[PATCH] Use common options for samba-tool domain provision,join,dcpromo
Andrew Bartlett
abartlet at samba.org
Tue May 15 02:42:21 UTC 2018
On Mon, 2018-05-14 at 16:04 +1200, Gary Lockyer via samba-technical
wrote:
> Looks good to me
> RB+
>
> Gary
Thanks Gary. Sadly the CI failed to here is the new set:
This patch set consolidates our option handling for samba-tool domain
provision,join,dcpromo.
This ensures that new options are added to all these similar commands.
This addresses Denis' request for lmdb support in the domain join.
https://gitlab.com/catalyst-samba/samba/pipelines/22016700
https://gitlab.com/catalyst-samba/samba/commits/abartlet-lmdb-pre-9
Please review and perhaps push!
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
From 824f878acbf93d9eaf38545d1514f73c43bed9db Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 10:19:58 +1200
Subject: [PATCH 1/8] samba-tool domain provision: Move more OpenLDAP options
behind TEST_LDAP
These options controlled the historical LDAP backend, they should not be left
to confuse other users.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index cb2b1ccecb3..f3b5349ab5d 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -221,8 +221,6 @@ class cmd_domain_provision(Command):
default="SAMBA_INTERNAL"),
Option("--dnspass", type="string", metavar="PASSWORD",
help="choose dns password (otherwise random)"),
- Option("--ldapadminpass", type="string", metavar="PASSWORD",
- help="choose password to set between Samba and its LDAP backend (otherwise random)"),
Option("--root", type="string", metavar="USERNAME",
help="choose 'root' unix username"),
Option("--nobody", type="string", metavar="USERNAME",
@@ -232,9 +230,6 @@ class cmd_domain_provision(Command):
Option("--quiet", help="Be quiet", action="store_true"),
Option("--blank", action="store_true",
help="do not add users or groups, just the structure"),
- Option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
- help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE",
- choices=["fedora-ds", "openldap"]),
Option("--server-role", type="choice", metavar="ROLE",
choices=["domain controller", "dc", "member server", "member", "standalone"],
help="The server role (domain controller | dc | member server | member | standalone). Default is dc.",
@@ -253,8 +248,6 @@ class cmd_domain_provision(Command):
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
Option("--targetdir", type="string", metavar="DIR",
help="Set target directory"),
- Option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
- help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\""),
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
Option("--plaintext-secrets", action="store_true",
help="Store secret/sensitive values as plain text on disk" +
@@ -266,6 +259,13 @@ class cmd_domain_provision(Command):
]
openldap_options = [
+ Option("--ldapadminpass", type="string", metavar="PASSWORD",
+ help="choose password to set between Samba and its LDAP backend (otherwise random)"),
+ Option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
+ help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE",
+ choices=["fedora-ds", "openldap"]),
+ Option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
+ help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\""),
Option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE",
action="store_true"),
Option("--slapd-path", type="string", metavar="SLAPD-PATH",
--
2.11.0
From 9dd4c2f3453450b917704671eb0db30278f1fa1e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:02:46 +1200
Subject: [PATCH 2/8] samba-tool domain: Create a common set of options for
provision/join/dcpromo
These commands share much in common, the options should be in common as well.
Start with --targetdir.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index f3b5349ab5d..85ce236298a 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -105,6 +105,11 @@ string_version_to_constant = {
"2012_R2": DS_DOMAIN_FUNCTION_2012_R2,
}
+common_provision_join_options = [
+ Option("--targetdir", metavar="DIR",
+ help="Set target directory (where to store provision)", type=str)
+]
+
def get_testparm_var(testparm, smbconf, varname):
errfile = open(os.devnull, 'w')
p = subprocess.Popen([testparm, '-s', '-l',
@@ -246,8 +251,6 @@ class cmd_domain_provision(Command):
help="The initial nextRid value (only needed for upgrades). Default is 1000."),
Option("--partitions-only",
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
- Option("--targetdir", type="string", metavar="DIR",
- help="Set target directory"),
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
Option("--plaintext-secrets", action="store_true",
help="Store secret/sensitive values as plain text on disk" +
@@ -286,6 +289,8 @@ class cmd_domain_provision(Command):
default="auto")
]
+ takes_options.extend(common_provision_join_options)
+
if os.getenv('TEST_LDAP', "no") == "yes":
takes_options.extend(openldap_options)
@@ -566,7 +571,6 @@ class cmd_domain_dcpromo(Command):
takes_options = [
Option("--server", help="DC to join", type=str),
Option("--site", help="site to join", type=str),
- Option("--targetdir", help="where to store provision", type=str),
Option("--domain-critical-only",
help="only replicate critical domain objects",
action="store_true"),
@@ -582,6 +586,8 @@ class cmd_domain_dcpromo(Command):
Option("--verbose", help="Be verbose", action="store_true")
]
+ takes_options.extend(common_provision_join_options)
+
ntvfs_options = [
Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
]
@@ -645,7 +651,6 @@ class cmd_domain_join(Command):
takes_options = [
Option("--server", help="DC to join", type=str),
Option("--site", help="site to join", type=str),
- Option("--targetdir", help="where to store provision", type=str),
Option("--parent-domain", help="parent domain to create subdomain under", type=str),
Option("--domain-critical-only",
help="only replicate critical domain objects",
@@ -671,6 +676,8 @@ class cmd_domain_join(Command):
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
action="store_true")
]
+ takes_options.extend(common_provision_join_options)
+
if samba.is_ntvfs_fileserver_built():
takes_options.extend(ntvfs_options)
--
2.11.0
From 78986047f080acd0f46a2044fff48f7487a7bdab Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:04:28 +1200
Subject: [PATCH 3/8] samba-tool domain: Add --quiet to common options
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 85ce236298a..e5db665a16b 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -107,7 +107,8 @@ string_version_to_constant = {
common_provision_join_options = [
Option("--targetdir", metavar="DIR",
- help="Set target directory (where to store provision)", type=str)
+ help="Set target directory (where to store provision)", type=str),
+ Option("--quiet", help="Be quiet", action="store_true"),
]
def get_testparm_var(testparm, smbconf, varname):
@@ -232,7 +233,6 @@ class cmd_domain_provision(Command):
help="choose 'nobody' user"),
Option("--users", type="string", metavar="GROUPNAME",
help="choose 'users' group"),
- Option("--quiet", help="Be quiet", action="store_true"),
Option("--blank", action="store_true",
help="do not add users or groups, just the structure"),
Option("--server-role", type="choice", metavar="ROLE",
@@ -582,7 +582,6 @@ class cmd_domain_dcpromo(Command):
"BIND9_DLZ uses samba4 AD to store zone information, "
"NONE skips the DNS setup entirely (this DC will not be a DNS server)",
default="SAMBA_INTERNAL"),
- Option("--quiet", help="Be quiet", action="store_true"),
Option("--verbose", help="Be verbose", action="store_true")
]
@@ -668,7 +667,6 @@ class cmd_domain_join(Command):
Option("--plaintext-secrets", action="store_true",
