def run(self, account, sambaopts=None, credopts=None, versionopts=None, server=None): if server is None: raise Exception("You must supply a server") lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) # connect to the remote and local SAMs samdb = SamDB(url="ldap://%s" % server, session_info=system_session(), credentials=creds, lp=lp) local_samdb = SamDB(url=None, session_info=system_session(), credentials=creds, lp=lp) # work out the source and destination GUIDs dc_ntds_dn = self.get_dsServiceName(samdb) res = samdb.search(base=dc_ntds_dn, scope=ldb.SCOPE_BASE, attrs=["invocationId"]) source_dsa_invocation_id = misc.GUID(local_samdb.schema_format_value("objectGUID", res[0]["invocationId"][0])) dn = self.get_dn(samdb, account) print "Replicating DN %s" % dn destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID()) local_samdb.transaction_start() repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb) try: repl.replicate(dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) except Exception, e: raise CommandError("Error replicating DN %s" % dn, e)
def join_replicate(ctx): '''replicate the SAM''' print "Starting replication" ctx.local_samdb.transaction_start() try: source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id()) destination_dsa_guid = ctx.ntds_guid if ctx.RODC: repl_creds = Credentials() repl_creds.guess(ctx.lp) repl_creds.set_kerberos_state(DONT_USE_KERBEROS) repl_creds.set_username(ctx.samname) repl_creds.set_password(ctx.acct_pass) else: repl_creds = ctx.creds binding_options = "seal" if int(ctx.lp.get("log level")) >= 5: binding_options += ",print" repl = drs_utils.drs_Replicate( "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options), ctx.lp, repl_creds, ctx.local_samdb) repl.replicate(ctx.schema_dn, source_dsa_invocation_id, destination_dsa_guid, schema=True, rodc=ctx.RODC, replica_flags=ctx.replica_flags) repl.replicate(ctx.config_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) if ctx.RODC: repl.replicate(ctx.acct_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) print "Committing SAM database" except: ctx.local_samdb.transaction_cancel() raise else: ctx.local_samdb.transaction_commit()
def join_replicate(ctx): '''replicate the SAM''' print "Starting replication" ctx.local_samdb.transaction_start() try: source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id()) if ctx.ntds_guid is None: print("Using DS_BIND_GUID_W2K3") destination_dsa_guid = misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID_W2K3) else: destination_dsa_guid = ctx.ntds_guid if ctx.RODC: repl_creds = Credentials() repl_creds.guess(ctx.lp) repl_creds.set_kerberos_state(DONT_USE_KERBEROS) repl_creds.set_username(ctx.samname) repl_creds.set_password(ctx.acct_pass) else: repl_creds = ctx.creds binding_options = "seal" if int(ctx.lp.get("log level")) >= 5: binding_options += ",print" repl = drs_utils.drs_Replicate( "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options), ctx.lp, repl_creds, ctx.local_samdb) repl.replicate(ctx.schema_dn, source_dsa_invocation_id, destination_dsa_guid, schema=True, rodc=ctx.RODC, replica_flags=ctx.replica_flags) repl.replicate(ctx.config_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) if not ctx.subdomain: repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) if ctx.RODC: repl.replicate(ctx.acct_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) ctx.repl = repl ctx.source_dsa_invocation_id = source_dsa_invocation_id ctx.destination_dsa_guid = destination_dsa_guid print "Committing SAM database" except: ctx.local_samdb.transaction_cancel() raise else: ctx.local_samdb.transaction_commit()
def run(self, *accounts, **kwargs): sambaopts = kwargs.get("sambaopts") credopts = kwargs.get("credopts") versionpts = kwargs.get("versionopts") server = kwargs.get("server") accounts_file = kwargs.get("file") if server is None: raise Exception("You must supply a server") if accounts_file is not None: accounts = [] if accounts_file == "-": for line in sys.stdin: accounts.append(line.strip()) else: for line in open(accounts_file, 'r'): accounts.append(line.strip()) lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) # connect to the remote and local SAMs samdb = SamDB(url="ldap://%s" % server, session_info=system_session(), credentials=creds, lp=lp) local_samdb = SamDB(url=None, session_info=system_session(), credentials=creds, lp=lp) destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID()) repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb, destination_dsa_guid) for account in accounts: # work out the source and destination GUIDs dc_ntds_dn = samdb.get_dsServiceName() res = samdb.search(base=dc_ntds_dn, scope=ldb.SCOPE_BASE, attrs=["invocationId"]) source_dsa_invocation_id = misc.GUID(local_samdb.schema_format_value("objectGUID", res[0]["invocationId"][0])) dn = self.get_dn(samdb, account) self.outf.write("Replicating DN %s\n" % dn) local_samdb.transaction_start() try: repl.replicate(dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) except Exception, e: local_samdb.transaction_cancel() raise CommandError("Error replicating DN %s" % dn, e) local_samdb.transaction_commit()
