def save(self): enable = self.cleaned_data.get("ad_enable") if self.__original_changed(): notifier()._clear_activedirectory_config() started = notifier().started("activedirectory") obj = super(ActiveDirectoryForm, self).save() try: utils.get_idmap_object(obj.ds_type, obj.id, obj.ad_idmap_backend) except ObjectDoesNotExist: log.debug('IDMAP backend {} entry does not exist, creating one.'.format(obj.ad_idmap_backend)) utils.get_idmap(obj.ds_type, obj.id, obj.ad_idmap_backend) self.cifs.cifs_srv_netbiosname = self.cleaned_data.get("ad_netbiosname_a") self.cifs.cifs_srv_netbiosname_b = self.cleaned_data.get("ad_netbiosname_b") self.cifs.cifs_srv_netbiosalias = self.cleaned_data.get("ad_netbiosalias") self.cifs.save() if enable: if started is True: started = notifier().restart("activedirectory") if started is False: started = notifier().start("activedirectory") if started is False: self.instance.ad_enable = False super(ActiveDirectoryForm, self).save() raise ServiceFailed( "activedirectory", _("Active Directory failed to reload."), ) else: if started is True: started = notifier().stop("activedirectory") return obj
def add_ldap_conf(smb4_conf): try: ldap = LDAP.objects.all()[0] cifs = CIFS.objects.all()[0] except: return confset1(smb4_conf, "security = user") confset1( smb4_conf, "passdb backend = ldapsam:%s://%s" % ("ldaps" if ldap.ldap_ssl == "on" else "ldap", ldap.ldap_hostname), ) ldap_workgroup = cifs.cifs_srv_workgroup.upper() confset2(smb4_conf, "ldap admin dn = %s", ldap.ldap_binddn) confset2(smb4_conf, "ldap suffix = %s", ldap.ldap_basedn) confset2(smb4_conf, "ldap user suffix = %s", ldap.ldap_usersuffix) confset2(smb4_conf, "ldap group suffix = %s", ldap.ldap_groupsuffix) confset2(smb4_conf, "ldap machine suffix = %s", ldap.ldap_machinesuffix) confset2(smb4_conf, "ldap ssl = %s", "start tls" if (ldap.ldap_ssl == "start_tls") else "off") confset1(smb4_conf, "ldap replication sleep = 1000") confset1(smb4_conf, "ldap passwd sync = yes") confset1(smb4_conf, "ldapsam:trusted = yes") set_netbiosname(smb4_conf, ldap.ldap_netbiosname) confset2(smb4_conf, "workgroup = %s", ldap_workgroup) confset1(smb4_conf, "domain logons = yes") idmap = get_idmap_object(ldap.ds_type, ldap.id, ldap.ldap_idmap_backend) configure_idmap_backend(smb4_conf, idmap, ldap_workgroup)
def set_idmap_rfc2307_secret(): try: ad = ActiveDirectory.objects.all()[0] except: return False domain = None idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) try: fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) domain = fad.netbiosname.upper() except: return False args = ["/usr/local/bin/net", "-d 0", "idmap", "secret"] net_cmd = "%s '%s' '%s'" % (string.join( args, ' '), domain, idmap.idmap_rfc2307_ldap_user_dn_password) p = pipeopen(net_cmd, quiet=True) net_out = p.communicate() if net_out and net_out[0]: for line in net_out[0].split('\n'): if not line: continue print line ret = True if p.returncode != 0: print >> sys.stderr, "Failed to set idmap secret!" ret = False return ret
def add_ldap_conf(smb4_conf): try: ldap = LDAP.objects.all()[0] cifs = CIFS.objects.all()[0] except: return confset1(smb4_conf, "security = user") confset1( smb4_conf, "passdb backend = ldapsam:%s://%s" % ("ldaps" if ldap.ldap_ssl == 'on' else "ldap", ldap.ldap_hostname)) ldap_workgroup = cifs.cifs_srv_workgroup.upper() confset2(smb4_conf, "ldap admin dn = %s", ldap.ldap_binddn) confset2(smb4_conf, "ldap suffix = %s", ldap.ldap_basedn) confset2(smb4_conf, "ldap user suffix = %s", ldap.ldap_usersuffix) confset2(smb4_conf, "ldap group suffix = %s", ldap.ldap_groupsuffix) confset2(smb4_conf, "ldap machine suffix = %s", ldap.ldap_machinesuffix) confset2(smb4_conf, "ldap ssl = %s", "start tls" if (ldap.ldap_ssl == 'start_tls') else 'off') confset1(smb4_conf, "ldap replication sleep = 1000") confset1(smb4_conf, "ldap passwd sync = yes") confset1(smb4_conf, "ldapsam:trusted = yes") confset2(smb4_conf, "workgroup = %s", ldap_workgroup) confset1(smb4_conf, "domain logons = yes") idmap = get_idmap_object(ldap.ds_type, ldap.id, ldap.ldap_idmap_backend) configure_idmap_backend(smb4_conf, idmap, ldap_workgroup)
