Vc@ssddljZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl m Z mZddlZddlmZmZmZddlmZddlmZddlmZmZmZddlmZdd lmZdd lm Z dd lm!Z!dd lm"Z"dd lm#Z#ddl$m%Z%m&Z&ddl'm(Z(m)Z)m*Z*m+Z+ddl,m-Z-ddl.m/Z/ddl.m0Z1ddl2m3Z3ddl4m5Z5m6Z6m7Z7m8Z8ddlm9Z9m:Z:ddl;m<Z<m=Z=m>Z>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEddlFmGZGmHZHddlImJZJmKZKmLZLdZMyddlNZWneOk rePZQnXde(fdYZQde(fdYZRde(fdYZSd e(fd!YZTd"e(fd#YZUd$e(fd%YZVd&e(fd'YZWd(e(fd)YZXd*e(fd+YZYd,eYfd-YZZd.ej[fd/YZ\d0e(fd1YZ]d2e]fd3YZ^d4e]fd5YZ_d6e]fd7YZ`d8e]fd9YZad:e]fd;YZbd<e]fd=YZcd>e*fd?YZdd@e*fdAYZedS(BiN(tgetpass(tNettLIBNET_JOIN_AUTOMATIC(t join_RODCtjoin_DCtjoin_subdomain(tsystem_session(tSamDB(t ndr_unpacktndr_packt ndr_print(tdrsuapi(tdrsblobs(tlsa(tnetlogon(tsecurity(tnbt(tDOMAIN_PASSWORD_COMPLEXtDOMAIN_PASSWORD_STORE_CLEARTEXT(tCommandt CommandErrort SuperCommandtOption(t!netcmd_get_domain_infos_via_cldap(tSamba3(tparam(tupgrade_from_samba3(tsendDsReplicaSynctdrsuapi_connectt drsExceptiontsendRemoveDsServer(tarcfour_encrypttstring_to_byte_array( tDS_DOMAIN_FUNCTION_2000tDS_DOMAIN_FUNCTION_2003tDS_DOMAIN_FUNCTION_2003_MIXEDtDS_DOMAIN_FUNCTION_2008tDS_DOMAIN_FUNCTION_2008_R2t$DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPLt#DS_NTDSDSA_OPT_DISABLE_INBOUND_REPLtUF_WORKSTATION_TRUST_ACCOUNTtUF_SERVER_TRUST_ACCOUNTtUF_TRUSTED_FOR_DELEGATION(t provisiontProvisioningError(t FILL_FULLt FILL_NT4SYNCtFILL_DRScCs5d|||f}tj|dj}|jS(Ns-%s -s -l --parameter-name='%s' %s 2>/dev/nulltr(tostpopentreadlinetstrip(ttestparmtsmbconftvarnametcmdtoutput((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytget_testparm_varWstcmd_domain_export_keytabcBsqeZdZdZiejd6ejd6ejd6Ze dddde gZ d gZ d d d d d ZRS( s/Dump Kerberos keys of the domain into a keytab.s%prog [options]t sambaoptstcredoptst versionoptss --principalthelpsextract only this principalttypetkeytabcCs5|j}td|}|jd|d|dS(NRAt principal(t get_loadparmRtNonet export_keytab(tselfRAR=R<R>RBtlptnet((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytrunrs N(t__name__t __module__t__doc__tsynopsistoptionst SambaOptionstCredentialsOptionstVersionOptionsttakes_optiongroupsRtstrt takes_optionst takes_argsRDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyR;as    tcmd_domain_infocBsYeZdZdZgZiejd6ejd6ejd6Z dgZ ddddZ RS(s?Print basic info about a domain and the DC passed as parameter.s%prog [options]R<R=R>taddresscCs|j}yt|d|}Wn%tk rItd|dnX|jjd|j|jjd|j|jjd|j |jjd|j |jjd|j |jjd|j |jjd |j dS( NsInvalid IP address 's'!sForest : %s sDomain : %s sNetbios domain : %s sDC name : %s sDC netbios name : %s sServer site : %s sClient site : %s (RCRRDt RuntimeErrorRtoutftwritetforestt dns_domaint domain_namet pdc_dns_nametpdc_namet server_sitet client_site(RFRWR=R<R>RGtres((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIs  N( RJRKRLRMRTRNRORPRQRRRURDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRVxs    tcmd_domain_provisionc(BseZdZdZiejd6ejd6Zeddddded d d d d ddedd d d dddedd d d dddedd d d dddedd d d dddedd d d dddedd d d dddedd d d d dd!ed"d d d d#dd$ed%d d d d&dd'ed(d d d d&dd)ed*d d d d&dd+ed,d d-d d.d/d0d1d2d3gdd4d5d0ed6d d d d&dd7ed8d d d d&dd9ed:d d d d;dd<ed=d d d d;dd>ed?d d d d@ddAedBddCddedDddddEedFd d-d dGddHd/dIdJgedKd d-d dLd/dMdNdOdPdQgddRd5dMedSd d-d dTd/dUdVdWdXgddYd5dXedZd d[d d\d5d]dd^ed_dd`ddedad d d dbddceddd d d deddfedgd d-d/dhdidjgddkd5djedlddddmednddddogZ edpddqddedrd d d dsddtedud d[d dvddwedxd d d dyddzed{dd|ddgZ e j d}didhkrhe j e ngZdddddddddddddddddddddddddddddddddddddddd~'ZdZRS(sProvision a domain.s%prog [options]R<R>s --interactiveR?s Ask for namestactiont store_trues--domainR@tstringtmetavartDOMAINs set domains --domain-guidtGUIDs!set domainguid (otherwise random)s --domain-sidtSIDs set domainsid (otherwise random)s --ntds-guids'set NTDS object GUID (otherwise random)s--invocationids#set invocationid (otherwise random)s --host-nametHOSTNAMEs set hostnames --host-ipt IPADDRESSsset IPv4 ipaddresss --host-ip6t IP6ADDRESSsset IPv6 ipaddresss--sitetSITENAMEs set site names --adminpasstPASSWORDs(choose admin password (otherwise random)s --krbtgtpasss)choose krbtgt password (otherwise random)s --machinepasss*choose machine password (otherwise random)s --dns-backendtchoicesNAMESERVER-BACKENDtchoicestSAMBA_INTERNALtBIND9_FLATFILEt BIND9_DLZtNONEsThe DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_FLATFILE uses bind9 text database to store zone information, BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (not recommended)tdefaults --dnspasss&choose dns password (otherwise random)s--ldapadminpasssMchoose password to set between Samba and it's LDAP backend (otherwise random)s--roottUSERNAMEschoose 'root' unix usernames--nobodyschoose 'nobody' users--userst GROUPNAMEschoose 'users' groups--quietsBe quiets--blanks.do not add users or groups, just the structures--ldap-backend-typesLDAP-BACKEND-TYPEs`Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USEs fedora-dstopenldaps --server-roletROLEsdomain controllertdcs member servertmembert standalones^The server role (domain controller | dc | member server | member | standalone). Default is dc.s--function-levels FOR-FUN-LEVELt2000t2003t2008t2008_R2syThe domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2008_R2 Native.s --next-ridtinttNEXTRIDisGThe initial nextRid value (only needed for upgrades). Default is 1000.s--partitions-onlysEConfigure Samba's partitions, but do not modify them (ie, join a BDC)s --targetdirtDIRsSet target directorys --ol-mmr-urlst LDAPSERVERsList of LDAP-URLS [ ldap://:/ (where has to be different than 389!) ] separated with comma (",") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: "ldap://s4dc1:9000,ldap://s4dc2:9000"s --use-xattrstyestnotautosDefine if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilitiess --use-ntvfss+Use NTVFS for the fileserver (default = no)s --use-rfc2307s/Use AD to store posix attributes (default = no)s--ldap-dryrun-modestConfigure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USEs --slapd-paths SLAPD-PATHsPath to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.s--ldap-backend-extra-portsLDAP-BACKEND-EXTRA-PORTsDAdditional TCP port for LDAP backend server (to use for replication)s--ldap-backend-forced-urisLDAP-BACKEND-FORCED-URIsForce the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAs--ldap-backend-nosyncsQConfigure LDAP backend not to call fsync() (for performance in test environments)t TEST_LDAPc(9QCsn|jd|_|r.|jjtjn|jjtj|j}(|(j})|dk rk|}*n!|j }*|*dkrd}*nt |j dkrt }n|r|ddl m }+ddl},dd}-y&|,jjdddj}.Wntk rd}.nX|-d|.}/|/dRkrBtd ny|/jdd }.Wntk rrd}.nX|-d |.}|dkrtd n|-dd}|-dd}|dSkrtdn|dkr|-d|*}|jdTkrd}*d}qnxt rx|+d}0|0sC|jjdq|+d}1|0|1ksn|jjdq|0} PqWnH|jjd}/|/dkrtd n|dkrtd n| s|jjdn|dkrt}2n?|dkrt}2n*|dkrt}2n|dkr1t}2n|dkrR|dkrR|*}nt}3|rgt}3n|rvt }3n|dk rt!j"j#|st!j$|qnt }4| dkrt%}4n| dkr|(jd  r|rt&j'd!t!j"j(|}5n3t&j'd!t!j"j(t!j"j)|(jd"}5zQy)t*j+j,|(|5j-d#d$d%t%}4Wn!t.k r|jjd&nXWd|5j/Xn|4r|jjd'n|d(kr|&dk r|jj0d)|&q|jjd*n|&dk r|jj0d+n|dk r2t1j2|}nt3}6yt4|j|6d,|)d-|d.|3d|/d/|d0|d1|d2| d3| d4| d5| d6|d7|d8| d9|d:|d;|d<|d=|d>|d?|d@|dA|dB|2dC|dD|dE|dF|!dG|4dH|dI|(dJ|"dK|#dLt%dM|%dN|&dO|$dP|'&}7Wn"t5k rY}8tdQ|8nX|7j6|jdS(UNR+tnoneii(RcSsD|dk rd||fGn d|fGtjjjdpC|S(Ns %s [%s]: s%s: s (RDtsyststdinR3trstrip(tpromptRv((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytask5s  t.tRealmts No realm set!itDomainsNo domain set!s$Server Role (dc, member, standalone)R{s=DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)RrsNo DNS backend set!s=DNS forwarder IP address (write 'none' to disable forwarding)sAdministrator password: s Invalid administrator password. sRetype password: sSorry, passwords do not match. trealms,Administrator password will be set randomly!R~RRRRRs posix:eadbtdirs private dirsO:S-1-5-32G:S-1-5-32sS-1-5-32tnativesXYou are not root or your system do not support xattr, using tdb backend for attributes. snot using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.texistingsrYou have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %ssYou have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default locationsYou have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much lessR6t targetdirt samdb_filltdomaint domainguidt domainsidthostnamethostipthostip6tsitenametntdsguidt invocationidt adminpasst krbtgtpasst machinepasst dns_backendt dns_forwardertdnspasstroottnobodytuserst serverroletdom_for_fun_levelt backend_typet ldapadminpasst ol_mmr_urlst slapd_pathtuseeadbtnext_ridRGt use_ntvfst use_rfc2307tskip_sysvolacltldap_backend_extra_porttldap_backend_forced_uritnosynctldap_dryrun_modesProvision failed(NR(NR(NR(7t get_loggertloggertsetLeveltloggingtWARNINGtINFORCt configfileRDt_get_nameserver_iptlentraw_argvtTrueRtsockettgetfqdntsplittuppert IndexErrorRtlowerterrfRZt_lptgettinfoR!R"R$R%R-R.R/R1tpathtisdirtmkdirtFalsettempfiletNamedTemporaryFiletabspathtdirnametsambatntaclstsetntacltnamet ExceptiontclosetwarnRtdom_sidRR+R,t report_logger(9RFR<R>t interactiveRt domain_guidt domain_sidt ntds_guidRt host_namethost_ipthost_ip6RtsiteRRRRRRRRRtquiettblanktldap_backend_typet server_roletfunction_levelRtpartitions_onlyRRt use_xattrsRRRtldap_backend_nosyncRRRRGR6tsuggested_forwarderRRRRvRtadminpassplaintadminpassverifyRRteadbtfiletsessiontresultte((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIs'          &                             !3                 cCsddlm}d}|j|s=|jjd|dSd}zJt|d}x4|D],}|jdswq\n|jj dSWWd|dk r|j nX|jjd|dS( s5Grab the nameserver IP address from /etc/resolv.conf.i(Rs/etc/resolv.confsFailed to locate %sR0t nameserverNsNo nameserver found in %s( R1RtisfileRtwarningRDtopent startswithR4RR(RFRt RESOLV_CONFthandletline((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs  N(RJRKRLRMRNRORQRRRRTtopenldap_optionsR1tgetenvtextendRURDRIR(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRcs     * tcmd_domain_dcpromocBs[eZdZdZiejd6ejd6ejd6Ze dddde e d dd de e d dd de e d dddde dde dddde ddddde dddddddddgdddde d dd!dde d"dd#ddg Z d$d%gZ d'd'd'd'd'd'd'ed'd'ed'eed&ZRS((s9Promote an existing domain member or NT4 PDC to an AD DC.s%%prog [DC|RODC] [options]R<R>R=s--serverR?s DC to joinR@s--sites site to joins --targetdirswhere to store provisions--domain-critical-onlys&only replicate critical domain objectsRdRes --machinepassRgRos*choose machine password (otherwise random)s --use-ntvfss+Use NTVFS for the fileserver (default = no)s --dns-backendRpsNAMESERVER-BACKENDRqRrRtRusThe DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (this DC will not be a DNS server)Rvs--quietsBe quiets --verboses Be verboseRsrole?cCs|j}|j|}t||d|j}|dkrHd}n|j}|rm|jtjn)|r|jtj n|jtj |j d}|dk r|j }n|dkr$t d|d|d|d|d|d |d |d |d | d | d| d| dt nt|dkrtd|d|d|d|d|d |d |d |d | d | d| d| dt ntd|dS(NtserversDefault-First-Site-Names netbios nametDCRtcredsRGRRt netbios_nameRtdomain_critical_onlyRRRtpromote_existingtRODCs-Invalid role '%s' (possible values: DC, RODC)(RCtget_credentialsRt ipaddressRDRRRtDEBUGRRRRRRRR(RFRtroleR<R=R>RRRR t parent_domainRRRRtverboseRGRRHRR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIs8      $   $ N(RJRKRLRMRNRORQRPRRRRSRTRURDRRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs8        tcmd_domain_joincBseZdZdZiejd6ejd6ejd6Ze dddde e d dd de e d dd de e d ddde e ddddde dde dddde ddddddde ddddde ddddddd d!d"gdd#d$d e d%dd&dde d'dd(ddg Z d)d*gZ d,d,d,d,d,d,d,ed,d,ed,d,eed+ZRS(-s9Join domain as either member or backup domain controller.s6%prog [DC|RODC|MEMBER|SUBDOMAIN] [options]R<R>R=s--serverR?s DC to joinR@s--sites site to joins --targetdirswhere to store provisions--parent-domains'parent domain to create subdomain unders--domain-critical-onlys&only replicate critical domain objectsRdRes --machinepassRgRos*choose machine password (otherwise random)s --adminpassRfsKchoose adminstrator password when joining as a subdomain (otherwise random)s --use-ntvfss+Use NTVFS for the fileserver (default = no)s --dns-backendRpsNAMESERVER-BACKENDRqRrRtRusThe DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (this DC will not be a DNS server)Rvs--quietsBe quiets --verboses Be verboseRsrole?cCs|j}|j|}t||d|j}|dkrHd}n|j}|rm|jtjn)|r|jtj n|jtj |j d}|dk r|j }n|dks|dkr|j ||td| \}}}|jjd||fn|dkrwtd|d|d |d |d |d |d |d|d| d| d| d| n(|dkrtd|d|d |d |d |d |d |d|d| d| d| d| n|dkr|s|jdn|j d}| dkr1dj|jdd} ntd|d|d |d |d|d| d |d |d|d|d| d| d| d|ntd|dS(NRsDefault-First-Site-Names netbios nametMEMBERRsJoined domain %s (%s) RRRRGRRRRR RRR t SUBDOMAINs,Administrator password will be set randomly!t workgroupRit dnsdomainRtnetbios_domainRs@Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)(RCR RR RDRRRRRRRRt join_memberRRRZRRRtjoinRRR(RFRRR<R=R>RRRR RRRRRRRRGRRHRRt join_passwordtsidR]R((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIJsV       $ $    $     N(RJRKRLRMRNRORQRPRRRRSRTRURDRRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyR%s>         tcmd_domain_demotecBseZdZdZeddddeeddddegZiejd6ej d 6ej d 6Z d d d d d d Z RS( s4Demote ourselves from the role of Domain Controller.s%prog [options]s--serverR?s%DC to force replication before demoteR@s --targetdirswhere provision is storedR<R=R>c$ Cs |j}|j|}t||d|j}|jd} tdtd|d|} |s| jdddd d g} t| d krt d nt| d krt dnd}xA| D]6} t | d j | j kr| d }PqqWn| j } | jdt | jdtjdd| ddg}t|d ksxd|d krt d| n|d j}tt |d d}| jddt |ddg} t| d krt dt| n|jjd|t|||\}}}|jjdtj}|d j|_|tO}tjt |tjd|d<| j||t@ r| j r|jjd|x| j| j| jfD]}y#t||| t |t j!Wqt"k r} |jjd|tN}tjt |tjd|d<| j|t dt || qXqWnytdd|dtd|d|}|jjd|jdt |jdd | j#dd!g} | d j}tt | d d!}Wnkt$k r} |jjd|tN}tjt |tjd|d<| j|t d"| nXt| d kr|jjd#|tN}tjt |tjd|d<| j|t d$| j#n|}|t%t&BN}|t'O}tj}||_tjd%|tjd!|d!RRRGRRHRtsamdbRbRRtmsgtntds_dnt dsa_optionst drsuapiBindtdrsuapi_handletsupportedExtensionstnmsgtpartt remote_samdbtdc_dntuactolduacR5trdntitnewrdnt computer_dntnewdnt server_dsa_dnRtstl((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIsb  "    "     "    #  " $      "   "        " "! !    "      #"  "      )    "        - N(RJRKRLRMRRSRTRNRORPRQRRRDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs   tcmd_domain_levelc BseZdZdZiejd6ejd6ejd6Ze ddddd e d d d d e ddddde dd dddddgdde dd dddddgddgZ dgZ dddeddddZRS(s(Raise domain and forest function levels.s&%prog (show|raise ) [options]R<R=R>s-Hs--URLR?s%LDB URL for database or target serverR@RgtURLtdesttHs--quietsBe quietRdRes--forest-levelRpRqRRRs1The forest function level (2003 | 2008 | 2008_R2)s--domain-levels1The domain function level (2003 | 2008 | 2008_R2)t subcommandc  CsW|j} |j| dt} td|dtd| d| } | j} | jd| jdtj dd g} t | d kst | j| dtj dd d g}t |d kst | jd | jdtj d ddd g}t |d kst yt | dd d}t |dd d}t |dd d}t |dd d}x?|D]7}t |d d|krt |d d}qqW|dks|dkrtdn|dkrtdn||krtdn||kr6tdnWntk rVtdnX|dkr|jd| |tkr|dkr|jdn|tkr|dkr|jdn|tkr|dkr|jdn|jd|tkrd}nZ|tkr#d}nE|tkr8d}n0|tkrMd}n|tkrbd}nd }|jd!||tkr|dkrd"}n{|tkr|dkrd}nZ|tkrd}nE|tkrd}n0|tkrd}n|tkrd}nd }|jd#||tkr;d}nE|tkrPd}n0|tkred}n|tkrzd}nd }|jd$|n|d%krCg}|dk r2|dkrt}n*|dkrt}n|d&krt}n||kr|dkrtd'n||kr3td(n|dkr)tj}tj| | |_tjd)tjd |d <| j|tj}tj| d*| jd+d,| j|_tjd)tjd |d RGRR=R\t res_forestt res_domaintres_dc_st level_forestt level_domaintlevel_domain_mixedt min_level_dcR>toutstrtmsgstnew_level_domaintmtenumtemsgtnew_level_forest((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIs$                                                    0       '               N(RJRKRLRMRNRORPRQRRRRSRTRURDRRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRRws        tcmd_domain_passwordsettingscBseZdZdZiejd6ejd6ejd6Ze ddddd e d d d d e ddddde dd dddddgdde dd dddddgdde dddd e e dddd e e ddd d e e d!dd"d e e d#dd$d e e d%dd&d e e d'dd(d e g Z d)gZ d+d+d+ed+d+d+d+d+d+d+d+d+d+d*ZRS(,s Set password settings. Password complexity, password lockout policy, history length, minimum password length, the minimum and maximum password age) on a Samba AD DC server. Use against a Windows DC is possible, but group policy will override it. s$%prog (show|set ) [options]R<R>R=s-Hs--URLR?s%LDB URL for database or target serverR@RgRSRTRUs--quietsBe quietRdRes --complexityRpRqtontoffRvs=The password complexity (on | off | default). Default is 'on's--store-plaintextsStore plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off's--history-lengthsBThe password history length ( | default). Default is 24.s--min-pwd-lengthsAThe minimum password length ( | default). Default is 7.s --min-pwd-agesFThe minimum password age ( | default). Default is 1.s --max-pwd-agesGThe maximum password age ( | default). Default is 43.s--account-lockout-durationsThe the length of time an account is locked out after exeeding the limit on bad password attempts ( | default). Default is 30 mins.s--account-lockout-thresholdsThe number of bad password attempts allowed before locking out the account ( | default). Default is 0 (never lock out).s--reset-account-lockout-aftersuAfter this time is elapsed, the recorded number of attempts restarts from zero ( | default). Default is 30.RVc%Cs|j}| j|}td|dtd|d|}|j}|j|dtjdddd d d d d dg}t|dkst yFt |ddd}t |ddd}t |dd d}t t t |dd ddF}t |dd ddkr3d}n(t t t |dd ddI}t |dd d}t |dd ddkrd}n"t t |dd ddJ}t t |ddddK}Wn"t k r}t d|nX|dkr|jd||jd|t@dkrN|jdn |jd|t@dkr{|jdn |jd|jd||jd||jd||jd ||jd!||jd"||jd#|n|d$krg}tj}tj|||_|dk r|d%ksY|d&krs|tB}|jd'q|d(kr|t@}|jd)qn|dk r|d%ks|d&kr|tB}|jd*q|d(kr|t@}|jd+qn|dk s|dk rBtjt|tjd|dn|dkry||kryt d?||fnt|dkrt d@n|j||jdA|jdBj|nt dC|dS(TNR%RRRGR#R t pwdPropertiestpwdHistoryLengtht minPwdLengtht minPwdAget maxPwdAgetlockoutDurationtlockoutThresholdtlockOutObservationWindowiigcAi<ils'Could not retrieve password properties!RYs%Password informations for domain '%s'RsPassword complexity: onsPassword complexity: offsStore plaintext passwords: onsStore plaintext passwords: offsPassword history length: %dsMinimum password length: %dsMinimum password age (days): %dsMaximum password age (days): %ds#Account lockout duration (mins): %ds(Account lockout threshold (attempts): %ds&Reset account lockout after (mins): %dtsetRtRvsPassword complexity activated!Rus Password complexity deactivated!s;Plaintext password storage for changed passwords activated!s=Plaintext password storage for changed passwords deactivated!s8Password history length must be in the range of 0 to 24!s Password history length changed!iis8Minimum password length must be in the range of 0 to 14!s Minimum password length changed!is6Minimum password age must be in the range of 0 to 998!sMinimum password age changed!i+is6Maximum password age must be in the range of 0 to 999!sMaximum password age changed!iis8Maximum password age must be in the range of 0 to 99999!s!Account lockout duration changed!s"Account lockout threshold changed!s0Duration to reset account lockout after changed!sIMaximum password age (%d) must be greater than minimum password age (%d)!s7You must specify at least one option to set. Try --helps!All changes applied successfully!s sWrong argument '%s'!gAgЈ Bg8M%iBgAgЈ Bg8M%iBgAgAiiQg8M%iBiiQg8M%iBgAgA(RCR RRR\R'R*R]RR^RtabsRRR`RRR-R7R,RDRbR.RSR/R0R(%RFRVRUt min_pwd_aget