Restart KDC after installing trust support to allow MS PAC generation

Also make sure all exceptions are captured when creating CIFS service record. The one we care about is duplicate entry and we do nothing in that case anyway. Also make uniform use of action descriptors.
2024-12-28 01:41:14 -06:00 · 2012-03-27 13:06:33 +03:00 · 2012-03-27 13:06:33 +03:00 · ae2d5edd1a
commit ae2d5edd1a
parent 6950629465
1 changed files with 16 additions and 7 deletions
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@ -32,6 +32,7 @@ from ipalib import errors, api
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython.ipa_log_manager import *
+from ipapython import services as ipaservices

 import string
 import struct
@ -285,7 +286,7 @@ class ADTRUSTInstance(service.Service):

        try:
            api.Command.service_add(unicode(cifs_principal))
-        except errors.DuplicateEntry, e:
+        except Exception, e:
            # CIFS principal already exists, it is not the first time adtrustinstance is managed
            # That's fine, we we'll re-extract the key again.
            pass
@ -369,6 +370,12 @@ class ADTRUSTInstance(service.Service):
        except:
            pass

+    def __restart_kdc(self):
+        try:
+            ipaservices.knownservices.krb5kdc.restart()
+        except:
+            pass
+
    def __enable(self):
        self.backup_state("enabled", self.is_enabled())
        # We do not let the system start IPA components on its own,
@ -418,20 +425,22 @@ class ADTRUSTInstance(service.Service):
        self.ldap_connect()

        self.step("stopping smbd", self.__stop)
-        self.step("create samba user", self.__create_samba_user)
-        self.step("create samba domain object", \
+        self.step("creating samba user", self.__create_samba_user)
+        self.step("creating samba domain object", \
                  self.__create_samba_domain_object)
-        self.step("create samba config registry", self.__write_smb_registry)
+        self.step("creating samba config registry", self.__write_smb_registry)
        self.step("writing samba config file", self.__write_smb_conf)
        self.step("setting password for the samba user", \
                  self.__set_smb_ldap_password)
-        self.step("Adding cifs Kerberos principal", self.__setup_principal)
-        self.step("Adding admin(group) SIDs", self.__add_admin_sids)
-        self.step("Activation CLDAP plugin", self.__add_cldap_module)
+        self.step("adding cifs Kerberos principal", self.__setup_principal)
+        self.step("adding admin(group) SIDs", self.__add_admin_sids)
+        self.step("activating CLDAP plugin", self.__add_cldap_module)
        self.step("configuring smbd to start on boot", self.__enable)
        if not self.no_msdcs:
            self.step("adding special DNS service records", \
                      self.__add_dns_service_records)
+        self.step("restarting KDC to take MS PAC changes into account", \
+                  self.__restart_kdc)
        self.step("starting smbd", self.__start)

        self.start_creation("Configuring smbd:")