def set_idmap_rfc2307_secret(): try: ad = ActiveDirectory.objects.all()[0] except: return False domain = None idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) try: fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) domain = fad.netbiosname.upper() except: return False args = ["/usr/local/bin/net", "-d 0", "idmap", "secret"] net_cmd = "%s '%s' '%s'" % (string.join(args, " "), domain, idmap.idmap_rfc2307_ldap_user_dn_password) p = pipeopen(net_cmd, quiet=True) net_out = p.communicate() if net_out and net_out[0]: for line in net_out[0].split("\n"): if not line: continue print line ret = True if p.returncode != 0: print >> sys.stderr, "Failed to set idmap secret!" ret = False return ret
def add_activedirectory_conf(smb4_conf): try: ad = ActiveDirectory.objects.all()[0] except: return cachedir = "/var/tmp/.cache/.samba" try: os.makedirs(cachedir) os.chmod(cachedir, 0755) except: pass ad_workgroup = None try: fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) ad_workgroup = fad.netbiosname.upper() except: return set_netbiosname(smb4_conf, ad.ad_netbiosname) confset2(smb4_conf, "workgroup = %s", ad_workgroup) confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper()) confset1(smb4_conf, "security = ADS") confset1(smb4_conf, "client use spnego = yes") confset2(smb4_conf, "cache directory = %s", cachedir) confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no") confset2(smb4_conf, "ads dns update = %s", "yes" if ad.ad_allow_dns_updates else "no") confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2(smb4_conf, "winbind use default domain = %s", "yes" if ad.ad_use_default_domain else "no") confset1(smb4_conf, "winbind refresh tickets = yes") if ad.ad_nss_info: confset2(smb4_conf, "winbind nss info = %s", ad.ad_nss_info) idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) configure_idmap_backend(smb4_conf, idmap, ad_workgroup) confset2(smb4_conf, "allow trusted domains = %s", "yes" if ad.ad_allow_trusted_doms else "no") confset2(smb4_conf, "client ldap sasl wrapping = %s", ad.ad_ldap_sasl_wrapping) confset1(smb4_conf, "template shell = /bin/sh") confset2(smb4_conf, "template homedir = %s", "/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")
def add_activedirectory_conf(smb4_conf): try: ad = ActiveDirectory.objects.all()[0] except: return cachedir = "/var/tmp/.cache/.samba" try: os.makedirs(cachedir) os.chmod(cachedir, 0755) except: pass ad_workgroup = None try: fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) ad_workgroup = fad.netbiosname.upper() except: return set_netbiosname(smb4_conf, ad.ad_netbiosname) confset2(smb4_conf, "workgroup = %s", ad_workgroup) confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper()) confset1(smb4_conf, "security = ADS") confset1(smb4_conf, "client use spnego = yes") confset2(smb4_conf, "cache directory = %s", cachedir) confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no") confset2(smb4_conf, "ads dns update = %s", "yes" if ad.ad_allow_dns_updates else "no") confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2(smb4_conf, "winbind use default domain = %s", "yes" if ad.ad_use_default_domain else "no") confset1(smb4_conf, "winbind refresh tickets = yes") if ad.ad_nss_info: confset2(smb4_conf, "winbind nss info = %s", ad.ad_nss_info) idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) configure_idmap_backend(smb4_conf, idmap, ad_workgroup) confset2(smb4_conf, "allow trusted domains = %s", "yes" if ad.ad_allow_trusted_doms else "no") confset2(smb4_conf, "client ldap sasl wrapping = %s", ad.ad_ldap_sasl_wrapping) confset1(smb4_conf, "template shell = /bin/sh") confset2(smb4_conf, "template homedir = %s", "/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")