max_pwd_ageRt complexitytstore_plaintextthistory_lengthtmin_pwd_lengthtaccount_lockout_durationtaccount_lockout_thresholdtreset_account_lockout_afterR=R<R>RGRR=R\Rbt pwd_propst pwd_hist_lentcur_min_pwd_lentcur_min_pwd_agetcur_max_pwd_agetcur_account_lockout_thresholdtcur_account_lockout_durationtcur_reset_account_lockout_afterRRmRot min_pwd_lentmin_pwd_age_tickstmax_pwd_age_tickstaccount_lockout_duration_tickst!reset_account_lockout_after_ticks((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIos     ( ( "&                                                  N(RJRKRLRMRNRORQRPRRRRSRTRURDRRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRsCsB                      tcmd_domain_classicupgradecBsZeZdZdZiejd6ejd6Zedddddd d ed dddd d d edddddd dedd dddedd dddedddddddgddd dddedd d dded!dddd"dd#d$d%d&gd d'dd#gZ d(gZ d*d*d*d*e e d*d*d*d*e d) Z RS(+sUpgrade from Samba classic (NT4-like) database to Samba AD DC database. Specify either a directory with all Samba classic DC databases and state files (with --dbdir) or the testparm utility from your classic installation (with --testparm). s"%prog [options] R<R>s--dbdirR@RfRgRR?s+Path to samba classic DC database directorys --testparmtPATHsPath to samba classic DC testparm utility from the previous installation. This allows the default paths of the previous installation to be followeds --targetdirsCPath prefix where the new Samba 4.0 AD domain should be initialiseds--quietsBe quietRdRes --verboses Be verboses --use-xattrsRpRqRRRs [yes|no|auto]sDefine if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilitiesRvs --use-ntvfss+Use NTVFS for the fileserver (default = no)s --dns-backendsNAMESERVER-BACKENDRrRsRtRusThe DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_FLATFILE uses bind9 text database to store zone information, BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (this DC will not be a DNS server)R6c Cstjj|s%td|n|rQtjj| rQtd|n|r}tjj| r}td|n| r| rtdn|j} |r| jtjn)|r| jtjn| jtj |r |r | j dd}n|j } t j}|jrA|jd|jn|dk rrtjj|srtj|qrnt}|dkrt}n|dkrb|jd  rb|rtjd tjj|}n3tjd tjjtjj| jd }zNy)tjj| |jd d dt}Wntk rO| jdnXWd|j Xni}|r||d<||d <||d<|d|dRRRRGts3confRttmpfiletpathstptsamba3((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRI^sv          !3          N(RJRKRLRMRNRORQRRRRTRURDRRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyR8s2  $    tcmd_domain_samba3upgradecBseZejZeZRS((RJRKRRLRthidden(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs tLocalDCCredentialsOptionscBseZdZRS(cCstjj||dddS(Nt special_nameslocal-dc(RNRPt__init__(RFtparser((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs(RJRKR(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRstDomainTrustCommandcBsseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d efd YZdefdYZdefdYZdZdZdZdZeedZdZdZdZdZdZdZdZdZe dZ!e d Z"d!Z#d"Z$d#Z%d$Z&d%Z'd&Z(d(d(d'Z*RS()sList domain trusts.cCsPtj|d|_d|_d|_d|_d|_d|_d|_ dS(N( RRRDtlocal_lpt local_servertlocal_binding_stringt local_credst remote_servertremote_binding_stringt remote_creds(RF((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs       iiil%l4l ll.cCstj|jS(N(tctypestc_uint32tvalue(RFtv((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyt_uint32scCs7|dkrtS|j|d}||kr3tStS(Ni(RDRRR(RFtruntimetvalterr32((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytcheck_runtime_errors   tLocalRuntimeErrorcBseZdZRS(cCsJ|j|d}|d}d|j|||f}tj||dS(Niis%LOCAL_DC[%s]: %s - ERROR(0x%08X) - %s(RRRR(texception_selfRFRR`RterrstrR>((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs  (RJRKR(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRstRemoteRuntimeErrorcBseZdZRS(cCsJ|j|d}|d}d|j|||f}tj||dS(Niis&REMOTE_DC[%s]: %s - ERROR(0x%08X) - %s(RRRR(RRFRR`RRR>((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs  (RJRKR(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRst LocalLdbErrorcBseZdZRS(cCsA|d}|d}d|j|||f}tj||dS(Niis!LOCAL_DC[%s]: %s - ERROR(%d) - %s(RRR(RRFt ldb_errorR`terrvalRR>((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs   (RJRKR(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRsc Cs|jdk r|jS|j}|j}|dkr|j}|dkrbtd|n|jd}d}d}|d7}d}d} n%d}d}d|}|j|} ||_||_d |||f|_ ||_ | |_ |jS( NtROLE_ACTIVE_DIRECTORY_DCsInvalid server_role %ss netbios nametncalrpcRs,auth_type=ncalrpc_as_systemtncacn_nps ldap://%ss %s:%s[%s]( RRDRCR RRRR RRtlocal_ldap_urlR( RFR<t localdcoptsRGRRtlocal_transporttlocal_binding_optionsRR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytsetup_local_servers0            cCstj|j|j|jS(N(R tlsarpcRRR(RF((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnew_local_lsa_connection scCstj|j|j|jS(N(RRRR(RF((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnew_local_netlogon_connection#sc Cs+td|jdtd|jd|jS(NR%RRRG(RRRRR(RF((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnew_local_ldap_connection&s  c Cs(|r|stn|jdk r+|jSd||_|jdk sMt|j|j}|j}d}yvt||jd|}tj tj B} |r| tj O} n|r| tj O} n|j d| d|d|} Wn!tk rtd|nXidtj 6d tj6d tj 6d tj 6d tj6d tj6dtj6dtj 6dtj6dtj6dtj6dtj6dtj6dtj6dtj6dtj6dtj6} |j| | jdt} |j j!d| j"| j#| f| j#|_d|j|f|_$||_%|jS(Ns__unknown__remote_server__.%sRRtflagsRRWs-Failed to find a writeable DC for domain '%s'tPDCtGCtLDAPtDStKDCtTIMESERVtCLOSESTtWRITABLEt GOOD_TIMESERVtNDNCtSELECT_SECRET_DOMAIN_6tFULL_SECRET_DOMAIN_6tADS_WEB_SERVICEtDS_8t HAS_DNS_NAMEt IS_DEFAULT_NCt FOREST_ROOTt names_onlys,RemoteDC Netbios[%s] DNS[%s] ServerType[%s] sncacn_np:%s[%s](&R^RRDRR RR RRtNBT_SERVER_LDAPt NBT_SERVER_DStNBT_SERVER_WRITABLEtNBT_SERVER_PDCtfinddcRRt NBT_SERVER_GCtNBT_SERVER_KDCtNBT_SERVER_TIMESERVtNBT_SERVER_CLOSESTtNBT_SERVER_GOOD_TIMESERVtNBT_SERVER_NDNCt!NBT_SERVER_SELECT_SECRET_DOMAIN_6tNBT_SERVER_FULL_SECRET_DOMAIN_6tNBT_SERVER_ADS_WEB_SERVICEtNBT_SERVER_DS_8tNBT_SERVER_HAS_DNS_NAMEtNBT_SERVER_IS_DEFAULT_NCtNBT_SERVER_FOREST_ROOTtgeneric_bitmap_to_stringt server_typeRRYRZR_R^RR( RFR=Rt require_pdctrequire_writableRRtremote_binding_optionst remote_nett remote_flagst remote_infotflag_maptserver_type_string((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytsetup_remote_server,s^  "                       cCstj|j|j|jS(N(R RRRR(RF((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnew_remote_lsa_connectioniscCstj|j|j|jS(N(RRRR(RF((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnew_remote_netlogon_connectionlscCsXtj}tj|_|jdjd||}|j|tj}||fS(NRsutf-8(R tObjectAttributetQosInfotsec_qost OpenPolicy2tdecodetQueryInfoPolicy2tLSA_POLICY_INFO_DNS(RFtconnt policy_accesst objectAttrtpolicyR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyt get_lsa_infoos   cCs(|j|dddddtj}|S(Ni(tnetr_DsRGetDCNameEx2RDRtDS_RETURN_DNS_NAME(RFRRR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytget_netlogon_dc_infozs  cCs |jtjkr|jS|jS(N(t trust_typeR tLSA_TRUST_TYPE_DOWNLEVELRtdns_name(RFtt((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnetr_DomainTrust_to_namescCsd}d}xH|D]@}|jtj@r|}|jtj@sO||j}nPqqW|jtj@r||krwdS|jtj@rdS||j}||krdSdS|jtj @rdSdS(NtParenttTreeRoottChildtShortcuttForesttExternal( RDt trust_flagsRtNETR_TRUST_FLAG_PRIMARYtNETR_TRUST_FLAG_TREEROOTt parent_indextNETR_TRUST_FLAG_IN_FORESTttrust_attributesR t%LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE(RFtaRtprimarytprimary_parentt_tR5((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnetr_DomainTrust_to_types(    cCs@|jtj@rdS|jtj@r(dS|jtj@r<dSdS(NtYestNo(RRRRR t"LSA_TRUST_ATTRIBUTE_NON_TRANSITIVER(RFR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnetr_DomainTrust_to_transitivescCsP|jtj@r$|jtj@r$dS|jtj@r8dS|jtj@rLdSdS(NtBOTHtINCOMINGtOUTGOINGtINVALID(RRtNETR_TRUST_FLAG_INBOUNDtNETR_TRUST_FLAG_OUTBOUND(RFR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytnetr_DomainTrust_to_directionscCsOy||}Wn*tk r:|j|}d|}nXd||f}|S(Ns__unknown__%08X__s 0x%x (%s)(R_R(RFte_dictRRtwtv32R0((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytgeneric_enum_to_strings c Csg}|}xFt|jD]2}||@s5qn||M}|||g7}qW|dkr|j|}|d|g7}ndj|}|r|Sd||f} | S(Nis__unknown_%08X__t,s 0x%x (%s)(tsortedtkeysRR( RFtb_dictRRRPtctbtc32R1R0((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRs   cCs>idtj6dtj6dtj6dtj6}|j||S(Nt DOWNLEVELtUPLEVELtMITtDCE(R RtLSA_TRUST_TYPE_UPLEVELtLSA_TRUST_TYPE_MITtLSA_TRUST_TYPE_DCER3(RFRttypes((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyttrustType_strings     cCs;idtjtjB6dtj6dtj6}|j||S(NR)tINBOUNDtOUTBOUND(R tLSA_TRUST_DIRECTION_INBOUNDtLSA_TRUST_DIRECTION_OUTBOUNDR3(RFRt directions((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyttrustDirection_strings   cCsfidtj6dtj6dtj6dtj6dtj6dtj6dtj6dtj6}|j ||S( NtNON_TRANSITIVEt UPLEVEL_ONLYtQUARANTINED_DOMAINtFOREST_TRANSITIVEtCROSS_ORGANIZATIONt WITHIN_FORESTtTREAT_AS_EXTERNALtUSES_RC4_ENCRYPTION( R R't LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLYt&LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAINRt&LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATIONt!LSA_TRUST_ATTRIBUTE_WITHIN_FORESTt%LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNALt'LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTIONR(RFRt attributes((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyttrustAttributes_strings        cCspi dtj6dtj6dtj6dtj6dtj6dtj6dtj6dtj6d tj 6}|j ||S( Nt DES_CBC_CRCt DES_CBC_MD5t RC4_HMAC_MD5tAES128_CTS_HMAC_SHA1_96tAES256_CTS_HMAC_SHA1_96tFAST_SUPPORTEDtCOMPOUND_IDENTITY_SUPPORTEDtCLAIMS_SUPPORTEDt!RESOURCE_SID_COMPRESSION_DISABLED( RtKERB_ENCTYPE_DES_CBC_CRCtKERB_ENCTYPE_DES_CBC_MD5tKERB_ENCTYPE_RC4_HMAC_MD5t$KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96t$KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96tKERB_ENCTYPE_FAST_SUPPORTEDt(KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTEDtKERB_ENCTYPE_CLAIMS_SUPPORTEDt.