diff options
author | Gerald Carter <jerry@samba.org> | 2006-05-13 04:39:19 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:01 -0500 |
commit | f1039b8fb461c6e1276dba8564f62ec1496a7b88 (patch) | |
tree | 1e8a5883ce479e51167806cec189030770d6fa4c /source3/utils | |
parent | 453e4b50aae52089eb2c2ae6a2abc3b48425ee55 (diff) | |
download | samba-f1039b8fb461c6e1276dba8564f62ec1496a7b88.tar.gz samba-f1039b8fb461c6e1276dba8564f62ec1496a7b88.tar.bz2 samba-f1039b8fb461c6e1276dba8564f62ec1496a7b88.zip |
r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....
Re-add the capability to specify an OU in which to create
the machine account. Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/net_ads.c | 76 |
1 files changed, 71 insertions, 5 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e75090449d..e913437ef1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -4,6 +4,7 @@ Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com) Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com) + Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1163,6 +1164,61 @@ done: return status; } + +/******************************************************************* + join a domain using ADS (LDAP mods) + ********************************************************************/ + +static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) +{ + ADS_STRUCT *ads_s = ads; + ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); + char *dn, *ou_str; + LDAPMessage *res = NULL; + + ou_str = ads_ou_string(ads, ou); + asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path); + free(ou_str); + + if ( !ads->ld ) { + ads_s = ads_init( ads->config.realm, NULL, ads->config.ldap_server_name ); + + if ( ads_s ) { + rc = ads_connect( ads_s ); + } + + if ( !ADS_ERR_OK(rc) ) { + goto done; + } + } + + rc = ads_search_dn(ads, (void**)&res, dn, NULL); + ads_msgfree(ads, res); + + if (!ADS_ERR_OK(rc)) { + goto done; + } + + /* Attempt to create the machine account and bail if this fails. + Assume that the admin wants exactly what they requested */ + + rc = ads_create_machine_acct( ads, global_myname(), dn ); + if ( rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS ) { + rc = ADS_SUCCESS; + goto done; + } + if ( !ADS_ERR_OK(rc) ) { + goto done; + } + +done: + if ( ads_s != ads ) + ads_destroy( &ads_s ); + SAFE_FREE( dn ); + + return rc; +} + /******************************************************************* join a domain using ADS (LDAP mods) ********************************************************************/ @@ -1183,11 +1239,9 @@ int net_ads_join(int argc, const char **argv) return -1; } - if (!(ads = ads_init(lp_realm(), NULL, NULL ))) { + if ( (ads = ads_startup()) == NULL ) { return -1; } - ads->auth.flags = ADS_AUTH_NO_BIND; - status = ads_connect(ads); if (strcmp(ads->config.realm, lp_realm()) != 0) { d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf " @@ -1197,12 +1251,24 @@ int net_ads_join(int argc, const char **argv) return -1; } - - if (!(ctx = talloc_init("net_join_domain"))) { + if (!(ctx = talloc_init("net_ads_join"))) { DEBUG(0, ("Could not initialise talloc context\n")); return -1; } + /* If we were given an OU, try to create the machine in the OU account + first and then do the normal RPC join */ + + if ( argc > 0 ) { + status = net_precreate_machine_acct( ads, argv[0] ); + if ( !ADS_ERR_OK(status) ) { + d_fprintf( stderr, "Failed to pre-create the machine object " + "in OU %s.\n", argv[0]); + ads_destroy( &ads ); + return -1; + } + } + /* Do the domain join here */ tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); |