def save(self): enable = self.cleaned_data.get("ad_enable") if self.__original_changed(): notifier()._clear_activedirectory_config() started = notifier().started("activedirectory") obj = super(ActiveDirectoryForm, self).save() try: utils.get_idmap_object(obj.ds_type, obj.id, obj.ad_idmap_backend) except ObjectDoesNotExist: log.debug( 'IDMAP backend {} entry does not exist, creating one.'.format( obj.ad_idmap_backend)) utils.get_idmap(obj.ds_type, obj.id, obj.ad_idmap_backend) self.cifs.cifs_srv_netbiosname = self.cleaned_data.get( "ad_netbiosname_a") self.cifs.cifs_srv_netbiosname_b = self.cleaned_data.get( "ad_netbiosname_b") self.cifs.cifs_srv_netbiosalias = self.cleaned_data.get( "ad_netbiosalias") self.cifs.save() if enable: if started is True: started = notifier().restart("activedirectory") if started is False: started = notifier().start("activedirectory") if started is False: self.instance.ad_enable = False super(ActiveDirectoryForm, self).save() raise ServiceFailed( "activedirectory", _("Active Directory failed to reload."), ) else: if started is True: started = notifier().stop("activedirectory") return obj
def add_nt4_conf(smb4_conf): # TODO: These are unused, will they be at some point? # rid_range_start = 20000 # rid_range_end = 20000000 try: nt4 = NT4.objects.all()[0] except: return dc_ip = None try: answers = resolver.query(nt4.nt4_dcname, 'A') dc_ip = answers[0] except Exception as e: log.debug( "resolver query for {0}'s A record failed with {1}".format(nt4.nt4_dcname, e) ) log_traceback(log=log) dc_ip = nt4.nt4_dcname nt4_workgroup = nt4.nt4_workgroup.upper() with open("/usr/local/etc/lmhosts", "w") as f: f.write("%s\t%s\n" % (dc_ip, nt4.nt4_dcname.upper())) confset2(smb4_conf, "workgroup = %s", nt4_workgroup) confset1(smb4_conf, "security = domain") confset1(smb4_conf, "password server = *") idmap = get_idmap_object(nt4.ds_type, nt4.id, nt4.nt4_idmap_backend) configure_idmap_backend(smb4_conf, idmap, nt4_workgroup) confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2( smb4_conf, "winbind use default domain = %s", "yes" if nt4.nt4_use_default_domain else "no" ) confset1(smb4_conf, "template shell = /bin/sh") confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no")
def ds_get_idmap_object(self, ds_type, id, idmap_backend): """Temporary wrapper to serialize IDMAP objects""" obj = get_idmap_object(ds_type, id, idmap_backend) data = django_modelobj_serialize(self.middleware, obj) data['idmap_backend_name'] = obj.idmap_backend_name data['idmap_backend_type'] = obj.idmap_backend_type # Only these types have SSL if data['idmap_backend_type'] not in (IDMAP_TYPE_LDAP, IDMAP_TYPE_RFC2307): return data cert = obj.get_certificate() if cert: data['certificate'] = django_modelobj_serialize(self.middleware, cert) else: data['certificate'] = None data['ssl'] = obj.get_ssl() data['url'] = obj.get_url() return data
def ds_get_idmap_object(self, ds_type, id, idmap_backend): """Temporary wrapper to serialize IDMAP objects""" obj = get_idmap_object(ds_type, id, idmap_backend) data = django_modelobj_serialize(self.middleware, obj) data['idmap_backend_name'] = obj.idmap_backend_name data['idmap_backend_type'] = obj.idmap_backend_type # Only these types have SSL if ds_type not in (IDMAP_TYPE_LDAP, IDMAP_TYPE_RFC2307): return data cert = obj.get_certificate() if cert: data['certificate'] = django_modelobj_serialize(self.middleware, cert) else: data['certificate'] = None data['ssl'] = obj.get_ssl() data['url'] = obj.get_url() return data
def add_nt4_conf(smb4_conf): rid_range_start = 20000 rid_range_end = 20000000 try: nt4 = NT4.objects.all()[0] except: return dc_ip = None try: answers = resolver.query(nt4.nt4_dcname, 'A') dc_ip = answers[0] except Exception as e: dc_ip = nt4.nt4_dcname with open("/usr/local/etc/lmhosts", "w") as f: f.write("%s\t%s\n" % (dc_ip, nt4.nt4_workgroup.upper())) f.close() nt4_workgroup = nt4.nt4_workgroup.upper() set_netbiosname(smb4_conf, nt4.nt4_netbiosname) confset2(smb4_conf, "workgroup = %s", nt4_workgroup) confset1(smb4_conf, "security = domain") confset1(smb4_conf, "password server = *") idmap = get_idmap_object(nt4.ds_type, nt4.id, nt4.nt4_idmap_backend) configure_idmap_backend(smb4_conf, idmap, nt4_workgroup) confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2(smb4_conf, "winbind use default domain = %s", "yes" if nt4.nt4_use_default_domain else "no") confset1(smb4_conf, "template shell = /bin/sh") confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no")
