def add_activedirectory_conf(client, smb4_conf):
try:
ad = Struct(
client.call('datastore.query', 'directoryservice.ActiveDirectory',
None, {'get': True}))
ad.ds_type = 1 # FIXME: DS_TYPE_ACTIVEDIRECTORY = 1
except:
return
try:
os.makedirs(cachedir)
os.chmod(cachedir, 0o755)
except:
pass
ad_workgroup = None
try:
fad = Struct(client.call('notifier.directoryservice', 'AD'))
ad_workgroup = fad.netbiosname.upper()
except:
return
confset2(smb4_conf, "workgroup = %s", ad_workgroup)
confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper())
confset1(smb4_conf, "security = ADS")
confset1(smb4_conf, "client use spnego = yes")
confset1(smb4_conf, "local master = no")
confset1(smb4_conf, "domain master = no")
confset1(smb4_conf, "preferred master = no")
confset2(smb4_conf, "ads dns update = %s",
"yes" if ad.ad_allow_dns_updates else "no")
confset1(smb4_conf, "winbind cache time = 7200")
confset1(smb4_conf, "winbind offline logon = yes")
confset1(smb4_conf, "winbind enum users = yes")
confset1(smb4_conf, "winbind enum groups = yes")
confset1(smb4_conf, "winbind nested groups = yes")
confset2(smb4_conf, "winbind use default domain = %s",
"yes" if ad.ad_use_default_domain else "no")
confset1(smb4_conf, "winbind refresh tickets = yes")
if ad.ad_nss_info:
confset2(smb4_conf, "winbind nss info = %s", ad.ad_nss_info)
idmap = Struct(
client.call('notifier.ds_get_idmap_object', ad.ds_type, ad.id,
ad.ad_idmap_backend))
configure_idmap_backend(client, smb4_conf, idmap, ad_workgroup)
confset2(smb4_conf, "allow trusted domains = %s",
"yes" if ad.ad_allow_trusted_doms else "no")
confset2(smb4_conf, "client ldap sasl wrapping = %s",
ad.ad_ldap_sasl_wrapping)
confset1(smb4_conf, "template shell = /bin/sh")
cifs_homedir = "%s/%%D/%%U" % get_cifs_homedir(client)
confset2(smb4_conf, "template homedir = %s", cifs_homedir)
def add_activedirectory_conf(client, smb4_conf):
try:
ad = Struct(client.call('datastore.query', 'directoryservice.ActiveDirectory', None, {'get': True}))
ad.ds_type = 1 # FIXME: DS_TYPE_ACTIVEDIRECTORY = 1
except:
return
cachedir = "/var/tmp/.cache/.samba"
try:
os.makedirs(cachedir)
os.chmod(cachedir, 0755)
except:
pass
ad_workgroup = None
try:
fad = Struct(client.call('notifier.directoryservice', 'AD'))
ad_workgroup = fad.netbiosname.upper()
except:
return
confset2(smb4_conf, "workgroup = %s", ad_workgroup)
confset2(smb4_conf, "realm = %s", ad.ad_domainname.upper())
confset1(smb4_conf, "security = ADS")
confset1(smb4_conf, "client use spnego = yes")
confset2(smb4_conf, "cache directory = %s", cachedir)
confset1(smb4_conf, "local master = no")
confset1(smb4_conf, "domain master = no")
confset1(smb4_conf, "preferred master = no")
confset2(smb4_conf, "ads dns update = %s",
"yes" if ad.ad_allow_dns_updates else "no")
confset1(smb4_conf, "winbind cache time = 7200")
confset1(smb4_conf, "winbind offline logon = yes")
confset1(smb4_conf, "winbind enum users = yes")
confset1(smb4_conf, "winbind enum groups = yes")
confset1(smb4_conf, "winbind nested groups = yes")
confset2(smb4_conf, "winbind use default domain = %s",
"yes" if ad.ad_use_default_domain else "no")
confset1(smb4_conf, "winbind refresh tickets = yes")
if ad.ad_nss_info:
confset2(smb4_conf, "winbind nss info = %s", ad.ad_nss_info)
idmap = Struct(client.call('notifier.ds_get_idmap_object', ad.ds_type, ad.id, ad.ad_idmap_backend))
configure_idmap_backend(client, smb4_conf, idmap, ad_workgroup)
confset2(smb4_conf, "allow trusted domains = %s",
"yes" if ad.ad_allow_trusted_doms else "no")
confset2(smb4_conf, "client ldap sasl wrapping = %s",
ad.ad_ldap_sasl_wrapping)
confset1(smb4_conf, "template shell = /bin/sh")
confset2(smb4_conf, "template homedir = %s",
"/home/%D/%U" if not ad.ad_use_default_domain else "/home/%U")
def add_nt4_conf(client, smb4_conf):
