samba.provision : API documentation

def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp):

Get key provision parameters (realm, domain, ...) from a given provision

Parameters	samdb	An LDB object connected to the sam.ldb file
	secretsdb	An LDB object connected to the secrets.ldb file
	idmapdb	An LDB object connected to the idmap.ldb file
	paths	A list of path to provision object
	smbconf	Path to the smb.conf file
	lp	A LoadParm object
Returns	A list of key provision parameters

def update_provision_usn(samdb, low, high, id, replace=False):

Update the field provisionUSN in sam.ldb

This field is used to track range of USN modified by provision and upgradeprovision. This value is used afterward by next provision to figure out if the field have been modified since last provision.

Parameters	samdb	An LDB object connect to sam.ldb
	low	The lowest USN modified by this upgrade
	high	The highest USN modified by this upgrade
	id	The invocation id of the samba's dc
	replace	A boolean indicating if the range should replace any existing one or appended (default)

def set_provision_usn(samdb, low, high, id):

Set the field provisionUSN in sam.ldb This field is used to track range of USN modified by provision and upgradeprovision. This value is used afterward by next provision to figure out if the field have been modified since last provision.

Parameters	samdb	An LDB object connect to sam.ldb
	low	The lowest USN modified by this upgrade
	high	The highest USN modified by this upgrade
	id	The invocationId of the provision

def get_max_usn(samdb, basedn):

This function return the biggest USN present in the provision

Parameters	samdb	A LDB object pointing to the sam.ldb
	basedn	A string containing the base DN of the provision (ie. DC=foo, DC=bar)
Returns	The biggest USN in the provision

def get_last_provision_usn(sam):

Get USNs ranges modified by a provision or an upgradeprovision

Parameters	sam	An LDB object pointing to the sam.ldb
Returns	a dictionnary which keys are invocation id and values are an array of integer representing the different ranges

def check_install(lp, session_info, credentials):

Check whether the current install seems ok.

Parameters	lp	Loadparm context
	session_info	Session information
	credentials	Credentials

def findnss(nssfn, names):

Find a user or group from a list of possibilities.

Parameters	nssfn	NSS Function to try (should raise KeyError if not found)
	names	Names to check.
Returns	Value return by first names list.

def provision_paths_from_lp(lp, dnsdomain):

Set the default paths for provisioning.

Parameters	lp	Loadparm context.
	dnsdomain	DNS Domain name

def determine_netbios_name(hostname):

Determine a netbios name from a hostname.

def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None, serverrole=None, rootdn=None, domaindn=None, configdn=None, schemadn=None, serverdn=None, sitename=None):

Guess configuration settings to use.

def make_smbconf(smbconf, hostname, domain, realm, targetdir, serverrole=None, sid_generator=None, eadb=False, lp=None, server_services=None):

Create a new smb.conf file based on a couple of basic settings.

def setup_name_mappings(idmap, sid, root_uid, nobody_uid, users_gid, wheel_gid):

setup reasonable name mappings for sam names to unix names.

Parameters	samdb	SamDB object.
	idmap	IDmap db object.
	sid	The domain sid.
	domaindn	The domain DN.
	root_uid	uid of the UNIX root user.
	nobody_uid	uid of the UNIX nobody user.
	users_gid	gid of the UNIX users group.
	wheel_gid	gid of the UNIX wheel group.

def setup_samdb_partitions(samdb_path, logger, lp, session_info, provision_backend, names, schema, serverrole, erase=False):

Setup the partitions for the SAM database.

Alternatively, provision() may call this, and then populate the database.

Notes	This will wipe the Sam Database!
	This function always removes the local SAM LDB file. The erase parameter controls whether to erase the existing data, which may not be stored locally but in LDAP.

def secretsdb_self_join(secretsdb, domain, netbiosname, machinepass, domainsid=None, realm=None, dnsdomain=None, keytab_path=None, key_version_number=1, secure_channel_type=SEC_CHAN_WKSTA):

Add domain join-specific bits to a secrets database.