def add_nt4_conf(smb4_conf): rid_range_start = 20000 rid_range_end = 20000000 try: nt4 = NT4.objects.all()[0] except: return dc_ip = None try: answers = resolver.query(nt4.nt4_dcname, 'A') dc_ip = answers[0] except Exception as e: dc_ip = nt4.nt4_dcname with open("/usr/local/etc/lmhosts", "w") as f: f.write("%s\t%s\n" % (dc_ip, nt4.nt4_workgroup.upper())) f.close() nt4_workgroup = nt4.nt4_workgroup.upper() set_netbiosname(smb4_conf, nt4.nt4_netbiosname) confset2(smb4_conf, "workgroup = %s", nt4_workgroup) confset1(smb4_conf, "security = domain") confset1(smb4_conf, "password server = *") idmap = get_idmap_object(nt4.ds_type, nt4.id, nt4.nt4_idmap_backend) configure_idmap_backend(smb4_conf, idmap, nt4_workgroup) confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2(smb4_conf, "winbind use default domain = %s", "yes" if nt4.nt4_use_default_domain else "no") confset1(smb4_conf, "template shell = /bin/sh") confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no")
def ldap_conf_activedirectory(ldap_conf): ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) config = { } config["URI"] = "%s://%s" % ( "ldaps" if ad.ssl == "on" else "ldap", ad.domainname ) config["BASE"] = ad.basedn if ad.ssl in ("start_tls", "on"): if ad.certfile: config["TLS_CACERT"] = ad.certfile config["TLS_REQCERT"] = "allow" # # So what if the AD server is configured to use SSL or TLS, # and the idmap backend is as well? WTF? whaddoyoudo? # ad = models.ActiveDirectory.objects.all()[0] if ad.ad_idmap_backend in ("rfc2307", "ldap"): idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) idmap_url = idmap.get_url() idmap_url = re.sub('^(ldaps?://)', '', idmap_url) config["URI"] = "%s://%s" % ( "ldaps" if idmap.get_ssl() == "on" else "ldap", idmap_url ) if idmap.get_ssl() in ('start_tls', 'on'): capath = get_certificateauthority_path(idmap.get_certificate()) if capath: config["TLS_CACERT"] = capath config["TLS_REQCERT"] = "allow" keys = ["URI", "BASE", "TLS_CACERT", "TLS_REQCERT"] with open(ldap_conf, "w") as f: for key in keys: if key in config: f.write("%s %s\n" % (key, config[key])) f.close() os.chmod(ldap_conf, 0644)
def ldap_conf_activedirectory(ldap_conf): ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) config = {} config["URI"] = "%s://%s" % ("ldaps" if ad.ssl == "on" else "ldap", ad.domainname) config["BASE"] = ad.basedn if ad.ssl in ("start_tls", "on"): if ad.certfile: config["TLS_CACERT"] = ad.certfile config["TLS_REQCERT"] = "allow" # # So what if the AD server is configured to use SSL or TLS, # and the idmap backend is as well? WTF? whaddoyoudo? # ad = models.ActiveDirectory.objects.all()[0] if ad.ad_idmap_backend in ("rfc2307", "ldap"): idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) idmap_url = idmap.get_url() idmap_url = re.sub('^(ldaps?://)', '', idmap_url) config["URI"] = "%s://%s" % ("ldaps" if idmap.get_ssl() == "on" else "ldap", idmap_url) if idmap.get_ssl() in ('start_tls', 'on'): capath = get_certificateauthority_path(idmap.get_certificate()) if capath: config["TLS_CACERT"] = capath config["TLS_REQCERT"] = "allow" keys = ["URI", "BASE", "TLS_CACERT", "TLS_REQCERT"] with open(ldap_conf, "w") as f: for key in keys: if key in config: f.write("%s %s\n" % (key, config[key])) f.close() os.chmod(ldap_conf, 0644)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, ' ') if role != 'dc': bindips = "127.0.0.1 %s" % bindips n = notifier() bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = n.get_interface(bindip) if iface and n.is_carp_interface(iface): parent_iface = n.get_parent_interface(iface) if not parent_iface: continue parent_iinfo = n.get_interface_info(parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: loglevel = cifs.cifs_srv_loglevel else: loglevel = "0" if cifs.cifs_srv_syslog: confset1(smb4_conf, "logging = syslog:%s" % loglevel) else: confset1(smb4_conf, "logging = file") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if (not nt4_enabled() and not activedirectory_enabled()): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode('utf-8') smb_options = smb_options.strip() for line in smb_options.split('\n'): line = line.strip() if not line: continue confset1(smb4_conf, line)
