diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-05-10 15:24:23 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-16 23:29:32 +0000 |
| commit | f94f174db452015c3032e725e13f485bd51413dc (patch) | |
| tree | 1b732b95769b927c4db23b8c00b9db31b9541677 | |
| parent | 5d5fd0129ac19258d15a452756f0d3647dbe1e34 (diff) | |
| download | samba-f94f174db452015c3032e725e13f485bd51413dc.tar.gz | |
samba-tool domain provision: Use "ad dc functional level" to control max functional level
This allows the DC to self-declare a higher level and so allow a 2016
domain to be created, for testing and controlled implementation purposes.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
| -rw-r--r-- | python/samba/netcmd/domain/provision.py | 4 | ||||
| -rw-r--r-- | python/samba/provision/__init__.py | 8 |
2 files changed, 7 insertions, 5 deletions
diff --git a/python/samba/netcmd/domain/provision.py b/python/samba/netcmd/domain/provision.py index 2e7fca9c0c9..9287ddb1051 100644 --- a/python/samba/netcmd/domain/provision.py +++ b/python/samba/netcmd/domain/provision.py @@ -105,8 +105,8 @@ class cmd_domain_provision(Command): help="The server role (domain controller | dc | member server | member | standalone). Default is dc.", default="domain controller"), Option("--function-level", type="choice", metavar="FOR-FUN-LEVEL", - choices=["2000", "2003", "2008", "2008_R2"], - help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2008_R2 Native.", + choices=["2000", "2003", "2008", "2008_R2", "2016"], + help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native | 2016). Default is (Windows) 2008_R2 Native.", default="2008_R2"), Option("--base-schema", type="choice", metavar="BASE-SCHEMA", choices=["2008_R2", "2008_R2_old", "2012", "2012_R2", "2016", "2019"], diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 8cb7e5554a0..f0898caa3db 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -126,6 +126,7 @@ from samba.samdb import SamDB from samba.dbchecker import dbcheck from samba.provision.kerberos import create_kdc_conf from samba.samdb import get_default_backend_store +from samba import functional_level DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9" DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9" @@ -1353,15 +1354,16 @@ def fill_samdb(samdb, lp, names, logger, policyguid, 1000, 1000000000, 1000) raise ProvisioningError(error) + domainControllerFunctionality = functional_level.dc_level_from_lp(lp) + # ATTENTION: Do NOT change these default values without discussion with the # team and/or release manager. They have a big impact on the whole program! - domainControllerFunctionality = DS_DOMAIN_FUNCTION_2008_R2 - if dom_for_fun_level is None: dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2 if dom_for_fun_level > domainControllerFunctionality: - raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008_R2). This won't work!") + level = functional_level.level_to_string(domainControllerFunctionality) + raise ProvisioningError(f"You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level ({level}). This won't work!") domainFunctionality = dom_for_fun_level forestFunctionality = dom_for_fun_level |