diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-07-14 08:15:50 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-07-16 09:23:35 +1000 |
| commit | 271b5af92e9aada36adc648a6dd43a13c5aed340 (patch) | |
| tree | a82d7670ea64704670b09feffd83f6db23a1c433 /source4/scripting/python | |
| parent | ba58edd0bc2d77c6ed1b6a76f33787da9031db5b (diff) | |
| download | samba-271b5af92e9aada36adc648a6dd43a13c5aed340.tar.gz samba-271b5af92e9aada36adc648a6dd43a13c5aed340.tar.bz2 samba-271b5af92e9aada36adc648a6dd43a13c5aed340.zip | |
s4:dsdb Handle dc/domain/forest functional levels properly
Rather than have the functional levels scattered in 4 different,
unconnected locations, the provision script now sets it, and the
rootdse module maintains it's copy only as a cached view onto the
original values.
We also use the functional level to determine if we should store AES
Kerberos keys.
Andrew Bartlett
Diffstat (limited to 'source4/scripting/python')
| -rw-r--r-- | source4/scripting/python/pyglue.c | 6 | ||||
| -rw-r--r-- | source4/scripting/python/samba/__init__.py | 5 | ||||
| -rw-r--r-- | source4/scripting/python/samba/provision.py | 24 |
3 files changed, 30 insertions, 5 deletions
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index abd018f6fc..c6b731ce8b 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -362,5 +362,11 @@ void initglue(void) return; PyModule_AddObject(m, "version", PyString_FromString(SAMBA_VERSION_STRING)); + + PyModule_AddObject(m, "DS_BEHAVIOR_WIN2000", PyInt_FromLong(DS_BEHAVIOR_WIN2000)); + PyModule_AddObject(m, "DS_BEHAVIOR_WIN2003_INTERIM", PyInt_FromLong(DS_BEHAVIOR_WIN2003_INTERIM)); + PyModule_AddObject(m, "DS_BEHAVIOR_WIN2003", PyInt_FromLong(DS_BEHAVIOR_WIN2003)); + PyModule_AddObject(m, "DS_BEHAVIOR_WIN2008", PyInt_FromLong(DS_BEHAVIOR_WIN2008)); + } diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 60a7919136..e3ebc4a637 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -242,3 +242,8 @@ def valid_netbios_name(name): return True version = glue.version + +DS_BEHAVIOR_WIN2000 = glue.DS_BEHAVIOR_WIN2000 +DS_BEHAVIOR_WIN2003_INTERIM = glue.DS_BEHAVIOR_WIN2003_INTERIM +DS_BEHAVIOR_WIN2003 = glue.DS_BEHAVIOR_WIN2003 +DS_BEHAVIOR_WIN2008 = glue.DS_BEHAVIOR_WIN2008 diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 189c93a1fc..8f57105224 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -37,7 +37,8 @@ import param import registry import samba from auth import system_session -from samba import Ldb, substitute_var, valid_netbios_name, check_all_substituted +from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \ + DS_BEHAVIOR_WIN2000, DS_BEHAVIOR_WIN2003_INTERIM, DS_BEHAVIOR_WIN2003, DS_BEHAVIOR_WIN2008 from samba.samdb import SamDB from samba.idmap import IDmapDB from samba.dcerpc import security @@ -729,7 +730,7 @@ def setup_samdb_rootdse(samdb, setup_path, names): def setup_self_join(samdb, names, machinepass, dnspass, domainsid, invocationid, setup_path, - policyguid): + policyguid, domainControllerFunctionality): """Join a host to its own domain.""" assert isinstance(invocationid, str) setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), { @@ -745,7 +746,9 @@ def setup_self_join(samdb, names, "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, - "DNSDOMAIN": names.dnsdomain}) + "DNSDOMAIN": names.dnsdomain, + "SAMBA_VERSION_STRING": version, + "DOMAIN_CONTROLLER_FUNCTIONALITY": str(domainControllerFunctionality)}) setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), { "POLICYGUID": policyguid, "DNSDOMAIN": names.dnsdomain, @@ -765,6 +768,10 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, :note: This will wipe the main SAM database file! """ + domainFunctionality = DS_BEHAVIOR_WIN2008 + forestFunctionality = DS_BEHAVIOR_WIN2008 + domainControllerFunctionality = DS_BEHAVIOR_WIN2008 + erase = (fill != FILL_DRS) # Also wipes the database @@ -780,6 +787,11 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, return samdb message("Pre-loading the Samba 4 and AD schema") + + samdb.set_opaque_integer("domainFunctionality", domainFunctionality) + samdb.set_opaque_integer("forestFunctionality", forestFunctionality) + samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality) + samdb.set_domain_sid(str(domainsid)) if serverrole == "domain controller": samdb.set_invocation_id(invocationid) @@ -818,6 +830,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "POLICYGUID": policyguid, "DOMAINDN": names.domaindn, "DOMAINGUID_MOD": domainguid_mod, + "DOMAIN_FUNCTIONALITY": str(domainFunctionality) }) message("Adding configuration container (permitted to fail)") @@ -864,7 +877,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, "DOMAIN": names.domain, "SCHEMADN": names.schemadn, "DOMAINDN": names.domaindn, - "SERVERDN": names.serverdn + "SERVERDN": names.serverdn, + "FOREST_FUNCTIONALALITY": str(forestFunctionality) }) message("Setting up display specifiers") @@ -908,7 +922,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, dnspass=dnspass, machinepass=machinepass, domainsid=domainsid, policyguid=policyguid, - setup_path=setup_path) + setup_path=setup_path, domainControllerFunctionality=domainControllerFunctionality) except: samdb.transaction_cancel() |