Usability of 'samba-tool domain provision'
Jeremy Allison
jra at samba.org
Tue Jun 28 23:11:57 UTC 2016
On Mon, Jun 06, 2016 at 04:26:52PM +0100, Rowland Penny wrote:
> On 06/06/16 08:04, Rowland Penny wrote:
> >On 06/06/16 06:41, Andrew Bartlett wrote:
> >>On Fri, 2016-06-03 at 13:44 +0100, Rowland Penny wrote:
> >>> From d5ce8d2545731f825a18b094eb86992b24dddd75 Mon Sep 17 00:00:00
> >>>2001
> >>>From: Rowland Penny <rpenny at samba.org>
> >>>Date: Thu, 2 Jun 2016 15:41:51 +0100
> >>>Subject: [PATCH] samba-tool domain provision, remove unused
> >>>server roles.
> >>As per --use-xattrs, can we start by marking this deprecated?
> >>
> >>That will avoid needing to restructure the tests right now (which do
> >>use this option), and avoid breaking scripts that might specify the -
> >>-server-role=dc default.
> >>
> >>Thanks,
> >>
> >>Andrew Bartlett
> >>
> >
> >OK, I will also add something to the main help, along the lines of
> >'only provisioning a DC actually works'.
> >
> >Rowland
> >
>
> OK, lets try again, please see attached patches.
Ping. Can someone on the Team with python expertise review Rowland's patches
please ?
I'd do it, but I'd really have to learn more python first :-).
Jeremy.
> From 5ad2103038f8109906764d108af8422c1fef694e Mon Sep 17 00:00:00 2001
> From: Rowland Penny <rpenny at samba.org>
> Date: Mon, 6 Jun 2016 15:43:59 +0100
> Subject: [PATCH 1/5] samba-tool domain provision, mark '--server-role' option
> as depreciated and don't ask for server_role if run
> interactively.
>
> Signed-off-by: Rowland Penny <rpenny at samba.org>
> ---
> python/samba/netcmd/domain.py | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
> index fd26d93..703441b 100644
> --- a/python/samba/netcmd/domain.py
> +++ b/python/samba/netcmd/domain.py
> @@ -221,7 +221,7 @@ class cmd_domain_provision(Command):
> choices=["fedora-ds", "openldap"]),
> Option("--server-role", type="choice", metavar="ROLE",
> choices=["domain controller", "dc", "member server", "member", "standalone"],
> - help="The server role (domain controller | dc | member server | member | standalone). Default is dc.",
> + help="The server role (domain controller | dc | member server | member | standalone). Default is dc. (depreciated)",
> default="domain controller"),
> Option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
> choices=["2000", "2003", "2008", "2008_R2"],
> @@ -348,7 +348,7 @@ class cmd_domain_provision(Command):
> if domain is None:
> raise CommandError("No domain set!")
>
> - server_role = ask("Server Role (dc, member, standalone)", "dc")
> + server_role = "dc"
>
> dns_backend = ask("DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)", "SAMBA_INTERNAL")
> if dns_backend in (None, ''):
> --
> 1.7.10.4
>
> From cb917fa550770cfa2687b909f4d52f68743b4054 Mon Sep 17 00:00:00 2001
> From: Rowland Penny <rpenny at samba.org>
> Date: Mon, 6 Jun 2016 16:01:11 +0100
> Subject: [PATCH 2/5] samba-tool domain provision, make 'domain' help a bit
> more friendly, it also checks if the domain name is not
> the same as the 'realm' name.
>
> Signed-off-by: Rowland Penny <rpenny at samba.org>
> ---
> python/samba/netcmd/domain.py | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
> index 703441b..0ca4c7f 100644
> --- a/python/samba/netcmd/domain.py
> +++ b/python/samba/netcmd/domain.py
> @@ -173,7 +173,7 @@ class cmd_domain_provision(Command):
> takes_options = [
> Option("--interactive", help="Ask for names", action="store_true"),
> Option("--domain", type="string", metavar="DOMAIN",
> - help="NetBIOS domain name to use"),
> + help="The NetBIOS domain name to use (also known as 'workgroup'"),
> Option("--domain-guid", type="string", metavar="GUID",
> help="set domainguid (otherwise random)"),
> Option("--domain-sid", type="string", metavar="SID",
> @@ -348,6 +348,10 @@ class cmd_domain_provision(Command):
> if domain is None:
> raise CommandError("No domain set!")
>
> + if realm == domain:
> + raise CommandError("The NetBIOS domain name cannot be the same \
> +as the realm")
> +
> server_role = "dc"
>
> dns_backend = ask("DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)", "SAMBA_INTERNAL")
> @@ -375,9 +379,12 @@ class cmd_domain_provision(Command):
> else:
> realm = sambaopts._lp.get('realm')
> if realm is None:
> - raise CommandError("No realm set!")
> + raise CommandError("You must supply the realm name!")
> if domain is None:
> - raise CommandError("No domain set!")
> + raise CommandError("You must supply the NetBIOS domain name!")
> + if realm == domain:
> + raise CommandError("The NetBIOS domain name cannot be the same \
> +as the realm")
>
> if not adminpass:
> self.logger.info("Administrator password will be set randomly!")
