From 588c50f11e42bf6d21d1d213302001d178533f66 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 7 Sep 2011 17:21:07 +1000 Subject: s4-subdomain: fixed domain guid choice for subdomain join We need to use the domain GUID that the server choose in the ncName link Pair-Programmed-With: Andrew Bartlett --- source4/scripting/python/samba/join.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index e30d699d92..eb31ea9767 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -34,6 +34,7 @@ from samba.dcerpc import security import logging import talloc import random +import time # this makes debugging easier talloc.enable_null_tracking() @@ -123,7 +124,6 @@ class dc_join(object): ctx.drsuapi = None ctx.managedby = None ctx.subdomain = False - ctx.domguid = None def del_noerror(ctx, dn, recursive=False): @@ -346,6 +346,10 @@ class dc_join(object): print("DsAddEntry failed with status %s info %s" % (ctr.err_data.status, ctr.err_data.info.extended_err)) raise RuntimeError("DsAddEntry failed") + if ctr.err_data.dir_err != drsuapi.DRSUAPI_DIRERR_OK: + print("DsAddEntry failed with dir_err %u" % ctr.err_data.dir_err) + raise RuntimeError("DsAddEntry failed") + def join_add_ntdsdsa(ctx): '''add the ntdsdsa object''' @@ -539,7 +543,6 @@ class dc_join(object): configdn=ctx.config_dn, serverdn=ctx.server_dn, domain=ctx.domain_name, hostname=ctx.myname, domainsid=ctx.domsid, - domainguid=ctx.domguid, machinepass=ctx.acct_pass, serverrole="domain controller", sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid) print "Provision OK for domain DN %s" % presult.domaindn @@ -561,6 +564,13 @@ class dc_join(object): ctx.samdb.set_invocation_id(str(ctx.invocation_id)) ctx.local_samdb = ctx.samdb + print("Finding domain GUID from ncName") + res = ctx.samdb.search(base=ctx.partition_dn, scope=ldb.SCOPE_BASE, attrs=['ncName'], + controls=["extended_dn:1:1"]) + domguid = str(misc.GUID(ldb.Dn(ctx.samdb, res[0]['ncName'][0]).get_extended_component('GUID'))) + print("Got domain GUID %s" % domguid) + + ctx.join_add_ntdsdsa() print("Calling own domain provision") @@ -572,7 +582,7 @@ class dc_join(object): presult = provision_fill(ctx.local_samdb, secrets_ldb, logger, ctx.names, ctx.paths, domainsid=security.dom_sid(ctx.domsid), - domainguid=ctx.domguid, + domainguid=domguid, targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN, machinepass=ctx.acct_pass, serverrole="domain controller", lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6) @@ -892,7 +902,6 @@ def join_subdomain(server=None, creds=None, lp=None, site=None, netbios_name=Non ctx.partition_dn = "CN=%s,CN=Partitions,%s" % (ctx.domain_name, ctx.config_dn) ctx.base_dn = samba.dn_from_dns_name(dnsdomain) ctx.domsid = str(security.random_sid()) - ctx.domguid = str(uuid.uuid4()) ctx.acct_dn = None ctx.dnshostname = "%s.%s" % (ctx.myname, ctx.dnsdomain) ctx.trustdom_pass = samba.generate_random_password(128, 128) -- cgit