1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
provision a Samba4 server
Copyright Andrew Tridgell 2005
Released under the GNU GPL v2 or later
*/
options = GetOptions(ARGV,
"POPT_AUTOHELP",
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
"POPT_COMMON_CREDENTIALS",
'realm=s',
'domain=s',
'domain-guid=s',
'domain-sid=s',
'policy-guid=s',
'host-name=s',
'host-ip=s',
'host-guid=s',
'invocationid=s',
'adminpass=s',
'krbtgtpass=s',
'machinepass=s',
'dnspass=s',
'root=s',
'nobody=s',
'nogroup=s',
'wheel=s',
'users=s',
'quiet',
'blank',
'server-role=s',
'partitions-only',
'ldap-base',
'ldap-backend=s',
'ldap-module=s',
'aci=s');
if (options == undefined) {
println("Failed to parse options");
return -1;
}
libinclude("base.js");
libinclude("provision.js");
/*
print a message if quiet is not set
*/
function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
}
}
/*
show some help
*/
function ShowHelp()
{
print("
Samba4 provisioning
provision [options]
--realm REALM set realm
--domain DOMAIN set domain
--domain-guid GUID set domainguid (otherwise random)
--domain-sid SID set domainsid (otherwise random)
--host-name HOSTNAME set hostname
--host-ip IPADDRESS set ipaddress
--host-guid GUID set hostguid (otherwise random)
--policy-guid GUID set group policy guid (otherwise random)
--invocationid GUID set invocationid (otherwise random)
--adminpass PASSWORD choose admin password (otherwise random)
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
--machinepass PASSWORD choose machine password (otherwise random)
--root USERNAME choose 'root' unix username
--nobody USERNAME choose 'nobody' user
--nogroup GROUPNAME choose 'nogroup' group
--wheel GROUPNAME choose 'wheel' privileged group
--users GROUPNAME choose 'users' group
--quiet Be quiet
--blank do not add users or groups, just the structure
--server-role ROLE Set server role to provision for (default standalone)
--partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC)
--ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
--ldap-backend LDAPSERVER LDAP server to use for this provision
--ldap-module MODULE LDB mapping module to use for the LDAP backend
--aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain
");
exit(1);
}
if (options['host-name'] == undefined) {
options['host-name'] = hostname();
}
/*
main program
*/
if (options["realm"] == undefined ||
options["domain"] == undefined ||
options["host-name"] == undefined) {
ShowHelp();
}
/* cope with an initially blank smb.conf */
var lp = loadparm_init();
lp.set("realm", options.realm);
lp.set("workgroup", options.domain);
lp.set("server role", options["server-role"]);
lp.reload();
var subobj = provision_guess();
for (r in options) {
var key = strupper(join("", split("-", r)));
subobj[key] = options[r];
}
var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);
var partitions_only = (options["partitions-only"] != undefined);
var paths = provision_default_paths(subobj);
if (options["aci"] != undefined) {
message("set ACI: %s\n", subobj["ACI"]);
}
message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);
provision_fix_subobj(subobj, paths);
if (ldapbackend) {
if (options["ldap-backend"] == "ldapi") {
subobj.LDAPBACKEND = subobj.LDAPI_URI;
}
if (!ldapmodule) {
subobj.LDAPMODULE = "entryuuid";
subobj.TDB_MODULES_LIST = "";
}
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
}
if (!provision_validate(subobj, message)) {
return -1;
}
var system_session = system_session();
var creds = options.get_credentials();
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
provision_ldapbase(subobj, message, paths);
message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
} else if (partitions_only) {
provision_become_dc(subobj, message, false, paths, system_session);
} else {
provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
provision_dns(subobj, message, paths, system_session, creds);
message("To reproduce this provision, run with:\n");
/* There has to be a better way than this... */
message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF);
if (subobj.DOMAINGUID != undefined) {
message("--domain-guid='%s' \\\n", subobj.DOMAINGUID);
}
if (subobj.HOSTGUID != undefined) {
message("--host-guid='%s' \\\n", subobj.HOSTGUID);
}
message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE);
if (ldapbackend) {
message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND);
}
if (ldapmodule) {
message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE);
}
message("--aci='" + subobj.ACI + "' \\\n")
}
message("All OK\n");
return 0;
|