> --
> 1.7.10.4
>
> From 1504d00b28effaf74b981b7755dbb116cad0a277 Mon Sep 17 00:00:00 2001
> From: Rowland Penny <rpenny at samba.org>
> Date: Mon, 6 Jun 2016 16:05:29 +0100
> Subject: [PATCH 3/5] samba-tool domain provision, check length of NetBIOS
> domain name. This fixes bug 11925
>
> Signed-off-by: Rowland Penny <rpenny at samba.org>
> ---
> python/samba/netcmd/domain.py | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
> index 0ca4c7f..130a3b9 100644
> --- a/python/samba/netcmd/domain.py
> +++ b/python/samba/netcmd/domain.py
> @@ -348,6 +348,10 @@ class cmd_domain_provision(Command):
> if domain is None:
> raise CommandError("No domain set!")
>
> + if len(domain) > 15:
> + raise CommandError("The maximum length of the NetBIOS domain \
> +name is 15 characters")
> +
> if realm == domain:
> raise CommandError("The NetBIOS domain name cannot be the same \
> as the realm")
> @@ -382,6 +386,9 @@ as the realm")
> raise CommandError("You must supply the realm name!")
> if domain is None:
> raise CommandError("You must supply the NetBIOS domain name!")
> + if len(domain) > 15:
> + raise CommandError("The maximum length of the NetBIOS domain \
> +name is 15 characters")
> if realm == domain:
> raise CommandError("The NetBIOS domain name cannot be the same \
> as the realm")
> --
> 1.7.10.4
>
> From ecb9bba0bc37768fc6f085853d89ec65c82f5cb1 Mon Sep 17 00:00:00 2001
> From: Rowland Penny <rpenny at samba.org>
> Date: Mon, 6 Jun 2016 16:15:58 +0100
> Subject: [PATCH 4/5] samba-tool domain provision, make 'interactive' ask if
> 'use_rfc2307' should be used. It also sets 'use_xattrs'
> to 'auto' if not set on the command line.
>
> Signed-off-by: Rowland Penny <rpenny at samba.org>
> ---
> python/samba/netcmd/domain.py | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
> index 130a3b9..e885562 100644
> --- a/python/samba/netcmd/domain.py
> +++ b/python/samba/netcmd/domain.py
> @@ -235,7 +235,7 @@ class cmd_domain_provision(Command):
> help="Set target directory"),
> Option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
> help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\""),
> - Option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto"),
> + Option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities (depreciated)", default="auto"),
>
> Option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)"),
> ]
> @@ -321,6 +321,9 @@ class cmd_domain_provision(Command):
> if len(self.raw_argv) == 1:
> interactive = True
>
> + if use_xattrs is None:
> + use_xattrs = "auto"
> +
> if interactive:
> from getpass import getpass
> import socket
> @@ -368,6 +371,11 @@ as the realm")
> suggested_forwarder = None
> dns_forwarder = None
>
> + if use_rfc2307 is None:
> + use_rfc2307 = ask("Use AD to store posix attributes (yes, no)", "no")
> + if use_rfc2307 in (None, ''):
> + raise CommandError("Use rfc2307 not set!")
> +
> while True:
> adminpassplain = getpass("Administrator password: ")
> if not adminpassplain:
> --
> 1.7.10.4
>
> From ef9e2facc9d088b98bd77172d467c626c12323fe Mon Sep 17 00:00:00 2001
> From: Rowland Penny <rpenny at samba.org>
> Date: Mon, 6 Jun 2016 16:21:05 +0100
> Subject: [PATCH 5/5] samba-tool domain provision, add examples to help.
>
> Signed-off-by: Rowland Penny <rpenny at samba.org>
> ---
> python/samba/netcmd/domain.py | 32 +++++++++++++++++++++++++++++++-
> 1 file changed, 31 insertions(+), 1 deletion(-)
>
> diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
> index e885562..91c4d97 100644
> --- a/python/samba/netcmd/domain.py
> +++ b/python/samba/netcmd/domain.py
> @@ -161,7 +161,37 @@ class cmd_domain_info(Command):
>
>
> class cmd_domain_provision(Command):
> - """Provision a domain."""
> + """Provision a domain.
> +
> +This command provisions a new Active Directory domain. You must supply the
> +Realm name and the NetBIOS domain name via '--realm=' & '--domain=", xattr's
> +will be used if your system supports them.
> +
> +You can run the command interactively or supply options with the command.
> +
> +Example1:
> +samba-tool domain provision --realm=SAMBA.EXAMPLE.COM --domain=SAMBA \
> +--use-rfc2307 --adminpass=P4$$word
> +
> +Example1 will provision a new domain, using the realm name 'SAMBA.EXAMPLE.COM'
> +and the NetBIOS (workgroup) name 'SAMBA', it will also use RFC2307 attributes.
> +It will use the default 2008_R2 function level and the internal DNS server.
> +
> +Example2:
> +samba-tool domain provision --realm=SAMBA.EXAMPLE.COM --doman=SAMBA \
> +--use-rfc2307 --dns-backend= BIND9_DLZ --adminpass=P4$$word
> +
> +Example2 will provision a new domain, using the realm name 'SAMBA.EXAMPLE.COM'
> +and the NetBIOS (workgroup) name 'SAMBA', it will also use RFC2307 attributes.
> +It will use the default 2008_R2 function level and Bind9 for the DNS server.
> +
> +Example3:
> +samba-tool domain provision --realm=SAMBA.EXAMPLE.COM --domain=SAMBA \
> +--interactive
> +
> +Example3 will provision a new domain, using the realm name 'SAMBA.EXAMPLE.COM'
> +and the NetBIOS (workgroup) name 'SAMBA', it will ask for further information
> +via the command line."""
>
> synopsis = "%prog [options]"
>
> --
> 1.7.10.4
>
More information about the samba-technical
mailing list