gCCSSKrSSKrSSKrSSKrSSKJr SSKJr SSK J r SSK J r SSK JrJrJrJrJrJrJr SSKJrJrJr SSKJrJrJr SSKJrJrJ r SS K!J"r" SS KJ#r# S S K$J%r%J&r& "S S\5r'g)N)system_session)system_session_unix)security)DS_DOMAIN_FUNCTION_2000DS_DOMAIN_FUNCTION_2003DS_DOMAIN_FUNCTION_2008DS_DOMAIN_FUNCTION_2008_R2DS_DOMAIN_FUNCTION_2012DS_DOMAIN_FUNCTION_2012_R2DS_DOMAIN_FUNCTION_2016)Command CommandErrorOption)DEFAULT_MIN_PWD_LENGTHProvisioningError provision)FILL_DRS FILL_FULL FILL_NT4SYNC)get_default_backend_store)functional_level)common_ntvfs_optionscommon_provision_join_optionsc\rSrSrSrSr\R\RS.r \ "SSSS9\ "S S S S S 9\ "SS SSS 9\ "SS SSS 9\ "SS SSS 9\ "SS SSS 9\ "SS SSS 9\ "SS SSS 9\ "SS SS S 9\ "S!S S"S#S 9\ "S$S S%S&S 9\ "S'S S%S(S 9\ "S)S*S+/S,QS-S.S/9\ "S0S S%S1S 9\ "S2S S3S4S 9\ "S5S S3S6S 9\ "S7S S8S9S 9\ "S:SS;S<9\ "S=S*S>/S?QS@SAS/9\ "SBS*SC/SDQSESFS/9\ "SGS*SH/SIQSJSKS/9\ "SLS*SM/SNQSOSPS/9\ "SQSRSSSTSUSV9\ "SWSXSS9\ "SYSSZS<9/r \ "S[S*/S\QS]S^S_S`9/r \ R\5 \R "5(a"\ R\5 \ R\ 5 /rSeSajrSbrScrSdrgP)fcmd_domain_provision4zProvision a domain.z%prog [options]) sambaopts versionoptsz --interactivez Ask for names store_true)helpactionz--domainstringDOMAINzNetBIOS domain name to use)typemetavarr!z --domain-guidGUIDz!set domainguid (otherwise random)z --domain-sidSIDz set domainsid (otherwise random)z --ntds-guidz'set NTDS object GUID (otherwise random)z--invocationidz#set invocationid (otherwise random)z --host-nameHOSTNAMEz set hostnamez --host-ip IPADDRESSzset IPv4 ipaddressz --host-ip6 IP6ADDRESSzset IPv6 ipaddressz--siteSITENAMEz set site namez --adminpassPASSWORDz(choose admin password (otherwise random)z --krbtgtpassz)choose krbtgt password (otherwise random)z --dns-backendchoicezNAMESERVER-BACKEND)SAMBA_INTERNALBIND9_FLATFILE BIND9_DLZNONEzThe DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_FLATFILE uses bind9 text database to store zone information, BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (not recommended)r/)r%r&choicesr!defaultz --dnspassz&choose dns password (otherwise random)z--rootUSERNAMEzchoose 'root' unix usernamez--nobodyzchoose 'nobody' userz--users GROUPNAMEzchoose 'users' groupz--blankz.do not add users or groups, just the structure)r"r!z --server-roleROLE)domain controllerdcz member servermember standalonez^The server role (domain controller | dc | member server | member | standalone). Default is dc.r8z--function-levelz FOR-FUN-LEVEL)2000200320082008_R22016zThe domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native | 2016). Default is (Windows) 2008_R2 Native.r?z --base-schemaz BASE-SCHEMA)r? 2008_R2_old20122012_R2r@2019z8The base schema files to use. Default is (Windows) 2019.rDz--adprep-levelFUNCTION_LEVEL)SKIPr?rBrCr@zNThe highest functional