# TODO: These are unused, will they be at some point?
# rid_range_start = 20000
# rid_range_end = 20000000
try:
nt4 = Struct(
client.call('datastore.query', 'directoryservice.nt4', None,
{'get': True}))
nt4.ds_type = 4 # FIXME: DS_TYPE_NT4 = 4
except:
return
dc_ip = None
try:
answers = resolver.query(nt4.nt4_dcname, 'A')
dc_ip = answers[0]
except Exception as e:
log.debug("resolver query for {0}'s A record failed with {1}".format(
nt4.nt4_dcname, e))
log_traceback(log=log)
dc_ip = nt4.nt4_dcname
nt4_workgroup = nt4.nt4_workgroup.upper()
with open("/usr/local/etc/lmhosts", "w") as f:
f.write("%s\t%s\n" % (dc_ip, nt4.nt4_dcname.upper()))
confset2(smb4_conf, "workgroup = %s", nt4_workgroup)
confset1(smb4_conf, "security = domain")
confset1(smb4_conf, "password server = *")
idmap = Struct(
client.call('notifier.ds_get_idmap_object', nt4.ds_type, nt4.id,
nt4.nt4_idmap_backend))
configure_idmap_backend(client, smb4_conf, idmap, nt4_workgroup)
confset1(smb4_conf, "winbind cache time = 7200")
confset1(smb4_conf, "winbind offline logon = yes")
confset1(smb4_conf, "winbind enum users = yes")
confset1(smb4_conf, "winbind enum groups = yes")
confset1(smb4_conf, "winbind nested groups = yes")
confset2(smb4_conf, "winbind use default domain = %s",
"yes" if nt4.nt4_use_default_domain else "no")
confset1(smb4_conf, "template shell = /bin/sh")
confset1(smb4_conf, "local master = no")
confset1(smb4_conf, "domain master = no")
confset1(smb4_conf, "preferred master = no")
def add_nt4_conf(client, smb4_conf):
# TODO: These are unused, will they be at some point?
# rid_range_start = 20000
# rid_range_end = 20000000
try:
nt4 = Struct(client.call('datastore.query', 'directoryservice.nt4', None, {'get': True}))
nt4.ds_type = 4 # FIXME: DS_TYPE_NT4 = 4
except:
return
dc_ip = None
try:
answers = resolver.query(nt4.nt4_dcname, 'A')
dc_ip = answers[0]
except Exception as e:
log.debug(
"resolver query for {0}'s A record failed with {1}".format(nt4.nt4_dcname, e)
)
log_traceback(log=log)
dc_ip = nt4.nt4_dcname
nt4_workgroup = nt4.nt4_workgroup.upper()
with open("/usr/local/etc/lmhosts", "w") as f:
f.write("%s\t%s\n" % (dc_ip, nt4.nt4_dcname.upper()))
confset2(smb4_conf, "workgroup = %s", nt4_workgroup)
confset1(smb4_conf, "security = domain")
confset1(smb4_conf, "password server = *")
idmap = Struct(client.call('notifier.ds_get_idmap_object', nt4.ds_type, nt4.id, nt4.nt4_idmap_backend))
configure_idmap_backend(client, smb4_conf, idmap, nt4_workgroup)
confset1(smb4_conf, "winbind cache time = 7200")
confset1(smb4_conf, "winbind offline logon = yes")
confset1(smb4_conf, "winbind enum users = yes")
confset1(smb4_conf, "winbind enum groups = yes")
confset1(smb4_conf, "winbind nested groups = yes")
confset2(
smb4_conf, "winbind use default domain = %s", "yes" if nt4.nt4_use_default_domain else "no"
)
confset1(smb4_conf, "template shell = /bin/sh")
confset1(smb4_conf, "local master = no")
confset1(smb4_conf, "domain master = no")
confset1(smb4_conf, "preferred master = no")
def set_idmap_rfc2307_secret(client):
try:
ad = Struct(client.call('datastore.query', 'directoryservice.ActiveDirectory', None, {'get': True}))
ad.ds_type = 1 # FIXME: DS_TYPE_ACTIVEDIRECTORY = 1
except:
return False
domain = None
# FIXME: ad ds_type, extend model
idmap = Struct(client.call('notifier.ds_get_idmap_object', ad.ds_type, ad.id, ad.ad_idmap_backend))
try:
fad = Struct(client.call('notifier.directoryservice', 'AD'))
domain = fad.netbiosname.upper()
except:
return False
args = [
"/usr/local/bin/net",
"-d 0",
"idmap",
"secret"
]
net_cmd = "%s '%s' '%s'" % (
' '.join(args),
domain,
idmap.idmap_rfc2307_ldap_user_dn_password
)
p = pipeopen(net_cmd, quiet=True)
net_out = p.communicate()