Parameters	secretsdb	Ldb Handle to the secrets database
	machinepass	Machine password

def setup_secretsdb(paths, session_info, backend_credentials, lp):

Setup the secrets database.

Parameters	path	Path to the secrets database.
	session_info	Session info.
	credentials	Credentials
	lp	Loadparm context
Returns	LDB handle for the created secrets database
Note	This function does not handle exceptions and transaction on purpose, it's up to the caller to do this job.

def setup_privileges(path, session_info, lp):

Setup the privileges database.

Parameters	path	Path to the privileges database.
	session_info	Session info.
	credentials	Credentials
	lp	Loadparm context
Returns	LDB handle for the created secrets database

def setup_registry(path, session_info, lp):

Setup the registry.

Parameters	path	Path to the registry database
	session_info	Session information
	credentials	Credentials
	lp	Loadparm context

def setup_idmapdb(path, session_info, lp):

Setup the idmap database.

Parameters	path	path to the idmap database
	session_info	Session information
	credentials	Credentials
	lp	Loadparm context

def setup_samdb_rootdse(samdb, names):

Setup the SamDB rootdse.

Parameters samdb Sam Database handle

def setup_self_join(samdb, admin_session_info, names, fill, machinepass, dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc, domainControllerFunctionality, ntdsguid=None, dc_rid=None):

Join a host to its own domain.

def getpolicypath(sysvolpath, dnsdomain, guid):

Return the physical path of policy given its guid.

Parameters	sysvolpath	Path to the sysvol folder
	dnsdomain	DNS name of the AD domain
	guid	The GUID of the policy
Returns	A string with the complete path to the policy folder

def create_gpo_struct(policy_path):

Undocumented

def create_default_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):

Create the default GPO for a domain

Parameters	sysvolpath	Physical path for the sysvol folder
	dnsdomain	DNS domain name of the AD domain
	policyguid	GUID of the default domain policy
	policyguid_dc	GUID of the default domain controler policy

def setup_samdb(path, session_info, provision_backend, lp, names, logger, fill, serverrole, schema, am_rodc=False):

Setup a complete SAM Database.

Note This will wipe the main SAM database file!

def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, policyguid_dc, fill, adminpass, krbtgtpass, machinepass, invocationid, dnspass, ntdsguid, serverrole, am_rodc=False, dom_for_fun_level=None, schema=None, next_rid=None, dc_rid=None):

Undocumented

def set_dir_acl(path, acl, lp, domsid):

Undocumented

def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp):

Set ACL on the sysvol/<dnsname>/Policies folder and the policy folders beneath.

Parameters	sysvol	Physical path for the sysvol folder
	dnsdomain	The DNS name of the domain
	domainsid	The SID of the domain
	domaindn	The DN of the domain (ie. DC=...)
	samdb	An LDB object on the SAM db
	lp	an LP object

def setsysvolacl(samdb, netlogon, sysvol, gid, domainsid, dnsdomain, domaindn, lp):

Set the ACL for the sysvol share and the subfolders

Parameters	samdb	An LDB object on the SAM db
	netlogon	Physical path for the netlogon folder
	sysvol	Physical path for the sysvol folder
	gid	The GID of the "Domain adminstrators" group
	domainsid	The SID of the domain
	dnsdomain	The DNS name of the domain
	domaindn	The DN of the domain (ie. DC=...)

def interface_ips_v4(lp):

return only IPv4 IPs

def interface_ips_v6(lp, linklocal=False):

return only IPv6 IPs

def provision_fill(samdb, secrets_ldb, logger, names, paths, domainsid, schema=None, targetdir=None, samdb_fill=FILL_FULL, hostip=None, hostip6=None, next_rid=1000, dc_rid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, machinepass=None, ntdsguid=None, dns_backend=None, dnspass=None, serverrole=None, dom_for_fun_level=None, am_rodc=False, lp=None):

Undocumented

def sanitize_server_role(role):

Sanitize a server role name.