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLEDR(RFRtenctypes((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytkerb_EncTypes_strings         cCsN|dkrdSidtj6dtj6dtj6}d|j||dtS(NisStatus[Enabled]s Disabled-NewtDisabledsDisabled-Conflictings Status[%s]R(R tLSA_TLN_DISABLED_NEWtLSA_TLN_DISABLED_ADMINtLSA_TLN_DISABLED_CONFLICTRR(RFte_flagsR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytentry_tln_statuss    cCsX|dkrdSidtj6dtj6dtj6dtj6}d|j||dtS( NisStatus[Enabled]s Disabled-SIDsDisabled-SID-Conflictings Disabled-NBsDisabled-NB-Conflictings Status[%s]R(R tLSA_SID_DISABLED_ADMINtLSA_SID_DISABLED_CONFLICTtLSA_NB_DISABLED_ADMINtLSA_NB_DISABLED_CONFLICTRR(RFRrR((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytentry_dom_statuss     c Cs|dk rd|}nd}|jjdt|j|fxVtdt|jD]<}|j|}|j}d}|dk rxB|jD]4} | j|krqn| j}d| jj }qWn|j } |j t j kr|jjd|j|| j |fq[|j t jkrG|jjdd| j fq[|j t jkr[|jjd|j|| jj | jj | j|fq[q[WdS( Ns TDO[%s]RsNamespaces[%d]%s: is Collision[%s]sTLN: %-32s DNS[*.%s]%s sTLN_EX: %-29s DNS[*.%s] s)DOM: %-32s DNS[%s] Netbios[%s] SID[%s]%s (RDRYRZRtentriestxrangeRtindexRRftforest_trust_dataR@R tLSA_FOREST_TRUST_TOP_LEVEL_NAMERst"LSA_FOREST_TRUST_TOP_LEVEL_NAME_EXtLSA_FOREST_TRUST_DOMAIN_INFORxtdns_domain_nametnetbios_domain_nameR( RFtftittlnt collisionst tln_stringRKRRtcollision_stringR8td((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pytwrite_forest_trust_infos<               N(+RJRKRLRtWERR_OKtWERR_INVALID_FUNCTIONtWERR_NERR_ACFNOTLOADEDtNT_STATUS_NOT_FOUNDtNT_STATUS_OBJECT_NAME_NOT_FOUNDtNT_STATUS_INVALID_PARAMETERtNT_STATUS_INVALID_INFO_CLASSt"NT_STATUS_RPC_PROCNUM_OUT_OF_RANGERRRRRRRRRRRRRRR R RR$R(R/RR3RRCRIRYRmRsRxRDR(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRsL        ;        tcmd_domain_trust_listcBsMeZdZdZiejd6ejd6ed6ZgZ ddddZ RS(sList domain trusts.s%prog [options]R<R>Rc CsU|j||}y|j}Wn(tk rL}|j||dnXy'|j|tjtjBtjB}WnStk r}|j ||j rt d|j n|j||dnX|j }x{|D]s} | jtj@rqn|jjdd|j|| d|j| d|j| d|j| fqWdS( Ns!failed to connect netlogon servers:LOCAL_DC[%s]: netr_DsrEnumerateDomainTrusts not supported.s$netr_DsrEnumerateDomainTrusts faileds%-14s %-15s %-19s %s sType[%s]sTransitive[%s]s Direction[%s]sName[%s](RRRXRtnetr_DsrEnumerateDomainTrustsRRR.R-RRRRtarrayRRRYRZR$R(R/R( RFR<R>RRtlocal_netlogonterrortlocal_netlogon_trustsR R((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIRs0     N( RJRKRLRMRNRORQRRRRTRDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRDs   tcmd_domain_trust_showcBsVeZdZdZiejd6ejd6ed6ZgZ dgZ ddddZ RS(sShow trusted domain details.s%prog NAME [options]R<R>RRcCs9|j||}y|j}Wn(tk rL}|j||dnXy%tj}|j||\} } Wn(tk r}|j||dnX|jjd| j j | j j | j ftj } || _ y.|j| | tj} | j} | j}WnPtk r^}|j||jrFtd|n|j||dnXy|j| | tj}Wntk r}|j||jrd}n|j||jrd}n|dk r|j||dntj}d|_nXy5d}| jtj@r:|j| | tj}nWntk r}|j||jrkd}n|j||j rd}n|dk r|j||dntj!}d|_"g|_#nX|jjd |jjd | j$j | j$j | j%j kr.|jjd | j%j n|jjd | j |jjd |j&| j'|jjd|j(| j)|jjd|j*| jt+j,|jj-}t+j.|jj-}|jjd||f|jjd|j/|j| jtj@r5|j0|d| j%j ndS(Nsfailed to connect lsa servers#failed to query LSA_POLICY_INFO_DNSs(LocalDomain Netbios[%s] DNS[%s] SID[%s] s4trusted domain object does not exist for domain [%s]s.QueryTrustedDomainInfoByName(FULL_INFO) faileds?QueryTrustedDomainInfoByName(SUPPORTED_ENCRYPTION_TYPES) failedis&lsaRQueryForestTrustInformation failedsTrusteDomain: sNetbiosName: %s sDnsName: %s sSID: %s sType: %s sDirection: %s sAttributes: %s sPosixOffset: 0x%08X (%d) skerb_EncTypes: %s R(1RRRXRR t!LSA_POLICY_VIEW_LOCAL_INFORMATIONR RYRZRRfR\RtStringtQueryTrustedDomainInfoByNamet!LSA_TRUSTED_DOMAIN_INFO_FULL_INFOtinfo_ext posix_offsetRRRt-LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPESRRDRt TrustDomainInfoSupportedEncTypest enc_typesRRtlsaRQueryForestTrustInformationRRRtForestTrustInformationtcountRyRR]RCRRIttrust_directionRYRRRtc_int32RmR(RFRR<R>RRt local_lsaRtlocal_policy_accesst local_policytlocal_lsa_infot lsaStringtlocal_tdo_fulltlocal_tdo_infotlocal_tdo_posixtlocal_tdo_enctypestlocal_tdo_foresttposix_offset_u32tposix_offset_i32((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIs                             N( RJRKRLRMRNRORQRRRRTRURDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRqs    tcmd_domain_trust_createcBseZdZdZiejd6ejd6ejd6ed6Z e dddd d d d d gdddddd e dddd dd dddgdddddde dddd dd ddgdddddde dd d!dd"dd#de e d$ddd d%d d&d'd9gdd(dd)dd9e d*d d!dd+dd,de e d-d d!dd.dd/de e d0d d1dd2dd3de e d4d d1dd5dd6de g Zd7gZd9d9d9d9d9d9d9e d9e e e e d8 ZRS(:s Create a domain or forest trust.s%prog DOMAIN [options]R<R>R=Rs--typeR@RpRgtTYPERqtexternalR[R?s.The