help="Store secret/sensitive values as plain text on disk" +
"(default is to encrypt secret/ensitive values)"),
- Option("--quiet", help="Be quiet", action="store_true"),
Option("--verbose", help="Be verbose", action="store_true")
]
--
2.11.0
From 97ff071ffdbcbca727c2c61430b7372dd95cdd8d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:06:13 +1200
Subject: [PATCH 4/8] samba-tool domain: Add --machinepass to common options
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index e5db665a16b..ca85de18234 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -106,6 +106,8 @@ string_version_to_constant = {
}
common_provision_join_options = [
+ Option("--machinepass", type="string", metavar="PASSWORD",
+ help="choose machine password (otherwise random)"),
Option("--targetdir", metavar="DIR",
help="Set target directory (where to store provision)", type=str),
Option("--quiet", help="Be quiet", action="store_true"),
@@ -216,8 +218,6 @@ class cmd_domain_provision(Command):
help="choose admin password (otherwise random)"),
Option("--krbtgtpass", type="string", metavar="PASSWORD",
help="choose krbtgt password (otherwise random)"),
- Option("--machinepass", type="string", metavar="PASSWORD",
- help="choose machine password (otherwise random)"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"],
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -574,8 +574,6 @@ class cmd_domain_dcpromo(Command):
Option("--domain-critical-only",
help="only replicate critical domain objects",
action="store_true"),
- Option("--machinepass", type=str, metavar="PASSWORD",
- help="choose machine password (otherwise random)"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
@@ -654,8 +652,6 @@ class cmd_domain_join(Command):
Option("--domain-critical-only",
help="only replicate critical domain objects",
action="store_true"),
- Option("--machinepass", type=str, metavar="PASSWORD",
- help="choose machine password (otherwise random)"),
Option("--adminpass", type="string", metavar="PASSWORD",
help="choose adminstrator password when joining as a subdomain (otherwise random)"),
Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
--
2.11.0
From 8d3d6aa679be33c36d5347cafad90c1081774c7d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:22:23 +1200
Subject: [PATCH 5/8] samba-tool domain: Extend --plaintext-secrets to dcpromo
by moving to common options
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index ca85de18234..c346430dbec 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -108,6 +108,9 @@ string_version_to_constant = {
common_provision_join_options = [
Option("--machinepass", type="string", metavar="PASSWORD",
help="choose machine password (otherwise random)"),
+ Option("--plaintext-secrets", action="store_true",
+ help="Store secret/sensitive values as plain text on disk" +
+ "(default is to encrypt secret/ensitive values)"),
Option("--targetdir", metavar="DIR",
help="Set target directory (where to store provision)", type=str),
Option("--quiet", help="Be quiet", action="store_true"),
@@ -252,9 +255,6 @@ class cmd_domain_provision(Command):
Option("--partitions-only",
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
- Option("--plaintext-secrets", action="store_true",
- help="Store secret/sensitive values as plain text on disk" +
- "(default is to encrypt secret/ensitive values)"),
Option("--backend-store", type="choice", metavar="BACKENDSTORE",
choices=["tdb", "mdb"],
help="Specify the database backend to be used "
@@ -599,7 +599,7 @@ class cmd_domain_dcpromo(Command):
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None,
use_ntvfs=False, dns_backend=None,
- quiet=False, verbose=False):
+ quiet=False, verbose=False, plaintext_secrets=False):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -623,13 +623,13 @@ class cmd_domain_dcpromo(Command):
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend,
- promote_existing=True)
+ promote_existing=True, plaintext_secrets=plaintext_secrets)
elif role == "RODC":
join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend,
- promote_existing=True)
+ promote_existing=True, plaintext_secrets=plaintext_secrets)
else:
raise CommandError("Invalid role '%s' (possible values: DC, RODC)" % role)
@@ -660,9 +660,6 @@ class cmd_domain_join(Command):
"BIND9_DLZ uses samba4 AD to store zone information, "
"NONE skips the DNS setup entirely (this DC will not be a DNS server)",
default="SAMBA_INTERNAL"),
- Option("--plaintext-secrets", action="store_true",
- help="Store secret/sensitive values as plain text on disk" +
- "(default is to encrypt secret/ensitive values)"),
Option("--verbose", help="Be verbose", action="store_true")
]
--
2.11.0
From 29fa75b1ec39cd911bd63c51ea48f9f456e73885 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:23:24 +1200
Subject: [PATCH 6/8] samba-tool domain: Extend --backend-store to join and
dcpromo by moving to common options
This allows the choice of ldb backend for a domain join as well as a new provision.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/join.py | 23 +++++++++++++++--------
python/samba/netcmd/domain.py | 30 +++++++++++++++++++-----------
2 files changed, 34 insertions(+), 19 deletions(-)
diff --git a/python/samba/join.py b/python/samba/join.py
index e164d9b5cf2..dc6d234d0ed 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -57,7 +57,7 @@ class dc_join(object):
netbios_name=None, targetdir=None, domain=None,
machinepass=None, use_ntvfs=False, dns_backend=None,
promote_existing=False, clone_only=False,
- plaintext_secrets=False):
+ plaintext_secrets=False, backend_store=None):
if site is None:
site = "Default-First-Site-Name"
@@ -70,6 +70,7 @@ class dc_join(object):
ctx.targetdir = targetdir
ctx.use_ntvfs = use_ntvfs
ctx.plaintext_secrets = plaintext_secrets
+ ctx.backend_store = backend_store
ctx.promote_existing = promote_existing
ctx.promote_from_dn = None
@@ -849,7 +850,9 @@ class dc_join(object):
machinepass=ctx.acct_pass, serverrole="active directory domain controller",
sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend,
- plaintext_secrets=ctx.plaintext_secrets)
+ plaintext_secrets=ctx.plaintext_secrets,
+ backend_store=ctx.backend_store
+ )
print("Provision OK for domain DN %s" % presult.domaindn)
ctx.local_samdb = presult.samdb
ctx.lp = presult.lp
@@ -1411,12 +1414,13 @@ class dc_join(object):
def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
machinepass=None, use_ntvfs=False, dns_backend=None,
- promote_existing=False, plaintext_secrets=False):
+ promote_existing=False, plaintext_secrets=False,
+ backend_store=None):
"""Join as a RODC."""
ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain,
machinepass, use_ntvfs, dns_backend, promote_existing,
- plaintext_secrets)
+ plaintext_secrets, backend_store=backend_store)
lp.set("workgroup", ctx.domain_name)
logger.info("workgroup is %s" % ctx.domain_name)
@@ -1463,11 +1467,12 @@ def join_RODC(logger=None, server=None, creds=None, lp=None, site=None, netbios_
def join_DC(logger=None, server=None, creds=None, lp=None, site=None, netbios_name=None,
targetdir=None, domain=None, domain_critical_only=False,
machinepass=None, use_ntvfs=False, dns_backend=None,
- promote_existing=False, plaintext_secrets=False):
+ promote_existing=False, plaintext_secrets=False,
+ backend_store=None):
"""Join as a DC."""
ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, domain,
machinepass, use_ntvfs, dns_backend, promote_existing,
- plaintext_secrets)
+ plaintext_secrets, backend_store=backend_store)
lp.set("workgroup", ctx.domain_name)
logger.info("workgroup is %s" % ctx.domain_name)
@@ -1513,10 +1518,12 @@ def join_clone(logger=None, server=None, creds=None, lp=None,
def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None,
netbios_name=None, targetdir=None, parent_domain=None, dnsdomain=None,
netbios_domain=None, machinepass=None, adminpass=None, use_ntvfs=False,
- dns_backend=None, plaintext_secrets=False):
+ dns_backend=None, plaintext_secrets=False,
+ backend_store=None):
"""Join as a DC."""
ctx = dc_join(logger, server, creds, lp, site, netbios_name, targetdir, parent_domain,
- machinepass, use_ntvfs, dns_backend, plaintext_secrets)
+ machinepass, use_ntvfs, dns_backend, plaintext_secrets,
+ backend_store=backend_store)
ctx.subdomain = True
if adminpass is None:
ctx.adminpass = samba.generate_random_password(12, 32)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index c346430dbec..a1a936d98d9 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -111,6 +111,10 @@ common_provision_join_options = [
Option("--plaintext-secrets", action="store_true",
help="Store secret/sensitive values as plain text on disk" +
"(default is to encrypt secret/ensitive values)"),
+ Option("--backend-store", type="choice", metavar="BACKENDSTORE",
+ choices=["tdb", "mdb"],
+ help="Specify the database backend to be used "
+ "(default is %s)" % get_default_backend_store()),
Option("--targetdir", metavar="DIR",
help="Set target directory (where to store provision)", type=str),
Option("--quiet", help="Be quiet", action="store_true"),
@@ -255,10 +259,6 @@ class cmd_domain_provision(Command):
Option("--partitions-only",
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true"),
Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
- Option("--backend-store", type="choice", metavar="BACKENDSTORE",
- choices=["tdb", "mdb"],
- help="Specify the database backend to be used "
- "(default is %s)" % get_default_backend_store()),
]
openldap_options = [
@@ -599,7 +599,8 @@ class cmd_domain_dcpromo(Command):
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None,
use_ntvfs=False, dns_backend=None,
- quiet=False, verbose=False, plaintext_secrets=False):
+ quiet=False, verbose=False, plaintext_secrets=False,
+ backend_store=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -623,13 +624,15 @@ class cmd_domain_dcpromo(Command):
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend,
- promote_existing=True, plaintext_secrets=plaintext_secrets)
+ promote_existing=True, plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
elif role == "RODC":
join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend,
- promote_existing=True, plaintext_secrets=plaintext_secrets)
+ promote_existing=True, plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
else:
raise CommandError("Invalid role '%s' (possible values: DC, RODC)" % role)
@@ -678,7 +681,9 @@ class cmd_domain_join(Command):
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None,
use_ntvfs=False, dns_backend=None, adminpass=None,
- quiet=False, verbose=False, plaintext_secrets=False):
+ quiet=False, verbose=False,
+ plaintext_secrets=False,
+ backend_store=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
@@ -711,14 +716,16 @@ class cmd_domain_join(Command):
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend,
- plaintext_secrets=plaintext_secrets)
+ plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
elif role == "RODC":
join_RODC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend,
- plaintext_secrets=plaintext_secrets)
+ plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
elif role == "SUBDOMAIN":
if not adminpass:
logger.info("Administrator password will be set randomly!")
@@ -732,7 +739,8 @@ class cmd_domain_join(Command):
targetdir=targetdir, machinepass=machinepass,
use_ntvfs=use_ntvfs, dns_backend=dns_backend,
adminpass=adminpass,
- plaintext_secrets=plaintext_secrets)
+ plaintext_secrets=plaintext_secrets,
+ backend_store=backend_store)
else:
raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
--
2.11.0
From 86a707c73429be0a8b0402bad6c2bc9e2379341d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:30:17 +1200
Subject: [PATCH 7/8] samba-tool domain: Create a common --use-ntvfs option for
provision, join, dcpromo and classicupgrade
The NTVFS fileserver mode is still integral to the selftest system (often simply used to
make the rest of the command run and not fuss with POSIX ACLs and permissions).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index a1a936d98d9..9f914ea0403 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -120,6 +120,11 @@ common_provision_join_options = [
Option("--quiet", help="Be quiet", action="store_true"),
]
+common_ntvfs_options = [
+ Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
+ action="store_true")
+]
+
def get_testparm_var(testparm, smbconf, varname):
errfile = open(os.devnull, 'w')
p = subprocess.Popen([testparm, '-s', '-l',
@@ -280,7 +285,6 @@ class cmd_domain_provision(Command):
]
ntvfs_options = [
- Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for "
@@ -295,7 +299,8 @@ class cmd_domain_provision(Command):
takes_options.extend(openldap_options)
if samba.is_ntvfs_fileserver_built():
- takes_options.extend(ntvfs_options)
+ takes_options.extend(common_ntvfs_options)
+ takes_options.extend(ntvfs_options)
takes_args = []
@@ -585,12 +590,8 @@ class cmd_domain_dcpromo(Command):
takes_options.extend(common_provision_join_options)
- ntvfs_options = [
- Option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)"),
- ]
-
if samba.is_ntvfs_fileserver_built():
- takes_options.extend(ntvfs_options)
+ takes_options.extend(common_ntvfs_options)
takes_args = ["domain", "role?"]
