[PATCH] Use common options for samba-tool domain provision,join,dcpromo

Andrew Bartlett abartlet at samba.org
Mon May 14 03:48:00 UTC 2018


This patch set creates a common set of options for samba-tool domain
provision,join and dcpromo.

This ensures that new options are added to all these similar commands.

This addresses Denis' request for lmdb support in the domain join.

This is part of the tree under CI here:
https://gitlab.com/catalyst-samba/samba/pipelines/21953753
and here:
https://gitlab.com/catalyst-samba/samba/pipelines/21957787

Please review and push!

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba



-------------- next part --------------
From 80d4ec968ef10220650d962ef72515de356323f4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 10:19:58 +1200
Subject: [PATCH 1/8] samba-tool domain provision: Move more OpenLDAP options
 behind TEST_LDAP

These options controlled the historical LDAP backend, they should not be left
to confuse other users.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index cb2b1ccecb3..f3b5349ab5d 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -221,8 +221,6 @@ class cmd_domain_provision(Command):
                 default="SAMBA_INTERNAL"),
          Option("--dnspass", type="string", metavar="PASSWORD",
                 help="choose dns password (otherwise random)"),
-         Option("--ldapadminpass", type="string", metavar="PASSWORD",
-                help="choose password to set between Samba and its LDAP backend (otherwise random)"),
          Option("--root", type="string", metavar="USERNAME",
                 help="choose 'root' unix username"),
          Option("--nobody", type="string", metavar="USERNAME",
@@ -232,9 +230,6 @@ class cmd_domain_provision(Command):
          Option("--quiet", help="Be quiet", action="store_true"),
          Option("--blank", action="store_true",
                 help="do not add users or groups, just the structure"),
-         Option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
-                help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE",
-                choices=["fedora-ds", "openldap"]),
          Option("--server-role", type="choice", metavar="ROLE",
                 choices=["domain controller", "dc", "member server", "member", "standalone"],
                 help="The server role (domain controller | dc | member server | member | standalone). Default is dc.",
@@ -253,8 +248,6 @@ class cmd_domain_provision(Command):
                 help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
          Option("--targetdir", type="string", metavar="DIR",
                 help="Set target directory"),
-         Option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
-                help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/  (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\""),
          Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
          Option("--plaintext-secrets", action="store_true",
                 help="Store secret/sensitive values as plain text on disk" +
@@ -266,6 +259,13 @@ class cmd_domain_provision(Command):
         ]
 
     openldap_options = [
+        Option("--ldapadminpass", type="string", metavar="PASSWORD",
+               help="choose password to set between Samba and its LDAP backend (otherwise random)"),
+        Option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
+               help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE",
+               choices=["fedora-ds", "openldap"]),
+        Option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
+                help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/  (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\""),
         Option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early.  Used only for the test environment.  DO NOT USE",
                action="store_true"),
         Option("--slapd-path", type="string", metavar="SLAPD-PATH",
-- 
2.11.0


From 13ff9abecca4fc8fa7bc57ddbbd37b00cdb4dcb8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:02:46 +1200
Subject: [PATCH 2/8] samba-tool domain: Create a common set of options for
 provision/join/dcpromo

These commands share much in common, the options should be in common as well.

Start with --targetdir.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index f3b5349ab5d..85ce236298a 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -105,6 +105,11 @@ string_version_to_constant = {
     "2012_R2": DS_DOMAIN_FUNCTION_2012_R2,
 }
 
+common_provision_join_options = [
+    Option("--targetdir", metavar="DIR",
+           help="Set target directory (where to store provision)", type=str)
+]
+
 def get_testparm_var(testparm, smbconf, varname):
     errfile = open(os.devnull, 'w')
     p = subprocess.Popen([testparm, '-s', '-l',
@@ -246,8 +251,6 @@ class cmd_domain_provision(Command):
                 help="The initial nextRid value (only needed for upgrades).  Default is 1000."),
          Option("--partitions-only",
                 help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
-         Option("--targetdir", type="string", metavar="DIR",
-                help="Set target directory"),
          Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
          Option("--plaintext-secrets", action="store_true",
                 help="Store secret/sensitive values as plain text on disk" +
@@ -286,6 +289,8 @@ class cmd_domain_provision(Command):
                default="auto")
     ]
 
+    takes_options.extend(common_provision_join_options)
+
     if os.getenv('TEST_LDAP', "no") == "yes":
         takes_options.extend(openldap_options)
 
