IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 18:01:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

Restart KDC after installing trust support to allow MS PAC generation

Browse Source 
Also make sure all exceptions are captured when creating CIFS service
record. The one we care about is duplicate entry and we do nothing
in that case anyway.

Also make uniform use of action descriptors.
This commit is contained in:
Alexander Bokovoy 2012-03-27 13:06:33 +03:00 committed by Martin Kosek
parent 6950629465
commit ae2d5edd1a
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ipaserver/install/adtrustinstance.py
View File

@ -32,6 +32,7 @@ from ipalib import errors, api
from ipapython import sysrestore from ipapython import sysrestore
from ipapython import ipautil from ipapython import ipautil
from ipapython.ipa_log_manager import * from ipapython.ipa_log_manager import *
from ipapython import services as ipaservices
import string import string
import struct import struct
@ -285,7 +286,7 @@ class ADTRUSTInstance(service.Service):
try: try:
api.Command.service_add(unicode(cifs_principal)) api.Command.service_add(unicode(cifs_principal))
except errors.DuplicateEntry, e: except Exception, e:
# CIFS principal already exists, it is not the first time adtrustinstance is managed # CIFS principal already exists, it is not the first time adtrustinstance is managed
# That's fine, we we'll re-extract the key again. # That's fine, we we'll re-extract the key again.
pass pass
@ -369,6 +370,12 @@ class ADTRUSTInstance(service.Service):
except: except:
pass pass
def __restart_kdc(self):
try:
ipaservices.knownservices.krb5kdc.restart()
except:
pass
def __enable(self): def __enable(self):
self.backup_state("enabled", self.is_enabled()) self.backup_state("enabled", self.is_enabled())
# We do not let the system start IPA components on its own, # We do not let the system start IPA components on its own,
@ -418,20 +425,22 @@ class ADTRUSTInstance(service.Service):
self.ldap_connect() self.ldap_connect()
self.step("stopping smbd", self.__stop) self.step("stopping smbd", self.__stop)
self.step("create samba user", self.__create_samba_user) self.step("creating samba user", self.__create_samba_user)
self.step("create samba domain object", \ self.step("creating samba domain object", \
self.__create_samba_domain_object) self.__create_samba_domain_object)
self.step("create samba config registry", self.__write_smb_registry) self.step("creating samba config registry", self.__write_smb_registry)
self.step("writing samba config file", self.__write_smb_conf) self.step("writing samba config file", self.__write_smb_conf)
self.step("setting password for the samba user", \ self.step("setting password for the samba user", \
self.__set_smb_ldap_password) self.__set_smb_ldap_password)
self.step("Adding cifs Kerberos principal", self.__setup_principal) self.step("adding cifs Kerberos principal", self.__setup_principal)
self.step("Adding admin(group) SIDs", self.__add_admin_sids) self.step("adding admin(group) SIDs", self.__add_admin_sids)
self.step("Activation CLDAP plugin", self.__add_cldap_module) self.step("activating CLDAP plugin", self.__add_cldap_module)
self.step("configuring smbd to start on boot", self.__enable) self.step("configuring smbd to start on boot", self.__enable)
if not self.no_msdcs: if not self.no_msdcs:
self.step("adding special DNS service records", \ self.step("adding special DNS service records", \
self.__add_dns_service_records) self.__add_dns_service_records)
self.step("restarting KDC to take MS PAC changes into account", \
self.__restart_kdc)
self.step("starting smbd", self.__start) self.step("starting smbd", self.__start)
self.start_creation("Configuring smbd:") self.start_creation("Configuring smbd:")