Hi, On 26.08.2011 12:39, Sumit Bose wrote: > Hi, > > with this patch an initial samba configuration for the AD trust feature > can be created by calling ipa-adtrust-install. Please be aware that you > will need a samba/master build to start smbd with the created > configuration, because only here all the needed features are available. > Günther is working on a spec file so that we can include a samba package > in the IPA development repository > (https://fedorahosted.org/freeipa/ticket/1610).
> +def parse_options(): > + parser = IPAOptionParser(version=version.VERSION) > + parser.add_option("-p", "--ds-password", dest="dm_password", > + sensitive=True, help="admin password") If this is the only password you need, then make it --password. And it is Directory Manager's account password, right? Would be nice to change help to be more explicit. > + parser.add_option("--ip-address", dest="ip_address", > + type="ip", ip_local=True, help="Master Server IP > Address") > +def main(): > + safe_options, options = parse_options() > + > + if os.getegid() != 0: > + sys.exit("Must be root to setup AD trusts on server") > + > + installutils.check_server_configuration() > + > + standard_logging_setup("/var/log/ipaserver-install.log", options.debug, > filemode='a') > + print "\nThe log file for this installation can be found in > /var/log/ipaserver-install.log" > + > + logging.debug('%s was invoked with options: %s' % (sys.argv, > safe_options)) > + logging.debug("missing options might be asked for interactively later\n") > + > + global fstore > + fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') > + > + print > "==============================================================================" > + print "This program will setup components neede to establish trust to AD > domains for" Typo: "neede_d_" > + # Check we have a public IP that is associated with the hostname > + if options.ip_address: > + ip = options.ip_address I would also run options.ip_address through ipautil.CheckedIPAddress() to make sure it is correct and is one of local addresses. > + else: > + hostaddr = resolve_host(api.env.host) > + try: > + ip = hostaddr and ipautil.CheckedIPAddress(hostaddr, > match_local=True) > + except Exception, e: > + print "Error: Invalid IP Address %s: %s" % (ip, e) > + ip = None > + > + if not ip: > + if options.unattended: > + sys.exit("Unable to resolve IP address for host name") > + else: > + ip = read_ip_address(api.env.host, fstore) > + ip_address = str(ip) > + logging.debug("will use ip_address: %s\n", ip_address) And same here. You don't really want to blindly believe into what's entered. > + print "\tAdditionally you have to make sure the FreeIPA LDAP server > cannot reached" > + print "\tby any domain controller in the Active Directory domain by > closing the" > + print "\tfollowing ports for these servers:" > + print "\t\tTCP Ports:" > + print "\t\t * 389, 636: LDAP/LDAPS" > + print "\t\tUDP Ports:" > + print "\t\t * 389: (C)LDAP" > + print "\tYou may want to choose to REJECT the packages instead of > DROPing them to" s/packages/network packets/ > diff --git a/ipaserver/install/smbinstance.py > b/ipaserver/install/smbinstance.py > new file mode 100644 The code in smbinstance.py assumes Samba has been compiled with /etc/ipa/smb.conf as default configuration file location. Is that correct? -- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel