From fb3e663678be412df4668b05e76480908da2c080 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 22 Jul 2008 11:06:47 +1000 Subject: Improve DNS and Group poicy configurations. - fixes bug #4813 (simplify DNS setup) - This reworks the named.conf to be a fully fledged include - This also moves the documentation into named.txt - improves bug #4900 (Group policy support in Samba) - by creating an empty GPT.INI - fixes bug #5582 (DNS: Enhanced zone file) - This is now closer to the zone file AD creates committed by Andrew Bartlett (This used to be commit 74d684f6b329d7dd573cdc55e16bb8e629474b02) --- source4/scripting/python/samba/provision.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 6eb47c8595..40b61a0ac4 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1043,6 +1043,7 @@ def provision(setup_dir, message, session_info, policy_path = os.path.join(paths.sysvol, names.dnsdomain, "Policies", "{" + policyguid + "}") os.makedirs(policy_path, 0755) + open(os.path.join(policy_path, "GPT.INI"), 'w').write("") os.makedirs(os.path.join(policy_path, "Machine"), 0755) os.makedirs(os.path.join(policy_path, "User"), 0755) if not os.path.isdir(paths.netlogon): @@ -1081,12 +1082,11 @@ def provision(setup_dir, message, session_info, hostip6=hostip6, hostname=names.hostname, dnspass=dnspass, realm=names.realm, domainguid=domainguid, hostguid=hostguid) - message("Please install the zone located in %s into your DNS server" % paths.dns) create_named_conf(paths.namedconf, setup_path, realm=names.realm, dnsdomain=names.dnsdomain, private_dir=paths.private_dir, keytab_name=paths.dns_keytab) - message("See %s for example configuration statements for secure GSS-TSIG updates" % paths.namedconf) + message("See %s for an example configuration include file for BIND" % paths.namedconf) create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain, hostname=names.hostname, realm=names.realm) @@ -1394,6 +1394,7 @@ def create_named_conf(path, setup_path, realm, dnsdomain, "REALM_WC": "*." + ".".join(realm.split(".")[1:]), "DNS_KEYTAB": keytab_name, "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name), + "PRIVATE_DIR": private_dir, }) def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm): -- cgit From c9c296b6bbe178502e8aded8fa5e38a0f338ee18 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Jul 2008 11:09:18 +1000 Subject: Install'named.txt' to private/ as documentation. This document is much more use when subbed with all the right things. Andrew Bartlett (This used to be commit 136a85599815670c807f212d7d4003ec53a13729) --- source4/scripting/python/samba/provision.py | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 40b61a0ac4..4b310381ef 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -244,6 +244,7 @@ def provision_paths_from_lp(lp, dnsdomain): paths.templates = os.path.join(paths.private_dir, "templates.ldb") paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone") paths.namedconf = os.path.join(paths.private_dir, "named.conf") + paths.namedtxt = os.path.join(paths.private_dir, "named.txt") paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf") paths.winsdb = os.path.join(paths.private_dir, "wins.ldb") paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi") @@ -1084,9 +1085,13 @@ def provision(setup_dir, message, session_info, domainguid=domainguid, hostguid=hostguid) create_named_conf(paths.namedconf, setup_path, realm=names.realm, + dnsdomain=names.dnsdomain, private_dir=paths.private_dir) + + create_named_txt(paths.namedtxt, setup_path, realm=names.realm, dnsdomain=names.dnsdomain, private_dir=paths.private_dir, keytab_name=paths.dns_keytab) message("See %s for an example configuration include file for BIND" % paths.namedconf) + message("and %s for further documentation required for secure DNS updates" % paths.namedtxt) create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain, hostname=names.hostname, realm=names.realm) @@ -1376,7 +1381,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn, def create_named_conf(path, setup_path, realm, dnsdomain, - private_dir, keytab_name): + private_dir): """Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). @@ -1392,9 +1397,28 @@ def create_named_conf(path, setup_path, realm, dnsdomain, "DNSDOMAIN": dnsdomain, "REALM": realm, "REALM_WC": "*." + ".".join(realm.split(".")