level to prepare for. Default is based on --base-schemaNz --next-ridintNEXTRIDizGThe initial nextRid value (only needed for upgrades). Default is 1000.)r%r&r4r!z--partitions-onlyzEConfigure Samba's partitions, but do not modify them (ie, join a BDC)z --use-rfc2307z/Use AD to store posix attributes (default = no)z --use-xattrs)yesnoautoz [yes|no|auto]zDefine if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl when --use-ntvfs is set. auto tries to make an intelligent guess based on the user rights and system capabilitiesrK)r%r3r&r!r4c& v URSUS9UlUR5n&U&Rn'UbUn(OUR 5n(U(cSn(UR (dSnU(Ga@SSKJn) SSKn*SUSjn+U*R5RSS 5S R5n,U+"S U,5n-U-S ;a [S 5eU-RS5Sn,U+"S U,5nUc [S5eU+"SS5nU+"SS5nUS ;a [S5eUS:Xa!U+"SU(5nUR5S;aSn(SnU)"S5n.URU.5n/U/(aURR!SU/-5 O-U)"S5n0U.U0:XdURR!S5 OU.n O9MnUR"R%S5n-U-c [S 5eUc [S5eU (a$URU 5n/U/(a [U/5eOURR'S5 [(R*"U5n1UcU"S;aSnOU"S ;aS!nO U"S";aS#nOS$nUS:XaSn2O3US%:Xa[.n2O&US!:Xa[0n2OUS#:Xa[2n2O US$:Xa[4n2US:XaUcU(n[6n3U(a[8n3O U(a[:n3Ub:[<R>RAU5(d[<RB"U5 Sn4US&:XaS'n4GOUS(:Xa U (dS'n4GOU (d [S)5eUS(:XaU&R%S*5(dU(a2[DRF"[<R>RIU5S+9n5O][DRF"[<R>RI[<R>RKU&R%S,555S+9n5[LRNRQU&U5RRS-S.[U5S/5 S'n4U5RY5 U4(aURR'S15 Ub[ZR\"U5n[_5n6U$c [a5n$[cURU640S2U'_S3U_S4U3_SU-_S5U_S6U_S7U_S8U _S9U _S:U _S;U _SU _S?U_S@U_SAU_SBU_SCU_SDU_SEU_SFU_SGU_SHU1_SIU4_SJU_SKU&_SLU _SMU!_SNS'_SOU"_SPW2_SQU#_SRU$_SSU%_6n7U7RgUR5 g![a Sn,GNf=f![a Sn,GNcf=f![,a [SUS35ef=f![Va URR'S05 GNhf=f!U5RY5 f=f![dan8[STU85eSn8A8ff=f)VNr)namequietnoneTr)getpasscUb[U<SU<S3SS9 O[U<S3SS9 [RR5 [RR 5R S5=(d U$)Nz [z]:  )endz:  )printsysstdoutflushstdinreadlinerstrip)promptr4s ?/usr/lib/python3/dist-packages/samba/netcmd/domain/provision.pyask%cmd_domain_provision.run..asksW&9sCF,#6   "yy))+2248CGC.rRealm)Nz No realm set!DomainzNo domain set!z$Server Role (dc, member, standalone)r9z=DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)r/zNo DNS backend set!z=DNS forwarder IP address (write 'none' to disable forwarding))NrOzAdministrator password: z%s. zRetype password: zSorry, passwords do not match. realmz,Administrator password will be set randomly!'z' is not a valid domain level)r?rArF)rBrB)rCrCr@2008R2rIFrKzr--use-xattrs=no requires --use-ntvfs (not supported for production use). Please re-run with --use-xattrs omitted.z posix:eadb)dirz private dirzO:S-1-5-32G:S-1-5-32zS-1-5-32nativezZYou are not root or your system does not support xattr, using tdb backend for attributes. znot using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.smbconf targetdir samdb_filldomain domainguid domainsidhostnamehostiphostip6sitenamentdsguid invocationid adminpass krbtgtpass machinepass dns_backend dns_forwarderdnspassrootnobodyusers serverroledom_for_fun_leveluseeadbnext_ridlp use_ntvfs use_rfc2307skip_sysvolacl