Parameters	role	Server role
Returns	Sanitized server role (one of "member server", "domain controller", "standalone")
Raises	ValueError	If the role can not be interpreted

def provision(logger, session_info, credentials, smbconf=None, targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None, next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, dns_backend=None, dnspass=None, invocationid=None, machinepass=None, ntdsguid=None, root=None, nobody=None, users=None, wheel=None, backup=None, aci=None, serverrole=None, dom_for_fun_level=None, backend_type=None, sitename=None, ol_mmr_urls=None, ol_olc=None, slapd_path=None, useeadb=False, am_rodc=False, lp=None):

Provision samba4

Note caution, this wipes all existing data!

def provision_become_dc(smbconf=None, targetdir=None, realm=None, rootdn=None, domaindn=None, schemadn=None, configdn=None, serverdn=None, domain=None, hostname=None, domainsid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, machinepass=None, dnspass=None, dns_backend=None, root=None, nobody=None, users=None, wheel=None, backup=None, serverrole=None, ldap_backend=None, ldap_backend_type=None, sitename=None, debuglevel=1):

Undocumented

def create_phpldapadmin_config(path, ldapi_uri):

Create a PHP LDAP admin configuration file.

Parameters path Path to write the configuration to.

def create_krb5_conf(path, dnsdomain, hostname, realm):

Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration).

Parameters	path	Path of the new named.conf file.
	dnsdomain	DNS Domain name
	hostname	Local hostname
	realm	Realm name

Module	backend	Functions for setting up a Samba configuration (LDB and LDAP backends).
Module	common	Functions for setting up a Samba configuration.
Module	descriptor	Functions for setting up a Samba configuration (security descriptors).
Module	sambadns	DNS-related provisioning

Class	InvalidNetbiosName	A specified name was not a valid NetBIOS name.
Class	MissingShareError	Undocumented
Class	ProvisionNames	Undocumented
Class	ProvisionPaths	Undocumented
Class	ProvisionResult	Result of a provision.
Class	ProvisioningError	A generic provision error.
Function	check_install	Check whether the current install seems ok.
Function	create_default_gpo	Create the default GPO for a domain
Function	create_gpo_struct	Undocumented
Function	create_krb5_conf	Write out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration).
Function	create_phpldapadmin_config	Create a PHP LDAP admin configuration file.
Function	determine_netbios_name	Determine a netbios name from a hostname.
Function	fill_samdb	Undocumented
Function	find_provision_key_parameters	Get key provision parameters (realm, domain, ...) from a given provision
Function	findnss	Find a user or group from a list of possibilities.
Function	get_last_provision_usn	Get USNs ranges modified by a provision or an upgradeprovision
Function	get_max_usn	This function return the biggest USN present in the provision
Function	getpolicypath	Return the physical path of policy given its guid.
Function	guess_names	Guess configuration settings to use.
Function	interface_ips_v4	return only IPv4 IPs
Function	interface_ips_v6	return only IPv6 IPs
Function	make_smbconf	Create a new smb.conf file based on a couple of basic settings.
Function	provision	Provision samba4
Function	provision_become_dc	Undocumented
Function	provision_fill	Undocumented
Function	provision_paths_from_lp	Set the default paths for provisioning.
Function	sanitize_server_role	Sanitize a server role name.
Function	secretsdb_self_join	Add domain join-specific bits to a secrets database.
Function	set_dir_acl	Undocumented
Function	set_gpos_acl	Set ACL on the sysvol/<dnsname>/Policies folder and the policy folders beneath.
Function	set_provision_usn	No summary
Function	setsysvolacl	Set the ACL for the sysvol share and the subfolders
Function	setup_idmapdb	Setup the idmap database.
Function	setup_name_mappings	setup reasonable name mappings for sam names to unix names.
Function	setup_privileges	Setup the privileges database.
Function	setup_registry	Setup the registry.
Function	setup_samdb	Setup a complete SAM Database.
Function	setup_samdb_partitions	Setup the partitions for the SAM database.
Function	setup_samdb_rootdse	Setup the SamDB rootdse.
Function	setup_secretsdb	Setup the secrets database.
Function	setup_self_join	Join a host to its own domain.
Function	update_provision_usn	Update the field provisionUSN in sam.ldb

s.provision : package documentation