def run(self, domain, role=None, sambaopts=None, credopts=None,
versionopts=None, server=None, site=None, targetdir=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
if site is None:
site = "Default-First-Site-Name"
netbios_name = lp.get("netbios name")
if not role is None:
role = role.upper()
if role is None or role == "MEMBER":
(join_password, sid, domain_name) = net.join_member(domain,
netbios_name,
LIBNET_JOIN_AUTOMATIC)
self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid))
return
elif role == "DC":
join_DC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir)
return
elif role == "RODC":
join_RODC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir)
return
else:
raise CommandError("Invalid role %s (possible values: MEMBER, BDC, RODC)" % role)
def run(self, domain, role=None, sambaopts=None, credopts=None,
versionopts=None, server=None, site=None, targetdir=None,
domain_critical_only=False, parent_domain=None, machinepass=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
if site is None:
site = "Default-First-Site-Name"
netbios_name = lp.get("netbios name")
if not role is None:
role = role.upper()
if role is None or role == "MEMBER":
(join_password, sid, domain_name) = net.join_member(domain,
netbios_name,
LIBNET_JOIN_AUTOMATIC,
machinepass=machinepass)
self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid))
return
elif role == "DC":
join_DC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass)
return
elif role == "RODC":
join_RODC(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name, targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass)
return
elif role == "SUBDOMAIN":
netbios_domain = lp.get("workgroup")
if parent_domain is None:
parent_domain = ".".join(domain.split(".")[1:])
join_subdomain(server=server, creds=creds, lp=lp, dnsdomain=domain, parent_domain=parent_domain,
site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir,
machinepass=machinepass)
return
else:
raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
def test_net_join_no_spnego(self):
self.lp.set("client use spnego", "no")
netbios_name = "NetJoinNoSpnego"
machinepass = "******"
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
net = Net(creds, self.lp, server=self.server)
try:
(join_password, sid, domain_name) = net.join_member(
self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
machinepass=machinepass)
except NTSTATUSError as e:
code = ctypes.c_uint32(e.args[0]).value
if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
self.fail("Connection failure")
elif code == ntstatus.NT_STATUS_ACCESS_DENIED:
return
else:
raise
self.fail("Shoud have rejected NTLMv2 without SPNEGO")
def test_net_join(self):
netbios_name = "NetJoinTest"
machinepass = "******"
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
net = Net(creds, self.lp, server=self.server)
# NOTE WELL: We must not run more than one successful
# net.join_member per file (process), as the shared
# secrets.ldb handle will be kept between runs.
try:
(join_password, sid, domain_name) = net.join_member(
self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
machinepass=machinepass)
except NTSTATUSError as e:
code = ctypes.c_uint32(e[0]).value
if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
self.fail("Connection failure")
raise
os.unlink(os.path.join(self.tempdir, "secrets.ldb"))
pass
def test_net_join(self):
netbios_name = "NetJoinTest"
machinepass = "******"
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
net = Net(creds, self.lp, server=self.server)
# NOTE WELL: We must not run more than one successful
# net.join_member per file (process), as the shared
# secrets.ldb handle will be kept between runs.
try:
(join_password, sid,
domain_name) = net.join_member(self.domain,
netbios_name,
LIBNET_JOIN_AUTOMATIC,
machinepass=machinepass)
except NTSTATUSError as e:
code = ctypes.c_uint32(e.args[0]).value
if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
self.fail("Connection failure")
raise
os.unlink(os.path.join(self.tempdir, "secrets.ldb"))
pass
def test_net_join_no_spnego(self):
self.lp.set("client use spnego", "no")
netbios_name = "NetJoinNoSpnego"
machinepass = "******"
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
net = Net(creds, self.lp, server=self.server)
try:
(join_password, sid,
domain_name) = net.join_member(self.domain,
netbios_name,
LIBNET_JOIN_AUTOMATIC,
machinepass=machinepass)
except NTSTATUSError as e:
code = ctypes.c_uint32(e.args[0]).value
if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
self.fail("Connection failure")
elif code == ntstatus.NT_STATUS_ACCESS_DENIED:
return
else:
raise
self.fail("Shoud have rejected NTLMv2 without SPNEGO")
def run(self,
domain,
role=None,
sambaopts=None,
credopts=None,
versionopts=None,
server=None,
site=None,
targetdir=None,
domain_critical_only=False,
parent_domain=None,
machinepass=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
net = Net(creds, lp, server=credopts.ipaddress)
if site is None:
site = "Default-First-Site-Name"
netbios_name = lp.get("netbios name")
if not role is None:
role = role.upper()
if role is None or role == "MEMBER":
(join_password, sid,
domain_name) = net.join_member(domain,
netbios_name,
LIBNET_JOIN_AUTOMATIC,
machinepass=machinepass)
self.outf.write("Joined domain %s (%s)\n" % (domain_name, sid))
return
elif role == "DC":
join_DC(server=server,
creds=creds,
lp=lp,
domain=domain,
site=site,
netbios_name=netbios_name,
targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass)
return
elif role == "RODC":
join_RODC(server=server,
creds=creds,
lp=lp,
domain=domain,
site=site,
netbios_name=netbios_name,
targetdir=targetdir,
domain_critical_only=domain_critical_only,
machinepass=machinepass)
return
elif role == "SUBDOMAIN":
netbios_domain = lp.get("workgroup")
if parent_domain is None:
parent_domain = ".".join(domain.split(".")[1:])
join_subdomain(server=server,
creds=creds,
lp=lp,
dnsdomain=domain,
parent_domain=parent_domain,
site=site,
netbios_name=netbios_name,
netbios_domain=netbios_domain,
targetdir=targetdir,
machinepass=machinepass)
return
else:
raise CommandError(
"Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)"
% role)