@@ -566,7 +571,6 @@ class cmd_domain_dcpromo(Command):
     takes_options = [
         Option("--server", help="DC to join", type=str),
         Option("--site", help="site to join", type=str),
-        Option("--targetdir", help="where to store provision", type=str),
         Option("--domain-critical-only",
                help="only replicate critical domain objects",
                action="store_true"),
@@ -582,6 +586,8 @@ class cmd_domain_dcpromo(Command):
         Option("--verbose", help="Be verbose", action="store_true")
         ]
 
+    takes_options.extend(common_provision_join_options)
+
     ntvfs_options = [
          Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
     ]
@@ -645,7 +651,6 @@ class cmd_domain_join(Command):
     takes_options = [
         Option("--server", help="DC to join", type=str),
         Option("--site", help="site to join", type=str),
-        Option("--targetdir", help="where to store provision", type=str),
         Option("--parent-domain", help="parent domain to create subdomain under", type=str),
         Option("--domain-critical-only",
                help="only replicate critical domain objects",
@@ -671,6 +676,8 @@ class cmd_domain_join(Command):
         Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
                action="store_true")
     ]
+    takes_options.extend(common_provision_join_options)
+
     if samba.is_ntvfs_fileserver_built():
         takes_options.extend(ntvfs_options)
 
-- 
2.11.0


From da41032182642c668f94a07666e248252b819107 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:04:28 +1200
Subject: [PATCH 3/8] samba-tool domain: Add --quiet to common options

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 85ce236298a..e5db665a16b 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -107,7 +107,8 @@ string_version_to_constant = {
 
 common_provision_join_options = [
     Option("--targetdir", metavar="DIR",
-           help="Set target directory (where to store provision)", type=str)
+           help="Set target directory (where to store provision)", type=str),
+    Option("--quiet", help="Be quiet", action="store_true"),
 ]
 
 def get_testparm_var(testparm, smbconf, varname):
@@ -232,7 +233,6 @@ class cmd_domain_provision(Command):
                 help="choose 'nobody' user"),
          Option("--users", type="string", metavar="GROUPNAME",
                 help="choose 'users' group"),
-         Option("--quiet", help="Be quiet", action="store_true"),
          Option("--blank", action="store_true",
                 help="do not add users or groups, just the structure"),
          Option("--server-role", type="choice", metavar="ROLE",
@@ -582,7 +582,6 @@ class cmd_domain_dcpromo(Command):
                    "BIND9_DLZ uses samba4 AD to store zone information, "
                    "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
                default="SAMBA_INTERNAL"),
-        Option("--quiet", help="Be quiet", action="store_true"),
         Option("--verbose", help="Be verbose", action="store_true")
         ]
 
@@ -668,7 +667,6 @@ class cmd_domain_join(Command):
         Option("--plaintext-secrets", action="store_true",
                help="Store secret/sensitive values as plain text on disk" +
                     "(default is to encrypt secret/ensitive values)"),
-        Option("--quiet", help="Be quiet", action="store_true"),
         Option("--verbose", help="Be verbose", action="store_true")
        ]
 
-- 
2.11.0


From c123701e1aa1b4e7d5bf3fe4231bed73707135c8 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:06:13 +1200
Subject: [PATCH 4/8] samba-tool domain: Add --machinepass to common options

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index e5db665a16b..ca85de18234 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -106,6 +106,8 @@ string_version_to_constant = {
 }
 
 common_provision_join_options = [
+    Option("--machinepass", type="string", metavar="PASSWORD",
+           help="choose machine password (otherwise random)"),
     Option("--targetdir", metavar="DIR",
            help="Set target directory (where to store provision)", type=str),
     Option("--quiet", help="Be quiet", action="store_true"),
@@ -216,8 +218,6 @@ class cmd_domain_provision(Command):
                 help="choose admin password (otherwise random)"),
          Option("--krbtgtpass", type="string", metavar="PASSWORD",
                 help="choose krbtgt password (otherwise random)"),
-         Option("--machinepass", type="string", metavar="PASSWORD",
-                help="choose machine password (otherwise random)"),
          Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
                 choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
                 help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -574,8 +574,6 @@ class cmd_domain_dcpromo(Command):
         Option("--domain-critical-only",
                help="only replicate critical domain objects",
                action="store_true"),
-        Option("--machinepass", type=str, metavar="PASSWORD",
-               help="choose machine password (otherwise random)"),
         Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
                choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
                help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -654,8 +652,6 @@ class cmd_domain_join(Command):
         Option("--domain-critical-only",
                help="only replicate critical domain objects",
                action="store_true"),
-        Option("--machinepass", type=str, metavar="PASSWORD",
-               help="choose machine password (otherwise random)"),
         Option("--adminpass", type="string", metavar="PASSWORD",
                help="choose adminstrator password when joining as a subdomain (otherwise random)"),
         Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
-- 
2.11.0


