def main():
nsswitch_conf = {
'group': ['files'],
'hosts': ['files', 'dns'],
'networks': ['files'],
'passwd': ['files'],
'shells': ['files'],
'services': ['files'],
'protocols': ['files'],
'rpc': ['files'],
'sudoers': ['files']
}
verb = "start"
if len(sys.argv) > 1:
verb = sys.argv[1].lower()
if verb == 'start':
if activedirectory_enabled() and activedirectory_has_unix_extensions():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
elif activedirectory_enabled() or \
domaincontroller_enabled() or nt4_enabled():
nsswitch_conf['passwd'].append('winbind')
nsswitch_conf['group'].append('winbind')
if nt4_enabled():
nsswitch_conf['hosts'].append('wins')
if ldap_enabled():
nsswitch_conf['passwd'].append('sss')
nsswitch_conf['group'].append('sss')
if ldap_sudo_configured():
nsswitch_conf['sudoers'].append('sss')
if nis_enabled():
nsswitch_conf['passwd'].append('nis')
nsswitch_conf['group'].append('nis')
nsswitch_conf['hosts'].append('nis')
try:
fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644)
for key in nsswitch_conf:
line = "%s: %s\n" % (
key.strip(),
string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')
)
os.write(fd, line)
os.close(fd)
except Exception as e:
print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e)
sys.exit(1)
def cache_count(**kwargs):
if activedirectory_enabled():
_cache_count_ActiveDirectory(**kwargs)
elif nt4_enabled():
_cache_count_NT4(**kwargs)
elif ldap_enabled():
_cache_count_default(**kwargs)
else:
_cache_count_default(**kwargs)
def cache_rawdump(**kwargs):
if activedirectory_enabled():
_cache_rawdump_ActiveDirectory(**kwargs)
elif nt4_enabled():
_cache_rawdump_NT4(**kwargs)
elif ldap_enabled():
_cache_rawdump_default(**kwargs)
else:
_cache_rawdump_default(**kwargs)
def _get_dflags():
dflags = 0
if activedirectory_enabled():
dflags |= U_AD_ENABLED
elif nt4_enabled():
dflags |= U_NT4_ENABLED
elif nis_enabled():
dflags |= U_NIS_ENABLED
elif ldap_enabled():
dflags |= U_LDAP_ENABLED
return dflags
def __new__(cls, **kwargs):
log.debug("FreeNAS_GroupCache.__new__: enter")
obj = None
if ldap_enabled() or activedirectory_enabled() or \
nt4_enabled() or nis_enabled():
obj = FreeNAS_Directory_LocalGroupCache(**kwargs)
else:
obj = FreeNAS_BaseCache(**kwargs)
log.debug("FreeNAS_GroupCache.__new__: leave")
return obj
def get_server_role():
role = "standalone"
if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled():
role = "member"
if domaincontroller_enabled():
try:
dc = DomainController.objects.all()[0]
role = dc.dc_role
except:
pass
return role
def cache_check(**kwargs):
if activedirectory_enabled():
_cache_check_ActiveDirectory(**kwargs)
elif nis_enabled():
_cache_check_NIS(**kwargs)
elif nt4_enabled():
_cache_check_NT4(**kwargs)
elif ldap_enabled():
_cache_check_default(**kwargs)
else:
_cache_check_default(**kwargs)
def __new__(cls, **kwargs):
log.debug("FreeNAS_UserCache.__new__: enter")
obj = None
if (
ldap_enabled() or activedirectory_enabled() or
nt4_enabled() or nis_enabled() or
domaincontroller_enabled() or nis_enabled()
):
obj = FreeNAS_Directory_LocalUserCache(**kwargs)
else:
obj = FreeNAS_BaseCache(**kwargs)
log.debug("FreeNAS_UserCache.__new__: leave")
return obj
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)
elif nt4_enabled():
obj = FreeNAS_NT4_LocalGroupCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_LocalGroupCache(**kwargs)
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
return obj
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_UserCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_UserCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_UserCache(**kwargs)
elif nt4_enabled():
obj = FreeNAS_NT4_UserCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_UserCache(**kwargs)
elif domaincontroller_enabled():
obj = FreeNAS_DomainController_UserCache(**kwargs)
log.debug("FreeNAS_Directory_UserCache.__new__: leave")
return obj
def __new__(cls, **kwargs):
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter")
obj = None
if ldap_enabled():
obj = FreeNAS_LDAP_LocalGroupCache(**kwargs)
elif activedirectory_enabled():
obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs)
elif nt4_enabled():
obj = FreeNAS_NT4_LocalGroupCache(**kwargs)
elif nis_enabled():
obj = FreeNAS_NIS_LocalGroupCache(**kwargs)
elif domaincontroller_enabled():
obj = FreeNAS_DomainController_LocalGroupCache(**kwargs)
log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave")
return obj
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
if os.path.exists("/usr/local/etc/smbusers"):
confset1(smb4_conf, "username map = /usr/local/etc/smbusers")
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = []
bindips = string.join(cifs.cifs_srv_bindip, ' ')
if role != 'dc':
bindips = "127.0.0.1 %s" % bindips
n = notifier()
bindips = bindips.split()
for bindip in bindips:
if not bindip:
continue
bindip = bindip.strip()
iface = n.get_interface(bindip)
if iface and n.is_carp_interface(iface):
parent_iface = n.get_parent_interface(iface)
if not parent_iface:
continue
parent_iinfo = n.get_interface_info(parent_iface[0])
if not parent_iinfo:
continue
interfaces.append("%s/%s" % (bindip, parent_iface[2]))
else:
interfaces.append(bindip)
if interfaces:
confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d",
long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
loglevel = cifs.cifs_srv_loglevel
else:
loglevel = "0"
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "logging = syslog:%s" % loglevel)
else:
confset1(smb4_conf, "logging = file")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s",
cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf,
"panic action = /usr/local/libexec/samba/samba-backtrace")
confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset1(smb4_conf, "lm announce = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "dos filemode = yes")
confset2(smb4_conf, "multicast dns register = %s",
"yes" if cifs.cifs_srv_zeroconf else "no")
if not smb4_ldap_enabled():
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
if (not nt4_enabled() and not activedirectory_enabled()):
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else "no")
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
configure_idmap_backend(smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif smb4_ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
smb_options = cifs.cifs_srv_smb_options.encode('utf-8')
smb_options = smb_options.strip()
for line in smb_options.split('\n'):
line = line.strip()
if not line:
continue
confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
confset1(smb4_conf, "syslog = 1")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset1(smb4_conf, "obey pam restrictions = Yes")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset2(smb4_conf, "ea support = %s",
"yes" if cifs.cifs_srv_easupport else False)
confset2(smb4_conf, "store dos attributes = %s",
"yes" if cifs.cifs_srv_dosattr else False)
if cifs.cifs_srv_dosattr:
confset1(smb4_conf, "map archive = no")
confset1(smb4_conf, "map readonly = no")
confset1(smb4_conf, "map hidden = no")
confset1(smb4_conf, "map system = no")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
if cifs.cifs_srv_localmaster and not nt4_enabled() \
and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else False)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
confset1(smb4_conf, "private dir = /var/etc/private")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
for line in cifs.cifs_srv_smb_options.split('\n'):
confset1(smb4_conf, line)
if cifs.cifs_srv_homedir_enable:
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
if cifs.cifs_srv_homedir:
cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path)
else:
cifs_homedir_path = False
confset1(smb4_conf, "\n")
confset1(smb4_conf, "[homes]", space=0)
confset1(smb4_conf, "comment = Home Directories")
confset2(smb4_conf, "valid users = %s", valid_users)
confset1(smb4_conf, "writable = yes")
confset2(smb4_conf, "browseable = %s",
"yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
if cifs_homedir_path:
confset2(smb4_conf, "path = %s", cifs_homedir_path)
for line in cifs.cifs_srv_homedir_aux.split('\n'):
confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = cifs.cifs_srv_bindip.replace(',', ' ')
if role != 'dc':
interfaces = "127.0.0.1 %s" % interfaces
confset2(smb4_conf, "interfaces = %s", interfaces)
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
confset1(smb4_conf, "syslog = 1")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "acl check permissions = true")
confset1(smb4_conf, "dos filemode = yes")
if not smb4_ldap_enabled():
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
if cifs.cifs_srv_localmaster and not nt4_enabled() \
and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else False)
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
configure_idmap_backend(smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif smb4_ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
confset1(smb4_conf, "private dir = /var/etc/private")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
for line in cifs.cifs_srv_smb_options.split('\n'):
confset1(smb4_conf, line)
sanity = False
if sanity:
sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI'])
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings')
import django
django.setup()
from freenasUI.common.system import (activedirectory_enabled,
domaincontroller_enabled,
ldap_enabled, nt4_enabled)
if (activedirectory_enabled() or domaincontroller_enabled()
or ldap_enabled() or nt4_enabled()):
print "A directory service is enabled, aborting without making changes."
exit(1)
print "detected SID: %s\n" % sidval
from freenasUI.services.models import CIFS
cifs = CIFS.objects.all()[0]
print "database SID: %s\n" % cifs.cifs_SID
if cifs.cifs_SID != sidval:
cifs.cifs_SID = sidval
print "Saving detected SID to the database"
cifs.save()
print "Please either reboot the system or run the following commands as root:"
print "service samba_server stop"
print "service ix-pre-samba start"
print "service samba_server start"
# Make sure to load all modules
from django.db.models.loading import cache
cache.get_apps()
from freenasUI.common.system import (
activedirectory_enabled,
domaincontroller_enabled,
ldap_enabled,
nt4_enabled
)
if (activedirectory_enabled() or
domaincontroller_enabled() or
ldap_enabled() or
nt4_enabled()):
print "A directory service is enabled, aborting without making changes."