def run(self, account, sambaopts=None, credopts=None, versionopts=None, server=None): if server is None: raise Exception("You must supply a server") lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) # connect to the remote and local SAMs samdb = SamDB(url="ldap://%s" % server, session_info=system_session(), credentials=creds, lp=lp) local_samdb = SamDB(url=None, session_info=system_session(), credentials=creds, lp=lp) # work out the source and destination GUIDs dc_ntds_dn = samdb.get_dsServiceName() res = samdb.search(base=dc_ntds_dn, scope=ldb.SCOPE_BASE, attrs=["invocationId"]) source_dsa_invocation_id = misc.GUID( local_samdb.schema_format_value("objectGUID", res[0]["invocationId"][0])) dn = self.get_dn(samdb, account) self.outf.write("Replicating DN %s\n" % dn) destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID()) local_samdb.transaction_start() repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb, destination_dsa_guid) try: repl.replicate(dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) except Exception, e: local_samdb.transaction_cancel() raise CommandError("Error replicating DN %s" % dn, e)
def run(self, *accounts, **kwargs): sambaopts = kwargs.get("sambaopts") credopts = kwargs.get("credopts") server = kwargs.get("server") accounts_file = kwargs.get("file") ignore_errors = kwargs.get("ignore_errors") if server is None: raise Exception("You must supply a server") if accounts_file is not None: accounts = [] if accounts_file == "-": for line in sys.stdin: accounts.append(line.strip()) else: for line in open(accounts_file, 'r'): accounts.append(line.strip()) lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) # connect to the remote and local SAMs samdb = SamDB(url="ldap://%s" % server, session_info=system_session(), credentials=creds, lp=lp) local_samdb = SamDB(url=None, session_info=system_session(), credentials=creds, lp=lp) destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID()) binding_options = "seal" if lp.log_level() >= 9: binding_options += ",print" repl = drs_Replicate("ncacn_ip_tcp:%s[%s]" % (server, binding_options), lp, creds, local_samdb, destination_dsa_guid) errors = [] for account in accounts: # work out the source and destination GUIDs dc_ntds_dn = samdb.get_dsServiceName() res = samdb.search(base=dc_ntds_dn, scope=ldb.SCOPE_BASE, attrs=["invocationId"]) source_dsa_invocation_id = misc.GUID( local_samdb.schema_format_value("objectGUID", res[0]["invocationId"][0])) try: dn = self.get_dn(samdb, account) except RODCException as e: if not ignore_errors: raise CommandError(str(e)) errors.append(e) continue self.outf.write("Replicating DN %s\n" % dn) local_samdb.transaction_start() try: repl.replicate(dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) except Exception as e: local_samdb.transaction_cancel() if not ignore_errors: raise CommandError("Error replicating DN %s" % dn) errors.append(ReplicationError("Error replicating DN %s" % dn)) continue local_samdb.transaction_commit() if len(errors) > 0: self.message("\nPreload encountered problematic users:") for error in errors: self.message(" %s" % error)
def drs_local_replicate(self, SOURCE_DC, NC, full_sync=False, single_object=False, sync_forced=False): '''replicate from a source DC to the local SAM''' self.server = SOURCE_DC drsuapi_connect(self) self.local_samdb = SamDB(session_info=system_session(), url=None, credentials=self.creds, lp=self.lp) self.samdb = SamDB(url="ldap://%s" % self.server, session_info=system_session(), credentials=self.creds, lp=self.lp) # work out the source and destination GUIDs res = self.local_samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=["dsServiceName"]) self.ntds_dn = res[0]["dsServiceName"][0] res = self.local_samdb.search(base=self.ntds_dn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"]) self.ntds_guid = misc.GUID( self.samdb.schema_format_value("objectGUID", res[0]["objectGUID"][0])) source_dsa_invocation_id = misc.GUID(self.samdb.get_invocation_id()) dest_dsa_invocation_id = misc.GUID(self.local_samdb.get_invocation_id()) destination_dsa_guid = self.ntds_guid exop = drsuapi.DRSUAPI_EXOP_NONE if single_object: exop = drsuapi.DRSUAPI_EXOP_REPL_OBJ full_sync = True self.samdb.transaction_start() repl = drs_utils.drs_Replicate("ncacn_ip_tcp:%s[seal]" % self.server, self.lp, self.creds, self.local_samdb, dest_dsa_invocation_id) # Work out if we are an RODC, so that a forced local replicate # with the admin pw does not sync passwords rodc = self.local_samdb.am_rodc() try: (num_objects, num_links) = repl.replicate(NC, source_dsa_invocation_id, destination_dsa_guid, rodc=rodc, full_sync=full_sync, exop=exop, sync_forced=sync_forced) except Exception as e: raise CommandError("Error replicating DN %s" % NC, e) self.samdb.transaction_commit() if full_sync: self.message("Full Replication of all %d objects and %d links " "from %s to %s was successful." % (num_objects, num_links, SOURCE_DC, self.local_samdb.url)) else: self.message("Incremental replication of %d objects and %d links " "from %s to %s was successful." % (num_objects, num_links, SOURCE_DC, self.local_samdb.url))
