diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-08-13 13:32:18 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-13 20:18:41 +1000 |
| commit | 070b970a9d0b4c490d652eb1c5aa5fb23cc7b6a6 (patch) | |
| tree | 67dfd98e5fbde74440fd75ed3e2913af59024c7c | |
| parent | daa78ead19fcbfcd5aa169d96c11ab8df49efe4b (diff) | |
| download | samba-070b970a9d0b4c490d652eb1c5aa5fb23cc7b6a6.tar.gz samba-070b970a9d0b4c490d652eb1c5aa5fb23cc7b6a6.tar.bz2 samba-070b970a9d0b4c490d652eb1c5aa5fb23cc7b6a6.zip | |
s4-provision Add support for fixing the DC rid to a particular value
This will allow an upgraded DC to keep its SID, while being upgraded
to AD. We also watch for the highest RID in the existing DB to set
next_rid for other additional users.
Andrew Bartlett
| -rw-r--r-- | source4/scripting/python/samba/provision/__init__.py | 34 | ||||
| -rw-r--r-- | source4/scripting/python/samba/upgrade.py | 11 |
2 files changed, 29 insertions, 16 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 17f8e0f15b..1b32a41059 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -1069,13 +1069,17 @@ def setup_samdb_rootdse(samdb, names): def setup_self_join(samdb, names, machinepass, dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc, domainControllerFunctionality, - ntdsguid): + ntdsguid, dc_rid=None): """Join a host to its own domain.""" assert isinstance(invocationid, str) if ntdsguid is not None: ntdsguid_line = "objectGUID: %s\n"%ntdsguid else: ntdsguid_line = "" + + if dc_rid is None: + dc_rid = next_rid + setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, @@ -1086,7 +1090,7 @@ def setup_self_join(samdb, names, machinepass, dnspass, "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')), "DOMAINSID": str(domainsid), - "DCRID": str(next_rid), + "DCRID": str(dc_rid), "SAMBA_VERSION_STRING": version, "NTDSGUID": ntdsguid_line, "DOMAIN_CONTROLLER_FUNCTIONALITY": str( @@ -1175,12 +1179,15 @@ def setup_samdb(path, session_info, provision_backend, lp, names, logger, domainsid, domainguid, policyguid, policyguid_dc, fill, adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid, serverrole, am_rodc=False, dom_for_fun_level=None, schema=None, - next_rid=1000): + next_rid=None, dc_rid=None): """Setup a complete SAM Database. :note: This will wipe the main SAM database file! """ + if next_rid is None: + next_rid = 1000 + # Provision does not make much sense values larger than 1000000000 # as the upper range of the rIDAvailablePool is 1073741823 and # we don't want to create a domain that cannot allocate rids. @@ -1386,14 +1393,15 @@ def setup_samdb(path, session_info, provision_backend, lp, names, logger.info("Setting up self join") setup_self_join(samdb, names=names, invocationid=invocationid, - dnspass=dnspass, - machinepass=machinepass, - domainsid=domainsid, - next_rid=next_rid, - policyguid=policyguid, - policyguid_dc=policyguid_dc, - domainControllerFunctionality=domainControllerFunctionality, - ntdsguid=ntdsguid) + dnspass=dnspass, + machinepass=machinepass, + domainsid=domainsid, + next_rid=next_rid, + dc_rid=dc_rid, + policyguid=policyguid, + policyguid_dc=policyguid_dc, + domainControllerFunctionality=domainControllerFunctionality, + ntdsguid=ntdsguid) ntds_dn = "CN=NTDS Settings,%s" % names.serverdn names.ntdsguid = samdb.searchone(basedn=ntds_dn, @@ -1510,7 +1518,7 @@ def provision(logger, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, - next_rid=1000, adminpass=None, ldapadminpass=None, krbtgtpass=None, + next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, machinepass=None, ntdsguid=None, dnspass=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, @@ -1712,7 +1720,7 @@ def provision(logger, session_info, credentials, smbconf=None, invocationid=invocationid, machinepass=machinepass, dnspass=dnspass, ntdsguid=ntdsguid, serverrole=serverrole, dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc, - next_rid=next_rid) + next_rid=next_rid, dc_rid=dc_rid) if serverrole == "domain controller": if paths.netlogon is None: diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index e333174d13..351581c6ee 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -416,8 +416,9 @@ def upgrade_from_samba3(samba3, logger, session_info, smbconf, targetdir): # Find machine account and password machinepass = None - machinerid = 2000 + machinerid = None machinesid = None + next_rid = 1000 try: machinepass = secrets_db.get_machine_password(netbiosname) @@ -456,18 +457,22 @@ def upgrade_from_samba3(samba3, logger, session_info, smbconf, targetdir): userlist = old_passdb.search_users(0) userdata = {} for entry in userlist: - if machinesid and machinerid == entry['rid']: + if machinerid and machinerid == entry['rid']: continue username = entry['account_name'] if entry['rid'] < 1000: print("Skipping wellknown rid=%d (for username=%s)\n" % (entry['rid'], username)) continue + if entry['rid'] >= next_rid: + next_rid = entry['rid'] + 1 + userdata[username] = old_passdb.getsampwnam(username) # Do full provision result = provision(logger, session_info, None, targetdir=targetdir, realm=realm, domain=domainname, - domainsid=domainsid, next_rid=machinerid, + domainsid=domainsid, next_rid=next_rid, + dc_rid=machinerid, hostname=netbiosname, machinepass=machinepass, serverrole=serverrole, samdb_fill=FILL_FULL) |