if net_out and net_out[0]:
for line in net_out[0].split('\n'):
if not line:
continue
print(line)
ret = True
if p.returncode != 0:
print("Failed to set idmap secret!", file=sys.stderr)
ret = False
return ret
def set_idmap_rfc2307_secret(client):
try:
ad = Struct(client.call('datastore.query', 'directoryservice.ActiveDirectory', None, {'get': True}))
ad.ds_type = 1 # FIXME: DS_TYPE_ACTIVEDIRECTORY = 1
except:
return False
domain = None
# FIXME: ad ds_type, extend model
idmap = Struct(client.call('notifier.ds_get_idmap_object', ad.ds_type, ad.id, ad.ad_idmap_backend))
try:
fad = Struct(client.call('notifier.directoryservice', 'AD'))
domain = fad.netbiosname.upper()
except:
return False
args = [
"/usr/local/bin/net",
"-d 0",
"idmap",
"secret"
]
net_cmd = "%s '%s' '%s'" % (
' '.join(args),
domain,
idmap.idmap_rfc2307_ldap_user_dn_password
)
p = pipeopen(net_cmd, quiet=True)
net_out = p.communicate()
if net_out and net_out[0]:
for line in net_out[0].split('\n'):
if not line:
continue
print(line)
ret = True
if p.returncode != 0:
print("Failed to set idmap secret!", file=sys.stderr)
ret = False
return ret
def add_ldap_conf(client, smb4_conf):
try:
ldap = Struct(client.call('datastore.query', 'directoryservice.LDAP', None, {'get': True}))
ldap.ds_type = 2 # FIXME: DS_TYPE_LDAP = 2
cifs = Struct(client.call('smb.config'))
except:
return
confset1(smb4_conf, "security = user")
confset1(
smb4_conf,
"passdb backend = ldapsam:%s://%s" % (
"ldaps" if ldap.ldap_ssl == 'on' else "ldap",
ldap.ldap_hostname
)
)
ldap_workgroup = cifs.workgroup.upper()
confset2(smb4_conf, "ldap admin dn = %s", ldap.ldap_binddn)
confset2(smb4_conf, "ldap suffix = %s", ldap.ldap_basedn)
confset2(smb4_conf, "ldap user suffix = %s", ldap.ldap_usersuffix)
confset2(smb4_conf, "ldap group suffix = %s", ldap.ldap_groupsuffix)
confset2(smb4_conf, "ldap machine suffix = %s", ldap.ldap_machinesuffix)
confset2(
smb4_conf,
"ldap ssl = %s",
"start tls" if (ldap.ldap_ssl == 'start_tls') else 'off'
)
confset1(smb4_conf, "ldap replication sleep = 1000")
confset1(smb4_conf, "ldap passwd sync = yes")
confset1(smb4_conf, "ldapsam:trusted = yes")
confset2(smb4_conf, "workgroup = %s", ldap_workgroup)
confset1(smb4_conf, "domain logons = yes")
idmap = Struct(client.call('notifier.ds_get_idmap_object', ldap.ds_type, ldap.id, ldap.ldap_idmap_backend))
configure_idmap_backend(client, smb4_conf, idmap, ldap_workgroup)
def add_ldap_conf(client, smb4_conf):
try:
ldap = Struct(client.call('datastore.query', 'directoryservice.LDAP', None, {'get': True}))
ldap.ds_type = 2 # FIXME: DS_TYPE_LDAP = 2
cifs = Struct(client.call('smb.config'))
except:
return
confset1(smb4_conf, "security = user")
confset1(
smb4_conf,
"passdb backend = ldapsam:%s://%s" % (
"ldaps" if ldap.ldap_ssl == 'on' else "ldap",
ldap.ldap_hostname
)
)
ldap_workgroup = cifs.workgroup.upper()
confset2(smb4_conf, "ldap admin dn = %s", ldap.ldap_binddn)
confset2(smb4_conf, "ldap suffix = %s", ldap.ldap_basedn)
confset2(smb4_conf, "ldap user suffix = %s", ldap.ldap_usersuffix)
confset2(smb4_conf, "ldap group suffix = %s", ldap.ldap_groupsuffix)
confset2(smb4_conf, "ldap machine suffix = %s", ldap.ldap_machinesuffix)
confset2(
smb4_conf,
"ldap ssl = %s",
"start tls" if (ldap.ldap_ssl == 'start_tls') else 'off'
)
confset1(smb4_conf, "ldap replication sleep = 1000")
confset1(smb4_conf, "ldap passwd sync = yes")
confset1(smb4_conf, "ldapsam:trusted = yes")
confset2(smb4_conf, "workgroup = %s", ldap_workgroup)
confset1(smb4_conf, "domain logons = yes")
idmap = Struct(client.call('notifier.ds_get_idmap_object', ldap.ds_type, ldap.id, ldap.ldap_idmap_backend))
configure_idmap_backend(client, smb4_conf, idmap, ldap_workgroup)