@@ -1573,8 +1574,6 @@ class cmd_domain_classicupgrade(Command):
]
ntvfs_options = [
- Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
- action="store_true"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"],
metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for "
@@ -1583,6 +1582,7 @@ class cmd_domain_classicupgrade(Command):
default="auto")
]
if samba.is_ntvfs_fileserver_built():
+ takes_options.extend(common_ntvfs_options)
takes_options.extend(ntvfs_options)
takes_args = ["smbconf"]
--
2.11.0
From f2c95b34aeb002f9b60b6bff0eb398fa0b20f6be Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 14 May 2018 11:49:23 +1200
Subject: [PATCH 8/8] samba-tool domain: Spit out common options between
dcpromo and join
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
python/samba/netcmd/domain.py | 44 ++++++++++++++++++-------------------------
1 file changed, 18 insertions(+), 26 deletions(-)
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 9f914ea0403..24159fcc742 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -120,6 +120,21 @@ common_provision_join_options = [
Option("--quiet", help="Be quiet", action="store_true"),
]
+common_join_options = [
+ Option("--server", help="DC to join", type=str),
+ Option("--site", help="site to join", type=str),
+ Option("--domain-critical-only",
+ help="only replicate critical domain objects",
+ action="store_true"),
+ Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
+ choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
+ help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
+ "BIND9_DLZ uses samba4 AD to store zone information, "
+ "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
+ default="SAMBA_INTERNAL"),
+ Option("--verbose", help="Be verbose", action="store_true")
+]
+
common_ntvfs_options = [
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
action="store_true")
@@ -573,20 +588,8 @@ class cmd_domain_dcpromo(Command):
"credopts": options.CredentialsOptions,
}
- takes_options = [
- Option("--server", help="DC to join", type=str),
- Option("--site", help="site to join", type=str),
- Option("--domain-critical-only",
- help="only replicate critical domain objects",
- action="store_true"),
- Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
- choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
- help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
- "BIND9_DLZ uses samba4 AD to store zone information, "
- "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
- default="SAMBA_INTERNAL"),
- Option("--verbose", help="Be verbose", action="store_true")
- ]
+ takes_options = []
+ takes_options.extend(common_join_options)
takes_options.extend(common_provision_join_options)
@@ -650,27 +653,16 @@ class cmd_domain_join(Command):
}
takes_options = [
- Option("--server", help="DC to join", type=str),
- Option("--site", help="site to join", type=str),
Option("--parent-domain", help="parent domain to create subdomain under", type=str),
- Option("--domain-critical-only",
- help="only replicate critical domain objects",
- action="store_true"),
Option("--adminpass", type="string", metavar="PASSWORD",
help="choose adminstrator password when joining as a subdomain (otherwise random)"),
- Option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND",
- choices=["SAMBA_INTERNAL", "BIND9_DLZ", "NONE"],
- help="The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), "
- "BIND9_DLZ uses samba4 AD to store zone information, "
- "NONE skips the DNS setup entirely (this DC will not be a DNS server)",
- default="SAMBA_INTERNAL"),
- Option("--verbose", help="Be verbose", action="store_true")
]
ntvfs_options = [
Option("--use-ntvfs", help="Use NTVFS for the fileserver (default = no)",
action="store_true")
]
+ takes_options.extend(common_join_options)
takes_options.extend(common_provision_join_options)
if samba.is_ntvfs_fileserver_built():
--
2.11.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180515/08c8101f/signature.sig>
More information about the samba-technical
mailing list