[1:]), + "PRIVATE_DIR": private_dir + }) + +def create_named_txt(path, setup_path, realm, dnsdomain, + private_dir, keytab_name): + """Write out a file containing zone statements suitable for inclusion in a + named.conf file (including GSS-TSIG configuration). + + :param path: Path of the new named.conf file. + :param setup_path: Setup path function. + :param realm: Realm name + :param dnsdomain: DNS Domain name + :param private_dir: Path to private directory + :param keytab_name: File name of DNS keytab file + """ + + setup_file(setup_path("named.txt"), path, { + "DNSDOMAIN": dnsdomain, + "REALM": realm, "DNS_KEYTAB": keytab_name, "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name), - "PRIVATE_DIR": private_dir, + "PRIVATE_DIR": private_dir }) def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm): -- cgit From 11798902dc51cd9eea3b7e8a0c94d0c0c08ed828 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Jul 2008 08:45:16 +1000 Subject: Complain if we are told to use an ldap backend, without the type (This used to be commit e9c3c9ad8289ee48efa998ab6b486250dcd40b52) --- source4/scripting/python/samba/provision.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 6eb47c8595..67f8cf7cc2 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -503,6 +503,8 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info, backend_modules = ["normalise", "entryuuid", "paged_searches"] # OpenLDAP handles subtree renames, so we don't want to do any of these things tdb_modules_list = None + elif ldap_backend is not None: + raise "LDAP Backend specified, but LDAP Backend Type not specified" elif serverrole == "domain controller": backend_modules = ["repl_meta_data"] else: -- cgit From 998b0fef1199b3c24939878d202f5e4b71e5b742 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 19 May 2008 23:06:42 +0200 Subject: Add "mymachinepw" to fetch our machine password out of secrets.ldb (This used to be commit 4fbe16deb0e06e145f643568a699b80b431d4f42) --- source4/scripting/bin/mymachinepw | 45 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100755 source4/scripting/bin/mymachinepw (limited to 'source4/scripting') diff --git a/source4/scripting/bin/mymachinepw b/source4/scripting/bin/mymachinepw new file mode 100755 index 0000000000..d489dc4693 --- /dev/null +++ b/source4/scripting/bin/mymachinepw @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# Unix SMB/CIFS implementation. +# Copyright (C) Volker Lendecke 2008 +# +# Extract our own machine pw from secrets.ldb +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import samba.param as param, ldb, sys, getopt + +optlist, args = getopt.getopt(sys.argv[1:], "s:") + +conf = param.LoadParm() +loaded = False + +for o, v in optlist: + if o == "-s": + if not conf.load(v): + raise(v + " not found") + loaded = True + +if not loaded: + conf.load_default() + +secrets = ldb.Ldb() +secrets.connect(conf.get("private dir") + "/secrets.ldb") + +search = "(&(objectclass=primaryDomain)(samaccountname=" + \ + conf.get("netbios name") + "$))" + +msg = secrets.search(expression=search, attrs=['secret']) +print(msg[0]['secret'][0]) -- cgit From 934cfb98809ff0200170ab1fc206af1312226cb0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 26 Jul 2008 20:38:20 +0200 Subject: mamachinepw: add better error handling metze (This used to be commit 7ac424137f62ceacf44e477f4e3805267013005b) --- source4/scripting/bin/mymachinepw | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/bin/mymachinepw b/source4/scripting/bin/mymachinepw index d489dc4693..49a4245a3a 100755 --- a/source4/scripting/bin/mymachinepw +++ b/source4/scripting/bin/mymachinepw @@ -2,6 +2,7 @@ # Unix SMB/CIFS implementation. # Copyright (C) Volker Lendecke 2008 +# Copyright (C) Stefan Metzmacher 2008 # # Extract our own machine pw from secrets.ldb # @@ -29,17 +30,32 @@ loaded = False for o, v in optlist: if o == "-s": if not conf.load(v): - raise(v + " not found") + print(v + " not found") + exit(1) loaded = True if not loaded: conf.load_default() +path=conf.get("private dir") + "/secrets.ldb" +netbios=conf.get("netbios name") + secrets = ldb.Ldb() -secrets.connect(conf.get("private dir") + "/secrets.ldb") +secrets.connect(path) search = "(&(objectclass=primaryDomain)(samaccountname=" + \ - conf.get("netbios name") + "$))" + netbios + "$))" msg = secrets.search(expression=search, attrs=['secret']) -print(msg[0]['secret'][0]) + +if not msg: + error = "Error:\n" + error += "Password for host[" + netbios + "] not found in path[" + path + "].\n" + error += "You may want to pass the smb.conf location via the -s option." + print error + exit(1) + +password=msg[0]['secret'][0]; + +print(password) +exit(0) -- cgit