diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-09-22 12:57:17 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:07:09 -0500 |
| commit | ee257e902ade941f734d5b647511d14e051ac0d1 (patch) | |
| tree | 3503b046dbb0efafe3906821be8641980fdbb598 /source4/scripting | |
| parent | 733591c079eb646344333bcad091839cd15992e7 (diff) | |
| download | samba-ee257e902ade941f734d5b647511d14e051ac0d1.tar.gz samba-ee257e902ade941f734d5b647511d14e051ac0d1.tar.bz2 samba-ee257e902ade941f734d5b647511d14e051ac0d1.zip | |
r25299: Modify the provision script to take an additional argument: --server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
Diffstat (limited to 'source4/scripting')
| -rw-r--r-- | source4/scripting/libjs/provision.js | 47 |
1 files changed, 39 insertions, 8 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index d6d4909499..502583507b 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -489,6 +489,17 @@ function provision_fix_subobj(subobj, paths) subobj.NETLOGONPATH = paths.netlogon; subobj.SYSVOLPATH = paths.sysvol; + if (subobj.DOMAIN_CONF == undefined) { + subobj.DOMAIN_CONF = subobj.DOMAIN; + } + if (subobj.REALM_CONF == undefined) { + subobj.REALM_CONF = subobj.REALM; + } + if (subobj.SERVERROLE != "domain controller") { + subobj.REALM = subobj.HOSTNAME; + subobj.DOMAIN = subobj.HOSTNAME; + } + return true; } @@ -536,6 +547,8 @@ function provision_become_dc(subobj, message, erase, paths, session_info) setup_ldb("secrets.ldif", info, paths.secrets, false); + setup_ldb("secrets_dc.ldif", info, paths.secrets, false); + return true; } @@ -571,8 +584,16 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda /* only install a new smb.conf if there isn't one there already */ var st = sys.stat(paths.smbconf); if (st == undefined) { + var smbconfsuffix; + if (subobj.ROLE == "domain controller") { + smbconfsuffix = "dc"; + } else if (subobj.ROLE == "member server") { + smbconfsuffix = "member"; + } else { + smbconfsuffix = subobj.ROLE; + } message("Setting up " + paths.smbconf +"\n"); - setup_file("provision.smb.conf", info.message, paths.smbconf, subobj); + setup_file("provision.smb.conf." + smbconfsuffix, info.message, paths.smbconf, subobj); lp.reload(); } /* only install a new shares config db if there is none */ @@ -724,7 +745,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda message("Setting up sam.ldb users and groups\n"); setup_add_ldif("provision_users.ldif", info, samdb, false); - if (lp.get("server role") == "domain controller") { + if (subobj.SERVERROLE == "domain controller") { message("Setting up self join\n"); setup_add_ldif("provision_self_join.ldif", info, samdb, false); setup_add_ldif("provision_group_policy.ldif", info, samdb, false); @@ -737,6 +758,9 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda sys.mkdir(paths.sysvol + "/"+ subobj.DNSDOMAIN + "/Policies/{" + subobj.POLICYGUID + "}/User", 0755); sys.mkdir(paths.netlogon, 0755); + + setup_ldb("secrets_dc.ldif", info, paths.secrets, false); + } if (setup_name_mappings(info, samdb) == false) { @@ -809,8 +833,8 @@ function provision_schema(subobj, message, tmp_schema_path, paths) function provision_dns(subobj, message, paths, session_info, credentials) { var lp = loadparm_init(); - if (lp.get("server role") != "domain controller") { - message("No DNS zone required for role %s\n", lp.get("server role")); + if (subobj.SERVERROLE != "domain controller") { + message("No DNS zone required for role %s\n", subobj.SERVERROLE); return; } message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n"); @@ -886,6 +910,7 @@ function provision_guess() var rdn_list; random_init(local); + subobj.SERVERROLE = strlower(lp.get("server role")); subobj.REALM = strupper(lp.get("realm")); subobj.DOMAIN = lp.get("workgroup"); subobj.HOSTNAME = hostname(); @@ -1100,15 +1125,21 @@ function provision_validate(subobj, message) } - if (strupper(lp.get("workgroup")) != strupper(subobj.DOMAIN)) { + if (strupper(lp.get("workgroup")) != strupper(subobj.DOMAIN_CONF)) { message("workgroup '%s' in smb.conf must match chosen domain '%s'\n", - lp.get("workgroup"), subobj.DOMAIN); + lp.get("workgroup"), subobj.DOMAIN_CONF); return false; } - if (strupper(lp.get("realm")) != strupper(subobj.REALM)) { + if (strupper(lp.get("realm")) != strupper(subobj.REALM_CONF)) { message("realm '%s' in smb.conf must match chosen realm '%s'\n", - lp.get("realm"), subobj.REALM); + lp.get("realm"), subobj.REALM_CONF); + return false; + } + + if (strupper(lp.get("server role")) != strupper(subobj.SERVERROLE)) { + message("server role '%s' in smb.conf must match chosen role '%s'\n", + lp.get("server role"), subobj.SERVERROLE); return false; } |