1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
provision a Samba4 server
Copyright Andrew Tridgell 2005
Released under the GNU GPL v2 or later
*/
options = GetOptions(ARGV,
"POPT_AUTOHELP",
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
"POPT_COMMON_CREDENTIALS",
'realm=s',
'domain=s',
'domain-guid=s',
'domain-sid=s',
'host-name=s',
'host-ip=s',
'host-guid=s',
'invocationid=s',
'adminpass=s',
'krbtgtpass=s',
'machinepass=s',
'root=s',
'nobody=s',
'nogroup=s',
'wheel=s',
'users=s',
'quiet',
'blank',
'ldap-base',
'ldap-backend=s',
'ldap-module=s',
'aci=s');
if (options == undefined) {
println("Failed to parse options");
return -1;
}
libinclude("base.js");
libinclude("provision.js");
/*
print a message if quiet is not set
*/
function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
}
}
/*
show some help
*/
function ShowHelp()
{
print("
Samba4 provisioning
provision [options]
--realm REALM set realm
--domain DOMAIN set domain
--domain-guid GUID set domainguid (otherwise random)
--domain-sid SID set domainsid (otherwise random)
--host-name HOSTNAME set hostname
--host-ip IPADDRESS set ipaddress
--host-guid GUID set hostguid (otherwise random)
--invocationid GUID set invocationid (otherwise random)
--adminpass PASSWORD choose admin password (otherwise random)
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
--machinepass PASSWORD choose machine password (otherwise random)
--root USERNAME choose 'root' unix username
--nobody USERNAME choose 'nobody' user
--nogroup GROUPNAME choose 'nogroup' group
--wheel GROUPNAME choose 'wheel' privileged group
--users GROUPNAME choose 'users' group
--quiet Be quiet
--blank do not add users or groups, just the structure
--ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
--ldap-backend LDAPSERVER LDAP server to use for this provision
--ldap-module= MODULE LDB mapping module to use for the LDAP backend
--aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain
");
exit(1);
}
if (options['host-name'] == undefined) {
options['host-name'] = hostname();
}
/*
main program
*/
if (options["realm"] == undefined ||
options["domain"] == undefined ||
options["host-name"] == undefined) {
ShowHelp();
}
/* cope with an initially blank smb.conf */
var lp = loadparm_init();
lp.set("realm", options.realm);
lp.set("workgroup", options.domain);
lp.reload();
var subobj = provision_guess();
for (r in options) {
var key = strupper(join("", split("-", r)));
subobj[key] = options[r];
}
var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);
if (options["aci"] != undefined) {
println("set ACI: " + subobj["ACI"]);
}
if (ldapbackend) {
if (!ldapmodule) {
subobj["LDAPMODULE"] = "entryUUID";
}
subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"];
subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches";
}
if (!provision_validate(subobj, message)) {
return -1;
}
var system_session = system_session();
var creds = options.get_credentials();
var paths = provision_default_paths(subobj);
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
provision_ldapbase(subobj, message, paths);
} else {
provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
provision_dns(subobj, message, paths, system_session, creds);
}
message("All OK\n");
return 0;
|
