtpass=None, domainguid=None,
+ krbtgtpass=None, domainguid=None, ntdsguid=None,
policyguid=None, policyguid_dc=None, invocationid=None,
machinepass=None,
dnspass=None, root=None, nobody=None, users=None,
@@ -1173,7 +1181,7 @@ def provision(setup_dir, message, session_info,
adminpass=adminpass, krbtgtpass=krbtgtpass,
invocationid=invocationid,
machinepass=machinepass, dnspass=dnspass,
- serverrole=serverrole, ldap_backend=provision_backend)
+ serverrole=serverrole,ntdsguid=ntdsguid,ldap_backend=provision_backend)
if serverrole == "domain controller":
if paths.netlogon is None:
@@ -1337,7 +1345,7 @@ def provision_become_dc(setup_dir=None,
smbconf=None, targetdir=None, realm=None,
rootdn=None, domaindn=None, schemadn=None,
configdn=None, serverdn=None,
- domain=None, hostname=None, domainsid=None,
+ domain=None, hostname=None, domainsid=None, ntdsguid=None,
adminpass=None, krbtgtpass=None, domainguid=None,
policyguid=None, policyguid_dc=None, invocationid=None,
machinepass=None,
@@ -1356,7 +1364,7 @@ def provision_become_dc(setup_dir=None,
smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
configdn=configdn, serverdn=serverdn, domain=domain,
- hostname=hostname, hostip="127.0.0.1", domainsid=domainsid,
+ hostname=hostname, hostip="127.0.0.1", domainsid=domainsid,ntdsguid=ntdsguid,
machinepass=machinepass, serverrole="domain controller",
sitename=sitename)
diff --git a/source4/setup/provision b/source4/setup/provision
index 8bf08b9..bb9b916 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -48,6 +48,8 @@ parser.add_option("--setupdir", type="string", metavar="DIR",
parser.add_option("--realm", type="string", metavar="REALM", help="set realm")
parser.add_option("--domain", type="string", metavar="DOMAIN",
help="set domain")
+parser.add_option("--ntds-guid", type="string", metavar="GUID",
+ help="set ntdsguid (otherwise random)")
parser.add_option("--domain-guid", type="string", metavar="GUID",
help="set domainguid (otherwise random)")
parser.add_option("--domain-sid", type="string", metavar="SID",
@@ -182,8 +184,8 @@ session = system_session()
provision(setup_dir, message,
session, creds, smbconf=smbconf, targetdir=opts.targetdir,
samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
- domainguid=opts.domain_guid, domainsid=opts.domain_sid,
- policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc,
+ domainguid=opts.domain_guid, domainsid=opts.domain_sid,ntdsguid=opts.ntds_guid,
+ policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc,
hostname=opts.host_name,
hostip=opts.host_ip, hostip6=opts.host_ip6,
invocationid=opts.invocationid, adminpass=opts.adminpass,
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index dfcca72..a49e4eb 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -33,3 +33,5 @@ changetype: modify
add: servicePrincipalName
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
+
+${NTDSGUID_MOD}
--
1.6.0.4
--------------070209040901070100090600
Content-Type: text/x-patch;
name="0001-Pythonbindings-provide-a-function-to-calculate-the.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="0001-Pythonbindings-provide-a-function-to-calculate-the.patc";
filename*1="h"
More information about the samba-technical
mailing list