#!/bin/sh exec smbscript "$0" ${1+"$@"} /* provision a Samba4 server Copyright Andrew Tridgell 2005 Released under the GNU GPL v2 or later */ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", "POPT_COMMON_CREDENTIALS", 'realm=s', 'domain=s', 'domain-guid=s', 'domain-guid=s', 'domain-sid=s', 'policy-guid=s', 'host-name=s', 'host-ip=s', 'host-guid=s', 'invocationid=s', 'adminpass=s', 'krbtgtpass=s', 'machinepass=s', 'root=s', 'nobody=s', 'nogroup=s', 'wheel=s', 'users=s', 'quiet', 'blank', 'partitions-only', 'ldap-base', 'ldap-backend=s', 'ldap-module=s', 'aci=s'); if (options == undefined) { println("Failed to parse options"); return -1; } libinclude("base.js"); libinclude("provision.js"); /* print a message if quiet is not set */ function message() { if (options["quiet"] == undefined) { print(vsprintf(arguments)); } } /* show some help */ function ShowHelp() { print(" Samba4 provisioning provision [options] --realm REALM set realm --domain DOMAIN set domain --domain-guid GUID set domainguid (otherwise random) --domain-sid SID set domainsid (otherwise random) --host-name HOSTNAME set hostname --host-ip IPADDRESS set ipaddress --host-guid GUID set hostguid (otherwise random) --policy-guid GUID set group policy guid (otherwise random) --invocationid GUID set invocationid (otherwise random) --adminpass PASSWORD choose admin password (otherwise random) --krbtgtpass PASSWORD choose krbtgt password (otherwise random) --machinepass PASSWORD choose machine password (otherwise random) --root USERNAME choose 'root' unix username --nobody USERNAME choose 'nobody' user --nogroup GROUPNAME choose 'nogroup' group --wheel GROUPNAME choose 'wheel' privileged group --users GROUPNAME choose 'users' group --quiet Be quiet --blank do not add users or groups, just the structure --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision --ldap-module= MODULE LDB mapping module to use for the LDAP backend --aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server You must provide at least a realm and domain "); exit(1); } if (options['host-name'] == undefined) { options['host-name'] = hostname(); } /* main program */ if (options["realm"] == undefined || options["domain"] == undefined || options["host-name"] == undefined) { ShowHelp(); } /* cope with an initially blank smb.conf */ var lp = loadparm_init(); lp.set("realm", options.realm); lp.set("workgroup", options.domain); lp.reload(); var subobj = provision_guess(); for (r in options) { var key = strupper(join("", split("-", r))); subobj[key] = options[r]; } var blank = (options["blank"] != undefined); var ldapbase = (options["ldap-base"] != undefined); var ldapbackend = (options["ldap-backend"] != undefined); var ldapmodule = (options["ldap-module"] != undefined); var partitions_only = (options["partitions-only"] != undefined); var paths = provision_default_paths(subobj); if (options["aci"] != undefined) { message("set ACI: %s\n", subobj["ACI"]); } message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); provision_fix_subobj(subobj, paths); if (ldapbackend) { if (options["ldap-backend"] == "ldapi") { subobj.LDAPBACKEND = subobj.LDAPI_URI; } if (!ldapmodule) { subobj.LDAPMODULE = "entryUUID"; } subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); } if (!provision_validate(subobj, message)) { return -1; } var system_session = system_session(); var creds = options.get_credentials(); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); if (ldapbase) { provision_ldapbase(subobj, message, paths); message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n"); } else if (partitions_only) { provision_become_dc(subobj, message, false, paths, system_session); } else { provision(subobj, message, blank, paths, system_session, creds, ldapbackend); provision_dns(subobj, message, paths, system_session, creds); } message("All OK\n"); return 0;