summaryrefslogtreecommitdiff
path: root/source4/setup/provision
blob: 010f7e7708dea3a862536dc128e70ecc9b297cbd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
	provision a Samba4 server
	Copyright Andrew Tridgell 2005
	Released under the GNU GPL v2 or later
*/

options = GetOptions(ARGV,
		"POPT_AUTOHELP",
		"POPT_COMMON_SAMBA",
		"POPT_COMMON_VERSION",
		"POPT_COMMON_CREDENTIALS",
		'realm=s',
		'domain=s',
		'domain-guid=s',
		'domain-sid=s',
		'policy-guid=s',
		'host-name=s',
		'host-ip=s',
		'host-guid=s',
		'invocationid=s',
		'adminpass=s',
		'krbtgtpass=s',
		'machinepass=s',
		'dnspass=s',
		'root=s',
		'nobody=s',
		'nogroup=s',
		'wheel=s',
		'users=s',
		'quiet',
		'blank',
		'server-role=s',
		'partitions-only',
		'ldap-base',
		'ldap-backend=s',
                'ldap-module=s',
                'aci=s');

if (options == undefined) {
   println("Failed to parse options");
   return -1;
}

libinclude("base.js");
libinclude("provision.js");

/*
  print a message if quiet is not set
*/
function message()
{
	if (options["quiet"] == undefined) {
		print(vsprintf(arguments));
	}
}

/*
 show some help
*/
function ShowHelp()
{
	print("
Samba4 provisioning

provision [options]
 --realm	REALM		set realm
 --domain	DOMAIN		set domain
 --domain-guid	GUID		set domainguid (otherwise random)
 --domain-sid	SID		set domainsid (otherwise random)
 --host-name	HOSTNAME	set hostname
 --host-ip	IPADDRESS	set ipaddress
 --host-guid	GUID		set hostguid (otherwise random)
 --policy-guid  GUID            set group policy guid (otherwise random)
 --invocationid	GUID		set invocationid (otherwise random)
 --adminpass	PASSWORD	choose admin password (otherwise random)
 --krbtgtpass	PASSWORD	choose krbtgt password (otherwise random)
 --machinepass	PASSWORD	choose machine password (otherwise random)
 --root         USERNAME	choose 'root' unix username
 --nobody	USERNAME	choose 'nobody' user
 --nogroup	GROUPNAME	choose 'nogroup' group
 --wheel	GROUPNAME	choose 'wheel' privileged group
 --users	GROUPNAME	choose 'users' group
 --quiet			Be quiet
 --blank			do not add users or groups, just the structure
 --server-role  ROLE            Set server role to provision for (default standalone)
 --partitions-only              Configure Samba's partitions, but do not modify them (ie, join a BDC)
 --ldap-base			output only an LDIF file, suitable for creating an LDAP baseDN
 --ldap-backend LDAPSERVER      LDAP server to use for this provision
 --ldap-module  MODULE          LDB mapping module to use for the LDAP backend
 --aci          ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain

");
	exit(1);
}

if (options['host-name'] == undefined) {
	options['host-name'] = hostname();
}

/*
   main program
*/
if (options["realm"] == undefined ||
    options["domain"] == undefined ||
    options["host-name"] == undefined) {
	ShowHelp();
}

/* cope with an initially blank smb.conf */
var lp = loadparm_init();
lp.set("realm", options.realm);
lp.set("workgroup", options.domain);
lp.set("server role", options["server-role"]);
lp.reload();

var subobj = provision_guess();
for (r in options) {
	var key = strupper(join("", split("-", r)));
	subobj[key] = options[r];
}

var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
var ldapbackend = (options["ldap-backend"] != undefined);
var ldapmodule = (options["ldap-module"] != undefined);
var partitions_only = (options["partitions-only"] != undefined);
var paths = provision_default_paths(subobj);
if (options["aci"] != undefined) {
	message("set ACI: %s\n", subobj["ACI"]);
}

message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]);

provision_fix_subobj(subobj, paths);

if (ldapbackend) {
	if (options["ldap-backend"] == "ldapi") {
		subobj.LDAPBACKEND = subobj.LDAPI_URI;
	}
	if (!ldapmodule) {
		subobj.LDAPMODULE = "entryuuid";
	}
	subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
	subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
	subobj.CONFIGDN_LDB = subobj.LDAPBACKEND;
	subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
	subobj.SCHEMADN_LDB = subobj.LDAPBACKEND;
	subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches";
	message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND);
}

if (!provision_validate(subobj, message)) {
	return -1;
}

var system_session = system_session();
var creds = options.get_credentials();
message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
	provision_ldapbase(subobj, message, paths);
	message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n");
} else if (partitions_only) {
	provision_become_dc(subobj, message, false, paths, system_session);
} else {
	provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
	provision_dns(subobj, message, paths, system_session, creds);
	message("To reproduce this provision, run with:\n");
/* 	There has to be a better way than this... */
	message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF);
	if (subobj.DOMAINGUID != undefined) {
		 message("--domain-guid='%s' \\\n", subobj.DOMAINGUID);
	}
	if (subobj.HOSTGUID != undefined) {
		 message("--host-guid='%s' \\\n", subobj.HOSTGUID);
	}
	message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP);
	message("--invocationid='%s' \\\n", subobj.INVOCATIONID);
	message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS);
	message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS);
	message("--root='%s' --nobody='%s' --nogroup-'%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP);
	message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE);
	if (ldapbackend) {
		message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND);
	}
	if (ldapmodule) {
		message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE);
	}
	message("--aci='" + subobj.ACI + "' \\\n")
}


message("All OK\n");
return 0;