base_schema adprep_levelplaintext_secrets backend_storebackend_store_sizezProvision failed)N)4 get_loggerlogger get_loadparm configfile_get_nameserver_ipraw_argvrPsocketgetfqdnsplitupper IndexErrorrlower_adminpass_issueerrfwrite_lpgetinforstring_to_levelKeyErrorr r r r rrrospathisdirmakedirstempfileNamedTemporaryFileabspathdirnamesambantaclssetntaclrMr Exceptioncloserdom_sidrrrr report_logger)9selfrr interactiverm domain_guid domain_sid ntds_guidru host_namehost_iphost_ip6rvsiterwrxryrzr{ ldapadminpassr|r}r~rNblank server_rolefunction_levelrrpartitions_onlyrk use_xattrsrrrrrrrrjsuggested_forwarderrPrr^r4readminpassplainissueadminpassverifyrprovision_adprep_levelrleadbfilesessionresultes9 r]runcmd_domain_provision.runsJoo;eoD  # # %--  $"/ "&"9"9"; "*&,#}}K  '  D  ..*00a8;AAC)E ""?33 ++c*1-7+F~"#344DdKK]_opKj("#899.. #$cex y  &&(N:*.'$(M!()C!D--n=IIOOGeO4&-.A&BO)_< (JK$2 MM%%g.E}"?33~"#344 )))4E"5)) KK  K L R 0 @ @ P   88 & (%  +( % 6 !%) " X %%? " V #%< " Y &%? " V #%< " * *}/D/M %J !J  77==++ I&  D 6 !)D JK K 6 !"&&*>*>22rwwy7QR22rwwrwwWYW]W]^kWlGm7no CLL))"dii*@*4*=*?*2 4 !D  KK  J K  !!))*5J "  57M 6t{{&F07FCLF*4F"22OPQ Q R@!CKK$$&BCC B! 6115 5 6sm81TT,&T?$8U?A>V T)(T), T<;T<?U%VVVVV V8' V33V8cSSKJn SnURU5(dURR SU-5 gSn[ US5nUHPnUR S5(dMUR5R5Ss UbUR5 $$ UbUR5 URR S U-5 g!UbUR5 ff=f) z5Grab the nameserver IP address from /etc/resolv.conf.r)rz/etc/resolv.confzFailed to locate %sNr nameserverzNo nameserver found in %s) rrisfilerwarningopen startswithstriprr)rr RESOLV_CONFhandlelines r]r'cmd_domain_provision._get_nameserver_ipqs( {{;'' KK   5 C D +s+F|44zz|))+B//! "  !  7+EF! "sA C!CC+c[U[5(aURS5n[U5[:a S[-$[ R "U5(dgg)zLReturns error string for a bad administrator password, or None if acceptableutf8zdAdministrator password does not meet the default minimum password length requirement (%d characters)zBAdministrator password does not meet the default quality standardsN) isinstancebytesdecodelenrrcheck_password_quality)rrvs r]r%cmd_domain_provision._adminpass_issues] i ' '!((0I y>2 2?() )--i88%r`)r)%NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNrKFNNFNN)__name__ __module__ __qualname____firstlineno____doc__synopsisoptions SambaOptionsVersionOptionstakes_optiongroupsr takes_options ntvfs_optionsextendrris_ntvfs_fileserver_builtr takes_argsrrr__static_attributes__r`r]rr4s H))-- _\Jz(0 2Xv7 9~He6 8}8V= ?h9 ;}8Z" ${;( *|(L( *xh # %}8Z> @~Hj? AX7KPE(  ) {:< >xh 1 3z** ,yx* ,yD FXv[t* , !/BW  " X}TN  h8HEd  |%D] _"[dp r|:kl{>MB ~H6K&j  M67 &&((12]+J.2 ##G`*DG. r`r)(rrVrr samba.getoptgetoptr samba.authrsamba.auth_utilr samba.dcerpcr samba.dsdbrrrr r r r samba.netcmdr rrsamba.provisionrrrsamba.provision.commonrrr samba.samdbrrcommonrrrrr`r]rsY2  %/!76PPDD1"Ga7ar`