def add_activedirectory_conf(smb4_conf): rid_range_start = 20000 rid_range_end = 20000000 ad_range_start = 10000 ad_range_end = 90000000 try: ad = ActiveDirectory.objects.all()[0] except: return cachedir = "/var/tmp/.cache/.samba" try: os.makedirs(cachedir) except: pass ad_workgroup = None try: fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) ad_workgroup = fad.netbiosname.upper() except: return confset2(smb4_conf, "netbios name = %s", ad.ad_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", ad_workgroup) confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper()) confset1(smb4_conf, "security = ADS") confset1(smb4_conf, "client use spnego = yes") confset2(smb4_conf, "cache directory = %s", cachedir) confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "acl map full control = true") confset1(smb4_conf, "dos filemode = yes") confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2(smb4_conf, "winbind use default domain = %s", "yes" if ad.ad_use_default_domain else "no") confset1(smb4_conf, "winbind refresh tickets = yes") if ad.ad_unix_extensions: confset1(smb4_conf, "winbind nss info = rfc2307") idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) configure_idmap_backend(smb4_conf, idmap, ad_workgroup) confset2(smb4_conf, "allow trusted domains = %s", "yes" if ad.ad_allow_trusted_doms else "no") confset1(smb4_conf, "template shell = /bin/sh") confset2(smb4_conf, "template homedir = %s", "/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")
def save(self): enable = self.cleaned_data.get("ad_enable") enable_monitoring = self.cleaned_data.get("ad_enable_monitor") monit_frequency = self.cleaned_data.get("ad_monitor_frequency") monit_retry = self.cleaned_data.get("ad_recover_retry") fqdn = self.cleaned_data.get("ad_domainname") sm = None if self.__original_changed(): notifier().clear_activedirectory_config() started = notifier().started("activedirectory", timeout=_fs().directoryservice.activedirectory.timeout.started) obj = super(ActiveDirectoryForm, self).save() try: utils.get_idmap_object(obj.ds_type, obj.id, obj.ad_idmap_backend) except ObjectDoesNotExist: log.debug('IDMAP backend {} entry does not exist, creating one.'.format(obj.ad_idmap_backend)) utils.get_idmap(obj.ds_type, obj.id, obj.ad_idmap_backend) self.cifs.cifs_srv_netbiosname = self.cleaned_data.get("ad_netbiosname_a") self.cifs.cifs_srv_netbiosname_b = self.cleaned_data.get("ad_netbiosname_b") self.cifs.cifs_srv_netbiosalias = self.cleaned_data.get("ad_netbiosalias") self.cifs.save() if enable: if started is True: timeout = _fs().directoryservice.activedirectory.timeout.restart try: started = notifier().restart("activedirectory", timeout=timeout) except Exception as e: raise MiddlewareError( _("Active Directory restart timed out after %d seconds." % timeout), ) if started is False: timeout = _fs().directoryservice.activedirectory.timeout.start try: started = notifier().start("activedirectory", timeout=timeout) except Exception as e: raise MiddlewareError( _("Active Directory start timed out after %d seconds." % timeout), ) if started is False: self.instance.ad_enable = False super(ActiveDirectoryForm, self).save() raise MiddlewareError( _("Active Directory failed to reload."), ) else: if started is True: timeout = _fs().directoryservice.activedirectory.timeout.stop try: started = notifier().stop("activedirectory", timeout=timeout) except Exception as e: raise MiddlewareError( _("Active Directory