summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/provision/__init__.py18
-rw-r--r--source4/setup/provision_self_join.ldif7
-rw-r--r--source4/setup/provision_self_join_modify.ldif8
3 files changed, 20 insertions, 13 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 761caa2dce..827d72b5e4 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1065,7 +1065,7 @@ def setup_samdb_rootdse(samdb, names):
})
-def setup_self_join(samdb, names, fill, machinepass, dnspass,
+def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass,
domainsid, next_rid, invocationid,
policyguid, policyguid_dc, domainControllerFunctionality,
ntdsguid, dc_rid=None):
@@ -1093,7 +1093,9 @@ def setup_self_join(samdb, names, fill, machinepass, dnspass,
"SAMBA_VERSION_STRING": version,
"NTDSGUID": ntdsguid_line,
"DOMAIN_CONTROLLER_FUNCTIONALITY": str(
- domainControllerFunctionality)})
+ domainControllerFunctionality),
+ "RIDALLOCATIONSTART": str(next_rid + 100),
+ "RIDALLOCATIONEND": str(next_rid + 100 + 499)})
setup_add_ldif(samdb, setup_path("provision_group_policy.ldif"), {
"POLICYGUID": policyguid,
@@ -1124,18 +1126,24 @@ def setup_self_join(samdb, names, fill, machinepass, dnspass,
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DEFAULTSITE": names.sitename,
+ "NETBIOSNAME": names.netbiosname,
"SERVERDN": names.serverdn,
})
+ system_session_info = system_session()
+ samdb.set_session_info(system_session_info)
# Setup fSMORoleOwner entries to point at the newly created DC entry
+
+ # to modify a serverReference under cn=config when we are a subdomain, we must
+ # be system due to ACLs
setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
"DOMAINDN": names.domaindn,
"SERVERDN": names.serverdn,
"NETBIOSNAME": names.netbiosname,
- "RIDALLOCATIONSTART": str(next_rid + 100),
- "RIDALLOCATIONEND": str(next_rid + 100 + 499),
})
+ samdb.set_session_info(admin_session_info)
+
# This is Samba4 specific and should be replaced by the correct
# DNS AD-style setup
setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
@@ -1425,7 +1433,7 @@ def fill_samdb(samdb, lp, names,
})
logger.info("Setting up self join")
- setup_self_join(samdb, names=names, fill=fill, invocationid=invocationid,
+ setup_self_join(samdb, admin_session_info, names=names, fill=fill, invocationid=invocationid,
dnspass=dnspass,
machinepass=machinepass,
domainsid=domainsid,
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index b19db78b72..f77ac5710e 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -20,3 +20,10 @@ sAMAccountName: ${NETBIOSNAME}$
userAccountControl: 532480
clearTextPassword:: ${MACHINEPASS_B64}
objectSid: ${DOMAINSID}-${DCRID}
+
+dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+objectClass: rIDSet
+rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
+rIDUsedPool: 0
+rIDNextRID: ${RIDALLOCATIONSTART}
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index 7b5c562ed0..dcdeee39d4 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -15,14 +15,6 @@ changetype: modify
replace: fSMORoleOwner
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
-dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
-changetype: add
-objectClass: rIDSet
-rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
-rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
-rIDUsedPool: 0
-rIDNextRID: ${RIDALLOCATIONSTART}
-
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
changetype: modify
add: rIDSetReferences