[Freeipa-devel] [PATCH] 89 ipa-adtrust-install: allow to reset te NetBIOS domain name

Tue, 30 Oct 2012 04:17:55 -0700 

Hi,

this patch allows ipa-adtrust-install to reset the NetBIOS domain name
and fixes https://fedorahosted.org/freeipa/ticket/3192 .

bye,
Sumit

From c535204b6e07a8a661f5f1e445ee655dc9f84440 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Mon, 29 Oct 2012 21:43:56 +0100
Subject: [PATCH] ipa-adtrust-install: allow to reset te NetBIOS domain name

Fixes https://fedorahosted.org/freeipa/ticket/3192
---
 install/tools/ipa-adtrust-install       | 39 ++++++++++++++++++++++++++++++++-
 install/tools/man/ipa-adtrust-install.1 |  6 ++++-
 ipaserver/install/adtrustinstance.py    | 24 +++++++++++++++++---
 3 Dateien geändert, 64 Zeilen hinzugefügt(+), 5 Zeilen entfernt(-)

diff --git a/install/tools/ipa-adtrust-install 
b/install/tools/ipa-adtrust-install
index 
52179038e84a08ea6abb3ee26d8e668efe0a2b13..fbb4a3e9c49fa4565e844304e41ba490d9d15521
 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -25,6 +25,7 @@ from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import adtrustinstance
 from ipaserver.install.installutils import *
 from ipaserver.install import service
+from ipaserver import ipaldap
 from ipapython import version
 from ipapython import ipautil, sysrestore
 from ipalib import api, errors, util
@@ -197,9 +198,44 @@ def main():
         print "Please wait until the prompt is returned."
         print ""
 
+    reset_netbios_name = False
     netbios_name = options.netbios_name
     if not netbios_name:
         netbios_name = adtrustinstance.make_netbios_name(api.env.domain)
+    else:
+        try:
+            conn = ipaldap.IPAdmin(ldapi=True, realm=api.env.realm)
+            conn.do_sasl_gssapi_bind()
+        except ldap.SERVER_DOWN:
+            raise RuntimeError('Local LDAP server is not responding. '
+                               'Is IPA installed?')
+
+        try:
+            entry = conn.getEntry(DN(('cn', api.env.domain),
+                                  api.env.container_cifsdomains,
+                                  ipautil.realm_to_suffix(api.env.realm)),
+                                  ldap.SCOPE_BASE)
+            cur_netbios_name = entry.getValue('ipaNTFlatName')
+            if cur_netbios_name and cur_netbios_name != netbios_name:
+                print "Current NetBIOS domain name is %s new name is %s.\n" % \
+                      (cur_netbios_name, netbios_name)
+                print "Please note that changing the NetBIOS name might " \
+                      "break existing trust relationships."
+                if options.unattended:
+                    reset_netbios_name = True
+                    print "NetBIOS domain name will be changes to %s.\n" % \
+                          netbios_name
+                else:
+                    print "Say 'yes' if the NetBIOS shall be changed and " \
+                          "'no' if the old one shall be kept."
+                    reset_netbios_name = ipautil.user_input(
+                                    'Do you want to reset the NetBIOS domain 
name?',
+                                    default = False, allow_empty = False)
+                if not reset_netbios_name:
+                    netbios_name = cur_netbios_name
+
+        except errors.NotFound:
+            reset_netbios_name = False
 
     if not adtrustinstance.check_netbios_name(netbios_name):
         if options.unattended:
@@ -252,7 +288,8 @@ def main():
     smb.realm = api.env.realm
     smb.autobind = service.ENABLED
     smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
-              netbios_name, options.rid_base, options.secondary_rid_base,
+              netbios_name, reset_netbios_name,
+              options.rid_base, options.secondary_rid_base,
               options.no_msdcs, options.add_sids)
     smb.find_local_id_range()
     smb.create_instance()
diff --git a/install/tools/man/ipa-adtrust-install.1 
b/install/tools/man/ipa-adtrust-install.1
index 
9204b7d5fde7493a4c268eb71693e86a63a1b4b7..38957f3a486ec4d3108e7ccdc955880dc65a3873
 100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -42,7 +42,11 @@ Enable debug logging when more verbose output is needed
 The IP address of the IPA server. If not provided then this is determined 
based on the hostname of the server.
 .TP
 \fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR
-The NetBIOS name for the IPA domain. If not provided then this is determined 
based on the leading component of the DNS domain name.
+The NetBIOS name for the IPA domain. If not provided then this is determined
+based on the leading component of the DNS domain name. Running
+ipa\-adtrust\-install for a second time with a different NetBIOS name will
+change the name. Please note that changing the NetBIOS name might break
+existing trust relationships to other domains.
 .TP
 \fB\-\-no\-msdcs\fR
 Do not create DNS service records for Windows in managed DNS server. Since 
those
diff --git a/ipaserver/install/adtrustinstance.py 
b/ipaserver/install/adtrustinstance.py
index 
c27fac99cf624ca6460ce84e76be52db38f11a5b..16f2136a6485e6915fd5de2000e6a378d03b44aa
 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -115,6 +115,7 @@ class ADTRUSTInstance(service.Service):
         self.realm = None
         self.domain_name = None
         self.netbios_name = None
+        self.reset_netbios_name = None
         self.no_msdcs = None
         self.add_sids = None
         self.smbd_user = None
@@ -295,11 +296,27 @@ class ADTRUSTInstance(service.Service):
                                  "define it and run again.")
             raise e
 
+    def __reset_netbios_name(self):
+        """
+        Set the NetBIOS domain name to a new value.
+        """
+        self.print_msg("Reset NetBIOS domain name")
+
+        try:
+            self.admin_conn.modify_s(self.smb_dom_dn,
+                                     [(ldap.MOD_REPLACE, self.ATTR_FLAT_NAME,
+                                       self.netbios_name)])
+        except ldap.LDAPError:
+            self.print_msg("Failed to reset the NetBIOS domain name")
+
     def __create_samba_domain_object(self):
 
         try:
             self.admin_conn.getEntry(self.smb_dom_dn, ldap.SCOPE_BASE)
-            root_logger.info("Samba domain object already exists")
+            if self.reset_netbios_name:
+                self.__reset_netbios_name()
+            else :
+                self.print_msg("Samba domain object already exists")
             return
         except errors.NotFound:
             pass
@@ -653,13 +670,14 @@ class ADTRUSTInstance(service.Service):
                              FQDN = self.fqdn)
 
     def setup(self, fqdn, ip_address, realm_name, domain_name, netbios_name,
-              rid_base, secondary_rid_base, no_msdcs=False, add_sids=False,
-              smbd_user="samba"):
+              reset_netbios_name, rid_base, secondary_rid_base,
+              no_msdcs=False, add_sids=False, smbd_user="samba"):
         self.fqdn = fqdn
         self.ip_address = ip_address
         self.realm = realm_name
         self.domain_name = domain_name
         self.netbios_name = netbios_name
+        self.reset_netbios_name = reset_netbios_name
         self.rid_base = rid_base
         self.secondary_rid_base = secondary_rid_base
         self.no_msdcs = no_msdcs
-- 
1.7.11.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to