exit(1)
print "detected SID: %s\n" % sidval
from freenasUI.services.models import CIFS
cifs = CIFS.objects.all()[0]
print "database SID: %s\n" % cifs.cifs_SID
if cifs.cifs_SID != sidval:
cifs.cifs_SID = sidval
print "Saving detected SID to the database"
cifs.save()
print "Please either reboot the system or run the following commands as root:"
print "service samba_server stop"
print "service ix-pre-samba start"
print "service samba_server start"
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = "ftp"
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
if os.path.exists("/usr/local/etc/smbusers"):
confset1(smb4_conf, "username map = /usr/local/etc/smbusers")
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = []
bindips = string.join(cifs.cifs_srv_bindip, " ")
if role != "dc":
bindips = "127.0.0.1 %s" % bindips
n = notifier()
bindips = bindips.split()
for bindip in bindips:
if not bindip:
continue
bindip = bindip.strip()
iface = n.get_interface(bindip)
if iface and n.is_carp_interface(iface):
parent_iface = n.get_parent_interface(iface)
if not parent_iface:
continue
parent_iinfo = n.get_interface_info(parent_iface[0])
if not parent_iinfo:
continue
interfaces.append("%s/%s" % (bindip, parent_iface[2]))
else:
interfaces.append(bindip)
if interfaces:
confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d", long(get_sysctl("kern.maxfilesperproc")) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
else:
confset1(smb4_conf, "syslog only = no")
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "syslog = %s", cifs.cifs_srv_loglevel)
else:
confset1(smb4_conf, "syslog = 0")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode("utf8"))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace")
confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset1(smb4_conf, "lm announce = yes")
confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "acl check permissions = true")
confset1(smb4_conf, "dos filemode = yes")
confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no")
if not smb4_ldap_enabled():
confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no")
if not nt4_enabled() and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no")
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, "tdb")
configure_idmap_backend(smb4_conf, idmap, None)
if role == "auto":
confset1(smb4_conf, "server role = auto")
elif role == "classic":
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == "netbios":
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == "dc":
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == "member":
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif smb4_ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == "standalone":
confset1(smb4_conf, "server role = standalone")
set_netbiosname(smb4_conf, cifs.cifs_srv_netbiosname)
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != "dc":
confset1(smb4_conf, "pid directory = /var/run/samba")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
smb_options = cifs.cifs_srv_smb_options.encode("utf-8")
smb_options = smb_options.strip()
for line in smb_options.split("\n"):
line = line.strip()
if not line:
continue
confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role):
try:
cifs = CIFS.objects.all()[0]
except:
return
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d",
long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "syslog only = yes")
confset1(smb4_conf, "syslog = 1")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s",
cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf,
"panic action = /usr/local/libexec/samba/samba-backtrace")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
if cifs.cifs_srv_localmaster and not nt4_enabled() \
and not activedirectory_enabled():
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else False)
idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb')
configure_idmap_backend(smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if nt4_enabled():
add_nt4_conf(smb4_conf)
elif ldap_enabled():
add_ldap_conf(smb4_conf)
elif activedirectory_enabled():
add_activedirectory_conf(smb4_conf)
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s",
cifs.cifs_srv_netbiosname.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd")
confset1(smb4_conf, "private dir = /var/etc/private")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
for line in cifs.cifs_srv_smb_options.split('\n'):
confset1(smb4_conf, line)
if cifs.cifs_srv_homedir_enable:
valid_users_path = "%U"
valid_users = "%U"
if activedirectory_enabled():
try:
ad = ActiveDirectory.objects.all()[0]
if not ad.ad_use_default_domain:
valid_users_path = "%D/%U"
valid_users = "%D\%U"
except:
pass
if cifs.cifs_srv_homedir:
cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir,
valid_users_path)
else:
cifs_homedir_path = False
confset1(smb4_conf, "\n")
confset1(smb4_conf, "[homes]", space=0)
confset1(smb4_conf, "comment = Home Directories")
confset2(smb4_conf, "valid users = %s", valid_users)
confset1(smb4_conf, "writable = yes")
confset2(smb4_conf, "browseable = %s",
"yes" if cifs.cifs_srv_homedir_browseable_enable else "no")
if cifs_homedir_path:
confset2(smb4_conf, "path = %s", cifs_homedir_path)
for line in cifs.cifs_srv_homedir_aux.split('\n'):
confset1(smb4_conf, line)