def join_replicate(ctx): '''replicate the SAM''' print "Starting replication" ctx.local_samdb.transaction_start() try: source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id()) if ctx.ntds_guid is None: print("Using DS_BIND_GUID_W2K3") destination_dsa_guid = misc.GUID( drsuapi.DRSUAPI_DS_BIND_GUID_W2K3) else: destination_dsa_guid = ctx.ntds_guid if ctx.RODC: repl_creds = Credentials() repl_creds.guess(ctx.lp) repl_creds.set_kerberos_state(DONT_USE_KERBEROS) repl_creds.set_username(ctx.samname) repl_creds.set_password(ctx.acct_pass) else: repl_creds = ctx.creds binding_options = "seal" if int(ctx.lp.get("log level")) >= 5: binding_options += ",print" repl = drs_utils.drs_Replicate( "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options), ctx.lp, repl_creds, ctx.local_samdb) repl.replicate(ctx.schema_dn, source_dsa_invocation_id, destination_dsa_guid, schema=True, rodc=ctx.RODC, replica_flags=ctx.replica_flags) repl.replicate(ctx.config_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) if not ctx.subdomain: # Replicate first the critical object for the basedn if not ctx.domain_replica_flags & drsuapi.DRSUAPI_DRS_CRITICAL_ONLY: print "Replicating critical objects from the base DN of the domain" ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC else: ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_GET_ANC repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) if ctx.RODC: repl.replicate(ctx.acct_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) ctx.repl = repl ctx.source_dsa_invocation_id = source_dsa_invocation_id ctx.destination_dsa_guid = destination_dsa_guid print "Committing SAM database" except: ctx.local_samdb.transaction_cancel() raise else: ctx.local_samdb.transaction_commit()
def join_replicate(ctx): """Replicate the SAM.""" print "Starting replication" ctx.local_samdb.transaction_start() try: source_dsa_invocation_id = misc.GUID(ctx.samdb.get_invocation_id()) if ctx.ntds_guid is None: print("Using DS_BIND_GUID_W2K3") destination_dsa_guid = misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID_W2K3) else: destination_dsa_guid = ctx.ntds_guid if ctx.RODC: repl_creds = Credentials() repl_creds.guess(ctx.lp) repl_creds.set_kerberos_state(DONT_USE_KERBEROS) repl_creds.set_username(ctx.samname) repl_creds.set_password(ctx.acct_pass) else: repl_creds = ctx.creds binding_options = "seal" if int(ctx.lp.get("log level")) >= 5: binding_options += ",print" repl = drs_utils.drs_Replicate( "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options), ctx.lp, repl_creds, ctx.local_samdb) repl.replicate(ctx.schema_dn, source_dsa_invocation_id, destination_dsa_guid, schema=True, rodc=ctx.RODC, replica_flags=ctx.replica_flags) repl.replicate(ctx.config_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) if not ctx.subdomain: # Replicate first the critical object for the basedn if not ctx.domain_replica_flags & drsuapi.DRSUAPI_DRS_CRITICAL_ONLY: print "Replicating critical objects from the base DN of the domain" ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC else: ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_GET_ANC repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) print "Done with always replicated NC (base, config, schema)" for nc in (ctx.domaindns_zone, ctx.forestdns_zone): if nc in ctx.nc_list: print "Replicating %s" % (str(nc)) repl.replicate(nc, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) if 'DC=ForestDnsZones,%s' % ctx.root_dn in ctx.nc_list: repl.replicate('DC=ForestDnsZones,%s' % ctx.root_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.replica_flags) # FIXME At this point we should add an entry in the forestdns and domaindns NC # (those under CN=Partions,DC=...) # in order to indicate that we hold a replica for this NC if ctx.RODC: repl.replicate(ctx.acct_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id, destination_dsa_guid, exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) ctx.repl = repl ctx.source_dsa_invocation_id = source_dsa_invocation_id ctx.destination_dsa_guid = destination_dsa_guid print "Committing SAM database" except: ctx.local_samdb.transaction_cancel() raise else: ctx.local_samdb.transaction_commit()