From f6c1c9befc848d35ae436b24999c8c23c400506f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:22:23 +1200
Subject: [PATCH 5/8] samba-tool domain: Add --plaintext-secrets to common
 options

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index ca85de18234..ed9dfd68f94 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -108,6 +108,9 @@ string_version_to_constant = {
 common_provision_join_options = [
     Option("--machinepass", type="string", metavar="PASSWORD",
            help="choose machine password (otherwise random)"),
+    Option("--plaintext-secrets", action="store_true",
+           help="Store secret/sensitive values as plain text on disk" +
+           "(default is to encrypt secret/ensitive values)"),
     Option("--targetdir", metavar="DIR",
            help="Set target directory (where to store provision)", type=str),
     Option("--quiet", help="Be quiet", action="store_true"),
@@ -252,9 +255,6 @@ class cmd_domain_provision(Command):
          Option("--partitions-only",
                 help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
          Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
-         Option("--plaintext-secrets", action="store_true",
-                help="Store secret/sensitive values as plain text on disk" +
-                     "(default is to encrypt secret/ensitive values)"),
          Option("--backend-store", type="choice", metavar="BACKENDSTORE",
                 choices=["tdb", "mdb"],
                 help="Specify the database backend to be used "
@@ -660,9 +660,6 @@ class cmd_domain_join(Command):
                    "BIND9_DLZ uses samba4 AD to store zone information, "
                    "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
                default="SAMBA_INTERNAL"),
-        Option("--plaintext-secrets", action="store_true",
-               help="Store secret/sensitive values as plain text on disk" +
-                    "(default is to encrypt secret/ensitive values)"),
         Option("--verbose", help="Be verbose", action="store_true")
        ]
 
-- 
2.11.0


From d42cf14c2c37ebbe360fd35ae39a3d80290488da Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:23:24 +1200
Subject: [PATCH 6/8] samba-tool domain: Extend --backend-store to join and
 dcpromo by moving to common options

This allows the choice of ldb backend for a domain join as well as a new provision.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/join.py          | 23 +++++++++++++++--------
 python/samba/netcmd/domain.py | 21 +++++++++++++--------
 2 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/python/samba/join.py b/python/samba/join.py
index e164d9b5cf2..dc6d234d0ed 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -57,7 +57,7 @@ class dc_join(object):
                  netbios_name=None, targetdir=None, domain=None,
                  machinepass=None, use_ntvfs=False, dns_backend=None,
                  promote_existing=False, clone_only=False,
-                 plaintext_secrets=False):
+                 plaintext_secrets=False, backend_store=None):
         if site is None:
             site = "Default-First-Site-Name"
 
@@ -70,6 +70,7 @@ class dc_join(object):
         ctx.targetdir = targetdir
         ctx.use_ntvfs = use_ntvfs
         ctx.plaintext_secrets = plaintext_secrets
+        ctx.backend_store = backend_store
 
         ctx.promote_existing = promote_existing
         ctx.promote_from_dn = None
@@ -849,7 +850,9 @@ class dc_join(object):
                 machinepass=ctx.acct_pass, serverrole="active directory domain controller",
                 sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
                 use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend,
-                plaintext_secrets=ctx.plaintext_secrets)
+                plaintext_secrets=ctx.plaintext_secrets,
+                backend_store=ctx.backend_store
+        )
         print("Provision OK for domain DN %s" % presult.domaindn)
         ctx.local_samdb = presult.samdb
         ctx.lp          = presult.lp
@@ -1411,12 +1414,13 @@ class dc_join(object):
 def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None,
               targetdir=None, domain=None, domain_critical_only=False,
               machinepass=None, use_ntvfs=False, dns_backend=None,
-              promote_existing=False, plaintext_secrets=False):
+              promote_existing=False, plaintext_secrets=False,
+              backend_store=None):
     """Join as a RODC."""
 
     ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain,
                   machinepass, use_ntvfs, dns_backend, promote_existing,
-                  plaintext_secrets)
+                  plaintext_secrets, backend_store=backend_store)
 
     lp.set("workgroup", ctx.domain_name)
     logger.info("workgroup is %s" % ctx.domain_name)
@@ -1463,11 +1467,12 @@ def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_
 def join_DC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None,
             targetdir=None, domain=None, domain_critical_only=False,
             machinepass=None, use_ntvfs=False, dns_backend=None,
-            promote_existing=False, plaintext_secrets=False):
+            promote_existing=False, plaintext_secrets=False,
+            backend_store=None):
     """Join as a DC."""
     ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain,
                   machinepass, use_ntvfs, dns_backend, promote_existing,
-                  plaintext_secrets)
+                  plaintext_secrets, backend_store=backend_store)
 
     lp.set("workgroup", ctx.domain_name)
     logger.info("workgroup is %s" % ctx.domain_name)
@@ -1513,10 +1518,12 @@ def join_clone(logger=None, server=None, creds=None, lp=None,
 def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None,
         netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None,
         netbios_domain=None, machinepass=None, adminpass=None, use_ntvfs=False,
-        dns_backend=None, plaintext_secrets=False):
+        dns_backend=None, plaintext_secrets=False,
+        backend_store=None):
     """Join as a DC."""
     ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, parent_domain,
-                  machinepass, use_ntvfs, dns_backend, plaintext_secrets)
+                  machinepass, use_ntvfs, dns_backend, plaintext_secrets,
+                  backend_store=backend_store)
     ctx.subdomain = True
     if adminpass is None:
         ctx.adminpass = samba.generate_random_password(12, 32)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index ed9dfd68f94..250777388fc 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -111,6 +111,10 @@ common_provision_join_options = [
     Option("--plaintext-secrets", action="store_true",
            help="Store secret/sensitive values as plain text on disk" +
            "(default is to encrypt secret/ensitive values)"),
+    Option("--backend-store", type="choice", metavar="BACKENDSTORE",
+           choices=["tdb", "mdb"],
+           help="Specify the database backend to be used "
+           "(default is %s)" % get_default_backend_store()),
     Option("--targetdir", metavar="DIR",
            help="Set target directory (where to store provision)", type=str),
     Option("--quiet", help="Be quiet", action="store_true"),
@@ -255,10 +259,6 @@ class cmd_domain_provision(Command):
          Option("--partitions-only",
                 help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
          Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
-         Option("--backend-store", type="choice", metavar="BACKENDSTORE",
-                choices=["tdb", "mdb"],
-                help="Specify the database backend to be used "
-                     "(default is %s)" % get_default_backend_store()),
         ]
 
     openldap_options = [
@@ -678,7 +678,9 @@ class cmd_domain_join(Command):
             versionopts=None, server=None, site=None, targetdir=None,
             domain_critical_only=False, parent_domain=None, machinepass=None,
             use_ntvfs=False, dns_backend=None, adminpass=None,
-            quiet=False, verbose=False, plaintext_secrets=False):
+            quiet=False, verbose=False,
+            plaintext_secrets=False,
+            backend_store=None):
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp)
         net = Net(creds, lp, server=credopts.ipaddress)
@@ -711,14 +713,16 @@ class cmd_domain_join(Command):
                     domain_critical_only=domain_critical_only,
                     machinepass=machinepass, use_ntvfs=use_ntvfs,
                     dns_backend=dns_backend,
-                    plaintext_secrets=plaintext_secrets)
+                    plaintext_secrets=plaintext_secrets,
+                    backend_store=backend_store)
         elif role == "RODC":
             join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
                       site=site, netbios_name=netbios_name, targetdir=targetdir,
                       domain_critical_only=domain_critical_only,
                       machinepass=machinepass, use_ntvfs=use_ntvfs,
                       dns_backend=dns_backend,
-                      plaintext_secrets=plaintext_secrets)
+                      plaintext_secrets=plaintext_secrets,
+                      backend_store=backend_store)
         elif role == "SUBDOMAIN":
             if not adminpass:
                 logger.info("Administrator password will be set randomly!")
@@ -732,7 +736,8 @@ class cmd_domain_join(Command):
                            targetdir=targetdir, machinepass=machinepass,
                            use_ntvfs=use_ntvfs, dns_backend=dns_backend,
                            adminpass=adminpass,
-                           plaintext_secrets=plaintext_secrets)
+                           plaintext_secrets=plaintext_secrets,
+                           backend_store=backend_store)
         else:
             raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
 
-- 
2.11.0


From 980d8e69d0c68654cabb66b9fa43625784bdf7a1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:30:17 +1200
Subject: [PATCH 7/8] samba-tool domain: Create a common --use-ntvfs option for
 provision, join, dcpromo and classicupgrade

The NTVFS fileserver mode is still integral to the selftest system (often simply used to
make the rest of the command run and not fuss with POSIX ACLs and permissions).

