summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/provision/__init__.py13
-rw-r--r--source4/scripting/python/samba/upgrade.py8
2 files changed, 14 insertions, 7 deletions
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index e39a6c45ae..c7fda92f5e 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1594,7 +1594,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
invocationid=None, machinepass=None, ntdsguid=None,
dns_backend=None, dnspass=None,
serverrole=None, dom_for_fun_level=None,
- am_rodc=False, lp=None, use_ntvfs=False):
+ am_rodc=False, lp=None, use_ntvfs=False, skip_sysvolacl=True):
# create/adapt the group policy GUIDs
# Default GUID for default policy are described at
# "How Core Group Policy Works"
@@ -1631,8 +1631,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
# policy)
create_default_gpo(paths.sysvol, names.dnsdomain, policyguid,
policyguid_dc)
- setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid,
- domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs)
+ if not skip_sysvolacl:
+ setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid, paths.wheel_gid,
+ domainsid, names.dnsdomain, names.domaindn, lp, use_ntvfs)
secretsdb_self_join(secrets_ldb, domain=names.domain,
realm=names.realm, dnsdomain=names.dnsdomain,
@@ -1766,7 +1767,8 @@ def provision(logger, session_info, credentials, smbconf=None,
ol_mmr_urls=None, ol_olc=None, slapd_path="/bin/false",
useeadb=False, am_rodc=False,
lp=None, use_ntvfs=False,
- use_rfc2307=False, maxuid=None, maxgid=None):
+ use_rfc2307=False, maxuid=None, maxgid=None,
+ skip_sysvolacl=True):
"""Provision samba4
:note: caution, this wipes all existing data!
@@ -2014,7 +2016,8 @@ def provision(logger, session_info, credentials, smbconf=None,
ntdsguid=ntdsguid, dns_backend=dns_backend,
dnspass=dnspass, serverrole=serverrole,
dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
- lp=lp, use_ntvfs=use_ntvfs)
+ lp=lp, use_ntvfs=use_ntvfs,
+ skip_sysvolacl=skip_sysvolacl)
create_krb5_conf(paths.krb5conf,
dnsdomain=names.dnsdomain, hostname=names.hostname,
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 10aa0ec6b7..19a42c786a 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -26,7 +26,7 @@ import pwd
from samba import Ldb, registry
from samba.param import LoadParm
-from samba.provision import provision, FILL_FULL, ProvisioningError
+from samba.provision import provision, FILL_FULL, ProvisioningError, setsysvolacl
from samba.samba3 import passdb
from samba.samba3 import param as s3param
from samba.dcerpc import lsa, samr, security
@@ -828,7 +828,7 @@ Please fix this account before attempting to upgrade again
hostname=netbiosname.lower(), machinepass=machinepass,
serverrole=serverrole, samdb_fill=FILL_FULL,
useeadb=useeadb, dns_backend=dns_backend, use_rfc2307=True,
- use_ntvfs=use_ntvfs)
+ use_ntvfs=use_ntvfs, skip_sysvolacl=True)
result.report_logger(logger)
# Import WINS database
@@ -902,5 +902,9 @@ Please fix this account before attempting to upgrade again
s4_passdb.update_sam_account(admin_userdata)
logger.info("Administrator password has been set to password of user '%s'", admin_user)
+ if result.server_role == "active directory domain controller":
+ setsysvolacl(result.samdb, result.paths.netlogon, result.paths.sysvol, result.paths.root_uid, result.paths.wheel_gid,
+ security.dom_sid(result.domainsid), result.names.dnsdomain, result.names.domaindn, result.lp, use_ntvfs)
+
# FIXME: import_registry(registry.Registry(), samba3.get_registry())
# FIXME: shares