stop timed out after %d seconds." % timeout), ) sm_name = 'activedirectory' try: sm = ServiceMonitor.objects.get(sm_name=sm_name) except Exception as e: log.debug("XXX: Unable to find ServiceMonitor: %s", e) pass # # Ports can be specified in the UI but there doesn't appear to be a way to # override them via SRV records. This should be fixed. # dcport = self.get_dcport() gcport = self.get_gcport() if not sm: try: log.debug("XXX: fqdn=%s dcport=%s frequency=%s retry=%s enable=%s", fqdn, dcport, monit_frequency, monit_retry, enable_monitoring) sm = ServiceMonitor.objects.create( sm_name=sm_name, sm_host=fqdn, sm_port=dcport, sm_frequency=monit_frequency, sm_retry=monit_retry, sm_enable=enable_monitoring ) except Exception as e: log.debug("XXX: Unable to create ServiceMonitor: %s", e) raise MiddlewareError( _("Unable to create ServiceMonitor: %s" % e), ) else: sm.sm_name = sm_name if fqdn != sm.sm_host: sm.sm_host = fqdn if dcport != sm.sm_port: sm.sm_port = dcport if monit_frequency != sm.sm_frequency: sm.sm_frequency = monit_frequency if monit_retry != sm.sm_retry: sm.sm_retry = monit_retry if enable_monitoring != sm.sm_enable: sm.sm_enable = enable_monitoring try: sm.save(force_update=True) except Exception as e: log.debug("XXX: Unable to create ServiceMonitor: %s", e) raise MiddlewareError( _("Unable to save ServiceMonitor: %s" % e), ) with client as c: if enable_monitoring and enable: log.debug("[ServiceMonitoring] Add %s service, frequency: %d, retry: %d" % ('activedirectory', monit_frequency, monit_retry)) c.call('servicemonitor.restart') else: log.debug("[ServiceMonitoring] Remove %s service, frequency: %d, retry: %d" % ('activedirectory', monit_frequency, monit_retry)) c.call('servicemonitor.restart') return obj
def save(self): enable = self.cleaned_data.get("ad_enable") enable_monitoring = self.cleaned_data.get("ad_enable_monitor") monit_frequency = self.cleaned_data.get("ad_monitor_frequency") monit_retry = self.cleaned_data.get("ad_recover_retry") fqdn = self.cleaned_data.get("ad_domainname") if self.__original_changed(): notifier().clear_activedirectory_config() started = notifier().started("activedirectory") obj = super(ActiveDirectoryForm, self).save() try: utils.get_idmap_object(obj.ds_type, obj.id, obj.ad_idmap_backend) except ObjectDoesNotExist: log.debug( 'IDMAP backend {} entry does not exist, creating one.'.format( obj.ad_idmap_backend)) utils.get_idmap(obj.ds_type, obj.id, obj.ad_idmap_backend) self.cifs.cifs_srv_netbiosname = self.cleaned_data.get( "ad_netbiosname_a") self.cifs.cifs_srv_netbiosname_b = self.cleaned_data.get( "ad_netbiosname_b") self.cifs.cifs_srv_netbiosalias = self.cleaned_data.get( "ad_netbiosalias") self.cifs.save() if enable: if started is True: started = notifier().restart("activedirectory", timeout=90) if started is False: started = notifier().start("activedirectory", timeout=90) if started is False: self.instance.ad_enable = False super(ActiveDirectoryForm, self).save() raise ServiceFailed( "activedirectory", _("Active Directory failed to reload."), ) else: if started is True: started = notifier().stop("activedirectory", timeout=60) with client as c: if enable_monitoring and enable: log.debug( "[ServiceMonitoring] Add %s service, frequency: %d, retry: %d" % ('activedirectory', monit_frequency, monit_retry)) c.call('service.enable_test_service_connection', monit_frequency, monit_retry, fqdn, 3268, 'activedirectory') else: log.debug( "[ServiceMonitoring] Remove %s service, frequency: %d, retry: %d" % ('activedirectory', monit_frequency, monit_retry)) c.call('service.disable_test_service_connection', monit_frequency, monit_retry, fqdn, 3268, 'activedirectory') return obj