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 250777388fc..d7f4476afe9 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -120,6 +120,11 @@ common_provision_join_options = [
     Option("--quiet", help="Be quiet", action="store_true"),
 ]
 
+common_ntvfs_options = [
+        Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
+               action="store_true")
+]
+
 def get_testparm_var(testparm, smbconf, varname):
     errfile = open(os.devnull, 'w')
     p = subprocess.Popen([testparm, '-s', '-l',
@@ -280,7 +285,6 @@ class cmd_domain_provision(Command):
         ]
 
     ntvfs_options = [
-        Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
         Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
                metavar="[yes|no|auto]",
                help="Define if we should use the native fs capabilities or a tdb file for "
@@ -295,7 +299,8 @@ class cmd_domain_provision(Command):
         takes_options.extend(openldap_options)
 
     if samba.is_ntvfs_fileserver_built():
-         takes_options.extend(ntvfs_options)
+        takes_options.extend(common_ntvfs_options)
+        takes_options.extend(ntvfs_options)
 
     takes_args = []
 
@@ -585,12 +590,8 @@ class cmd_domain_dcpromo(Command):
 
     takes_options.extend(common_provision_join_options)
 
-    ntvfs_options = [
-         Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
-    ]
-
     if samba.is_ntvfs_fileserver_built():
-         takes_options.extend(ntvfs_options)
+         takes_options.extend(common_ntvfs_options)
 
 
     takes_args = ["domain", "role?"]
@@ -1570,8 +1571,6 @@ class cmd_domain_classicupgrade(Command):
     ]
 
     ntvfs_options = [
-        Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
-               action="store_true"),
         Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
                metavar="[yes|no|auto]",
                help="Define if we should use the native fs capabilities or a tdb file for "
@@ -1580,6 +1579,7 @@ class cmd_domain_classicupgrade(Command):
                default="auto")
     ]
     if samba.is_ntvfs_fileserver_built():
+        takes_options.extend(common_ntvfs_options)
         takes_options.extend(ntvfs_options)
 
     takes_args = ["smbconf"]
-- 
2.11.0


From e2c81fcf2bafaed18a2f419096683c90e2310f11 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:49:23 +1200
Subject: [PATCH 8/8] samba-tool domain: Split out common options between
 dcpromo and join

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 python/samba/netcmd/domain.py | 44 ++++++++++++++++++-------------------------
 1 file changed, 18 insertions(+), 26 deletions(-)

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index d7f4476afe9..d3e602bfe33 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -120,6 +120,21 @@ common_provision_join_options = [
     Option("--quiet", help="Be quiet", action="store_true"),
 ]
 
+common_join_options = [
+    Option("--server", help="DC to join", type=str),
+    Option("--site", help="site to join", type=str),
+    Option("--domain-critical-only",
+           help="only replicate critical domain objects",
+           action="store_true"),
+    Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
+           choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
+           help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
+           "BIND9_DLZ uses samba4 AD to store zone information, "
+           "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
+           default="SAMBA_INTERNAL"),
+    Option("--verbose", help="Be verbose", action="store_true")
+]
+
 common_ntvfs_options = [
         Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
                action="store_true")
@@ -573,20 +588,8 @@ class cmd_domain_dcpromo(Command):
         "credopts": options.CredentialsOptions,
     }
 
-    takes_options = [
-        Option("--server", help="DC to join", type=str),
-        Option("--site", help="site to join", type=str),
-        Option("--domain-critical-only",
-               help="only replicate critical domain objects",
-               action="store_true"),
-        Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
-               choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
-               help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
-                   "BIND9_DLZ uses samba4 AD to store zone information, "
-                   "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
-               default="SAMBA_INTERNAL"),
-        Option("--verbose", help="Be verbose", action="store_true")
-        ]
+    takes_options = []
+    takes_options.extend(common_join_options)
 
     takes_options.extend(common_provision_join_options)
 
@@ -647,27 +650,16 @@ class cmd_domain_join(Command):
     }
 
     takes_options = [
-        Option("--server", help="DC to join", type=str),
-        Option("--site", help="site to join", type=str),
         Option("--parent-domain", help="parent domain to create subdomain under", type=str),
-        Option("--domain-critical-only",
-               help="only replicate critical domain objects",
-               action="store_true"),
         Option("--adminpass", type="string", metavar="PASSWORD",
                help="choose adminstrator password when joining as a subdomain (otherwise random)"),
-        Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
-               choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
-               help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
-                   "BIND9_DLZ uses samba4 AD to store zone information, "
-                   "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
-               default="SAMBA_INTERNAL"),
-        Option("--verbose", help="Be verbose", action="store_true")
        ]
 
     ntvfs_options = [
         Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
                action="store_true")
     ]
+    takes_options.extend(common_join_options)
     takes_options.extend(common_provision_join_options)
 
     if samba.is_ntvfs_fileserver_built():
-- 
2.11.0



More information about the samba-technical mailing list