[PATCH] s4: Allow to specify the GUID of NTDS Settings from the self joined DC.

Matthieu Patou mat at matws.net
Fri Sep 18 14:06:35 MDT 2009


---
 source4/scripting/python/samba/provision.py   |   32 +++++++++++++++---------
 source4/setup/provision                       |    6 +++-
 source4/setup/provision_self_join_modify.ldif |    2 +
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index e21a3cb..a307884 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -766,7 +766,7 @@ def setup_samdb_rootdse(samdb, setup_path, names):
 def setup_self_join(samdb, names,
                     machinepass, dnspass, 
                     domainsid, invocationid, setup_path,
-                    policyguid, policyguid_dc, domainControllerFunctionality):
+                    policyguid, policyguid_dc, domainControllerFunctionality,ntdsguid):
     """Join a host to its own domain."""
     assert isinstance(invocationid, str)
     setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { 
@@ -792,11 +792,17 @@ def setup_self_join(samdb, names,
               "DNSDOMAIN": names.dnsdomain,
               "DOMAINSID": str(domainsid),
               "DOMAINDN": names.domaindn})
-    
-    # add the NTDSGUID based SPNs
-    ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
-    names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
+   
+    if ntdsguid is not None:
+       ntdsguid_mod = "dn: CN=NTDS Settings,%s\nchangetype: modify\nreplace: objectGUID\nobjectGUID: %s\n-" % (names.serverdn,ntdsguid)
+       names.ntdsguid = ntdsguid
+    else:
+       # add the NTDSGUID based SPNs
+       ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+       names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
                                      expression="", scope=SCOPE_BASE)
+       ntdsguid_mod = ""
+
     assert isinstance(names.ntdsguid, str)
 
     # Setup fSMORoleOwner entries to point at the newly created DC entry
@@ -809,7 +815,8 @@ def setup_self_join(samdb, names,
               "DEFAULTSITE": names.sitename,
               "SERVERDN": names.serverdn,
               "NETBIOSNAME": names.netbiosname,
-              "NTDSGUID": names.ntdsguid
+              "NTDSGUID": names.ntdsguid,
+              "NTDSGUID_MOD": ntdsguid_mod
               })
 
 
@@ -818,7 +825,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
                 domainsid, domainguid, policyguid, policyguid_dc,
                 fill, adminpass, krbtgtpass, 
                 machinepass, invocationid, dnspass,
-                serverrole, schema=None, ldap_backend=None):
+                serverrole,ntdsguid, schema=None, ldap_backend=None):
     """Setup a complete SAM Database.
     
     :note: This will wipe the main SAM database file!
@@ -992,7 +999,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
                                 domainsid=domainsid, policyguid=policyguid,
                                 policyguid_dc=policyguid_dc,
                                 setup_path=setup_path,
-                                domainControllerFunctionality=domainControllerFunctionality)
+                                domainControllerFunctionality=domainControllerFunctionality,ntdsguid=ntdsguid)
+
                 # add the NTDSGUID based SPNs
                 ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
                 names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
@@ -1019,7 +1027,7 @@ def provision(setup_dir, message, session_info,
               serverdn=None,
               domain=None, hostname=None, hostip=None, hostip6=None, 
               domainsid=None, adminpass=None, ldapadminpass=None, 
-              krbtgtpass=None, domainguid=None, 
+              krbtgtpass=None, domainguid=None, ntdsguid=None,
               policyguid=None, policyguid_dc=None, invocationid=None,
               machinepass=None, 
               dnspass=None, root=None, nobody=None, users=None, 
@@ -1173,7 +1181,7 @@ def provision(setup_dir, message, session_info,
                         adminpass=adminpass, krbtgtpass=krbtgtpass,
                         invocationid=invocationid, 
                         machinepass=machinepass, dnspass=dnspass,
-                        serverrole=serverrole, ldap_backend=provision_backend)
+                        serverrole=serverrole,ntdsguid=ntdsguid,ldap_backend=provision_backend)
 
     if serverrole == "domain controller":
         if paths.netlogon is None:
@@ -1337,7 +1345,7 @@ def provision_become_dc(setup_dir=None,
                         smbconf=None, targetdir=None, realm=None, 
                         rootdn=None, domaindn=None, schemadn=None,
                         configdn=None, serverdn=None,
-                        domain=None, hostname=None, domainsid=None, 
+                        domain=None, hostname=None, domainsid=None, ntdsguid=None,
                         adminpass=None, krbtgtpass=None, domainguid=None, 
                         policyguid=None, policyguid_dc=None, invocationid=None,
                         machinepass=None, 
@@ -1356,7 +1364,7 @@ def provision_become_dc(setup_dir=None,
               smbconf=smbconf, targetdir=targetdir, samdb_fill=FILL_DRS,
               realm=realm, rootdn=rootdn, domaindn=domaindn, schemadn=schemadn,
               configdn=configdn, serverdn=serverdn, domain=domain,
-              hostname=hostname, hostip="127.0.0.1", domainsid=domainsid,
+              hostname=hostname, hostip="127.0.0.1", domainsid=domainsid,ntdsguid=ntdsguid,
               machinepass=machinepass, serverrole="domain controller",
               sitename=sitename)
 
diff --git a/source4/setup/provision b/source4/setup/provision
index 8bf08b9..bb9b916 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -48,6 +48,8 @@ parser.add_option("--setupdir", type="string", metavar="DIR",
 parser.add_option("--realm", type="string", metavar="REALM", help="set realm")
 parser.add_option("--domain", type="string", metavar="DOMAIN",
 				  help="set domain")
+parser.add_option("--ntds-guid", type="string", metavar="GUID", 
+		help="set ntdsguid (otherwise random)")
 parser.add_option("--domain-guid", type="string", metavar="GUID", 
 		help="set domainguid (otherwise random)")
 parser.add_option("--domain-sid", type="string", metavar="SID", 
@@ -182,8 +184,8 @@ session = system_session()
 provision(setup_dir, message, 
           session, creds, smbconf=smbconf, targetdir=opts.targetdir,
           samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
-          domainguid=opts.domain_guid, domainsid=opts.domain_sid,
-          policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc,
+          domainguid=opts.domain_guid, domainsid=opts.domain_sid,ntdsguid=opts.ntds_guid,
+		  policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc,
           hostname=opts.host_name,
           hostip=opts.host_ip, hostip6=opts.host_ip6,
           invocationid=opts.invocationid, adminpass=opts.adminpass,
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index dfcca72..a49e4eb 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -33,3 +33,5 @@ changetype: modify
 add: servicePrincipalName
 servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
 servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
+
+${NTDSGUID_MOD}
-- 
1.6.0.4


--------------070209040901070100090600
Content-Type: text/x-patch;
 name="0001-Pythonbindings-provide-a-function-to-calculate-the.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0001-Pythonbindings-provide-a-function-to-calculate-the.patc";
 filename*1="h"



More information about the samba-technical mailing list