def save(self): enable = self.cleaned_data.get("ad_enable") enable_monitoring = self.cleaned_data.get("ad_enable_monitor") monit_frequency = self.cleaned_data.get("ad_monitor_frequency") monit_retry = self.cleaned_data.get("ad_recover_retry") fqdn = self.cleaned_data.get("ad_domainname") sm = None if self.__original_changed(): notifier().clear_activedirectory_config() started = notifier().started( "activedirectory", timeout=_fs().directoryservice.activedirectory.timeout.started) obj = super(ActiveDirectoryForm, self).save() try: utils.get_idmap_object(obj.ds_type, obj.id, obj.ad_idmap_backend) except ObjectDoesNotExist: log.debug( 'IDMAP backend {} entry does not exist, creating one.'.format( obj.ad_idmap_backend)) utils.get_idmap(obj.ds_type, obj.id, obj.ad_idmap_backend) self.cifs.cifs_srv_netbiosname = self.cleaned_data.get( "ad_netbiosname_a") self.cifs.cifs_srv_netbiosname_b = self.cleaned_data.get( "ad_netbiosname_b") self.cifs.cifs_srv_netbiosalias = self.cleaned_data.get( "ad_netbiosalias") self.cifs.save() if enable: if started is True: timeout = _fs( ).directoryservice.activedirectory.timeout.restart try: started = notifier().restart("activedirectory", timeout=timeout) except Exception as e: raise MiddlewareError( _("Active Directory restart timed out after %d seconds." % timeout), ) if started is False: timeout = _fs().directoryservice.activedirectory.timeout.start try: started = notifier().start("activedirectory", timeout=timeout) except Exception as e: raise MiddlewareError( _("Active Directory start timed out after %d seconds." % timeout), ) if started is False: self.instance.ad_enable = False super(ActiveDirectoryForm, self).save() raise MiddlewareError( _("Active Directory failed to reload."), ) else: if started is True: timeout = _fs().directoryservice.activedirectory.timeout.stop try: started = notifier().stop("activedirectory", timeout=timeout) except Exception as e: raise MiddlewareError( _("Active Directory stop timed out after %d seconds." % timeout), ) sm_name = 'activedirectory' try: sm = ServiceMonitor.objects.get(sm_name=sm_name) except Exception as e: log.debug("XXX: Unable to find ServiceMonitor: %s", e) pass # # Ports can be specified in the UI but there doesn't appear to be a way to # override them via SRV records. This should be fixed. # dcport = self.get_dcport() gcport = self.get_gcport() if not sm: try: log.debug( "XXX: fqdn=%s dcport=%s frequency=%s retry=%s enable=%s", fqdn, dcport, monit_frequency, monit_retry, enable_monitoring) sm = ServiceMonitor.objects.create( sm_name=sm_name, sm_host=fqdn, sm_port=dcport, sm_frequency=monit_frequency, sm_retry=monit_retry, sm_enable=enable_monitoring) except Exception as e: log.debug("XXX: Unable to create ServiceMonitor: %s", e) raise MiddlewareError( _("Unable to create ServiceMonitor: %s" % e), ) else: sm.sm_name = sm_name if fqdn != sm.sm_host: sm.sm_host = fqdn if dcport != sm.sm_port: sm.sm_port = dcport if monit_frequency != sm.sm_frequency: sm.sm_frequency = monit_frequency if monit_retry != sm.sm_retry: sm.sm_retry = monit_retry if enable_monitoring != sm.sm_enable: sm.sm_enable = enable_monitoring try: sm.save(force_update=True) except Exception as e: log.debug("XXX: Unable to create ServiceMonitor: %s", e) raise MiddlewareError( _("Unable to save ServiceMonitor: %s" % e), ) with client as c: if enable_monitoring and enable: log.debug( "[ServiceMonitoring] Add %s service, frequency: %d, retry: %d" % ('activedirectory', monit_frequency, monit_retry)) c.call('servicemonitor.restart') else: log.debug( "[ServiceMonitoring] Remove %s service, frequency: %d, retry: %d" % ('activedirectory', monit_frequency, monit_retry)) c.call('servicemonitor.restart') return obj
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = cifs.cifs_srv_bindip.replace(',', ' ') if role != 'dc': interfaces = "127.0.0.1 %s" % interfaces confset2(smb4_conf, "interfaces = %s", interfaces) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "dos filemode = yes") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line) if cifs.cifs_srv_homedir_enable: valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass if cifs.cifs_srv_homedir: cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path) else: cifs_homedir_path = False confset1(smb4_conf, "\n") confset1(smb4_conf, "[homes]", space=0) confset1(smb4_conf, "comment = Home Directories") confset2(smb4_conf, "valid users = %s", valid_users) confset1(smb4_conf, "writable = yes") confset2(smb4_conf, "browseable = %s", "yes" if cifs.cifs_srv_homedir_browseable_enable else "no") if cifs_homedir_path: confset2(smb4_conf, "path = %s", cifs_homedir_path) for line in cifs.cifs_srv_homedir_aux.split('\n'): confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = "ftp" if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, " ") if role != "dc": bindips = "127.0.0.1 %s" % bindips n = notifier() bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = n.get_interface(bindip) if iface and n.is_carp_interface(iface): parent_iface = n.get_parent_interface(iface) if not parent_iface: continue parent_iinfo = n.get_interface_info(parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl("kern.maxfilesperproc")) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") else: confset1(smb4_conf, "syslog only = no") if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "syslog = %s", cifs.cifs_srv_loglevel) else: confset1(smb4_conf, "syslog = 0") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode("utf8")) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if not nt4_enabled() and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, "tdb") configure_idmap_backend(smb4_conf, idmap, None) if role == "auto": confset1(smb4_conf, "server role = auto") elif role == "classic": confset1(smb4_conf, "server role = classic primary domain controller") elif role == "netbios": confset1(smb4_conf, "server role = netbios backup domain controller") elif role == "dc": confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == "member": confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == "standalone": confset1(smb4_conf, "server role = standalone") set_netbiosname(smb4_conf, cifs.cifs_srv_netbiosname) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != "dc": confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode("utf-8") smb_options = smb_options.strip() for line in smb_options.split("\n"): line = line.strip() if not line: continue confset1(smb4_conf, line)
def add_activedirectory_conf(smb4_conf): rid_range_start = 20000 rid_range_end = 20000000 ad_range_start = 10000 ad_range_end = 90000000 try: ad = ActiveDirectory.objects.all()[0] except: return cachedir = "/var/tmp/.cache/.samba" try: os.makedirs(cachedir) except: pass ad_workgroup = None try: fad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) ad_workgroup = fad.netbiosname.upper() except: return confset2(smb4_conf, "netbios name = %s", ad.ad_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", ad_workgroup) confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper()) confset1(smb4_conf, "security = ADS") confset1(smb4_conf, "client use spnego = yes") confset2(smb4_conf, "cache directory = %s", cachedir) confset1(smb4_conf, "local master = no") confset1(smb4_conf, "domain master = no") confset1(smb4_conf, "preferred master = no") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "acl map full control = true") confset1(smb4_conf, "dos filemode = yes") confset1(smb4_conf, "winbind cache time = 7200") confset1(smb4_conf, "winbind offline logon = yes") confset1(smb4_conf, "winbind enum users = yes") confset1(smb4_conf, "winbind enum groups = yes") confset1(smb4_conf, "winbind nested groups = yes") confset2(smb4_conf, "winbind use default domain = %s", "yes" if ad.ad_use_default_domain else "no") confset1(smb4_conf, "winbind refresh tickets = yes") if ad.ad_unix_extensions: confset1(smb4_conf, "winbind nss info = rfc2307") idmap = get_idmap_object(ad.ds_type, ad.id, ad.ad_idmap_backend) configure_idmap_backend(smb4_conf, idmap, ad_workgroup) confset2(smb4_conf, "allow trusted domains = %s", "yes" if ad.ad_allow_trusted_doms else "no") confset1(smb4_conf, "template shell = /bin/sh") confset2(smb4_conf, "template homedir = %s", "/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")