type of the trust: 'external' or 'forest'.RTRRvs --directiont DIRECTIONtincomingtoutgoingtboths6The trust direction: 'incoming', 'outgoing' or 'both'.Rs--create-locationtLOCATIONtlocals=Where to create the trusted domain object: 'local' or 'both'.tcreate_locations--cross-organisationRdRes=The related domains does not belong to the same organisation.tcross_organisations --quarantinedsyes|noRRsSpecial SID filtering rules are applied to the trust. With --type=external the default is yes. With --type=forest the default is no.tquarantined_args--not-transitives#The forest trust is not transitive.tnot_transitives--treat-as-externals'The treat the forest trust as external.ttreat_as_externals --no-aes-keyst store_falses!The trust uses aes kerberos keys.t use_aes_keyss--skip-validationsSkip validation of the trust.tvalidateRcCstj}t}| dkr6|dkrKt}qKn| dkrKt}n|dkr| rltdn| rtdqnd}| rtj}tj|_ |j tj O_ ntj }|tj O}|tj O}tj}tj|_d|_|dkr4|jtjO_|jtjO_nB|dkrU|jtjO_n!|d krv|jtjO_nd|_| r|jtjO_n|r|jtjO_n|dkr|jtjO_n| r|jtjO_n| r |jtjO_nfd }d}d}tj }|d kr|jtj@rp|d }t|jd }n|jtj@r|d}t|jd }nd}ntd}|jtj@r|dd| }n|jtj@r|dd| }n|tj O}|tj O}tj}tj|_d|_|dkrq|jtjO_|jtjO_nB|dkr|jtjO_n!|d kr|jtjO_nd|_| r|jtjO_n|r|jtjO_n|dkr|jtjO_n| r.|jtjO_n| rI|jtjO_nj||}yj}Wn(tk r}j|dnXyj ||\}} Wn(tk r}j|dnXj!j"d| j#j$| j%j$| j&fyj'||}!Wn(tk rI}j(|dnXyj)}"Wn(tk r}j(|dnXyj |"|\}#}$Wn(tk r}j(|dnXj!j"d|$j#j$|$j%j$|$j&f|$j%j$|j*_$|$j#j$|j+_$|$j&|_&|ra| j%j$|j*_$| j#j$|j+_$| j&|_&ny>|j*j$|_$|j,||tj-}%td|j$WnGtk r}j.|j/sj|d|j$qnXy>|j+j$|_$|j,||tj-}&td|j$WnGtk rp}j.|j/sqj|d|j$qqnX|ry>|j*j$|_$|"j,|#|tj-}'td|j$WnGtk r}j.|j/sj(|d|j$qnXy>|j+j$|_$|"j,|#|tj-}(td|j$Wqtk r}j.|j/sj(|d|j$qqXnyj0})Wn(tk r}j|dnXyj1|)|}*Wn(tk r }j|dnX|r yj2}+Wn(tk rF }j(|dnXyj1|+|!},Wq tk r }j(|dq Xnd}-ddd}.t3j4}/|-||/}0|-||/}1d}2d}3|.|j5d|0d |1}4|r |.|"j5d|1d |0}5ny1|r j!j"didd6d d!6}6|"j6|#||5tj7}3j!j"d"|r j!j"d#idd6d$d!6}6|"j8|3tj9|q nj!j"d%id d6d d!6}6|j6|||4tj7}2j!j"d&|rH j!j"d'id d6d$d!6}6|j8|2tj9|nWntk r% }j!j"d(|6d!|6df|3r j!j"d)|"j:|3d}3n|2r j!j"d*|j:|2d}2n|6ddkr j(|d+|6d!nj|d+|6d!nX|rn|jtj@r j!j"d,y%|)j;|*j<|$j%j$t=j>}7Wn(tk r }j|d-nXy%|j?||$j%tj@|7d}8Wn(tk r }j|d.nXjA|7d/|$j%j$d0|8|r j!j"d1y%|+j;|,j<| j%j$t=j>}9Wn(tk rp }j(|d-nXy%|"j?|#| j%tj@|9d}:Wn(tk r }j(|d.nXjA|9d/| j%j$d0|:q n|jtj@r$j!j"d2y(|)jB|*j<t=jCd3|$j%j$};Wn(tk rX}j|d4nXjD|;jEd}<jD|;jFd}=|;jGt=jH@rd5|;jI|;jFd6|;jEd6f}>n$d7|;jI|;jFd6|;jEd6f}>|<jJks|=jJkr t|>q$j!j"d8|>n|rn|jtj@rkj!j"d9y(|+jB|,j<t=jCd3| j%j$}?Wn(tk r}j(|d4nXjD|?jEd}@jD|?jFd}A|?jGt=jH@rd:|?jI|?jFd6|?jEd6f}Bn$d;|?jI|?jFd6|?jEd6f}B|@jJksB|AjJkrQt|Bqhj!j"d8|Bqkqnn|3dk ry|"jK|3Wntk r}nXd}3n|2dk ry|jK|2Wntk r}nXd}2nj!j"d<dS(=NRRR[s'--not-transitive requires --type=forests*--treat-as-external requires --type=forestiRRRcsxd}xktrs|dk r+|dk r+|Std|}td|}||ks d}jjdq q WdS(NRsNew %s Password: sRetype %s Password: sSorry, passwords do not match. (RDRRRYRZ(Rtpasswordtpasswordverify(RF(s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyt get_passwordEs  RsIncoming Trusts utf-16-lesOutgoing TrustcSsdg|}tj|d|d}|s@t|jdSxYtt|D]E}t||krt||||RRRRRRRRRRt quarantinedRRtlocal_trust_infoRtincoming_secrettoutgoing_secrettremote_policy_accesstincoming_passwordtoutgoing_passwordtremote_trust_infoRRRRRRRt remote_lsat remote_policytremote_lsa_infotlocal_old_netbiost local_old_dnstremote_old_netbiostremote_old_dnsRtlocal_netlogon_infotremote_netlogontremote_netlogon_infoRRRt incoming_blobt outgoing_blobtlocal_tdo_handletremote_tdo_handletlocal_auth_infotremote_auth_infotcurrent_requesttlocal_forest_infotlocal_forest_collisiontremote_forest_infotremote_forest_collisiontlocal_trust_verifytlocal_trust_statustlocal_conn_statustlocal_validationtremote_trust_verifytremote_trust_statustremote_conn_statustremote_validation((RFs7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRIs                                                                                            N(RJRKRLRMRNRORQRPRRRRRRDRRTRURI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRsj          tcmd_domain_trust_deletecBseZdZdZiejd6ejd6ejd6ed6Z e dddd d d d d gdddddd gZ dgZ ddddddZRS(sDelete a domain trust.s%prog DOMAIN [options]R<R>R=Rs--delete-locationR@RpRgRRqRRR?s=Where to delete the trusted domain object: 'local' or 'both'.RTtdelete_locationRvRc Cstj}|tjO}|tjO}|dkr8d}n#tj}|tjO}|tjO}|j||} y|j} Wn(tk r} |j|| dnXy|j | |\} } Wn(tk r} |j|| dnX|j j d| j j | jj | jfd}d}d}d}tj}y%||_ | j| |tj}WnPtk r} |j| |jrtd|n|j|| dnX|dk ry|j||}Wn(tk r} |j|| dnXy|j}Wn(tk r>} |j|| dnXy|j ||\}}Wn(tk r} |j|| dnX|j j d|j j |jj |jf|j|jks|j j |jj ks|jj |jj krtd|jj |jj |jfny+| jj |_ |j||tj}WnGtk r} |j| |js|j|| d |j qnX|dk r| j|jks| j j |jj ks| jj |jj krtd |jj |jj |jfqqn|dk ry+|jj |_ | j| |tj}Wn/tk r{} |j|| d |j nX| j|d}n|dk ry+|jj |_ |j||tj}Wqtk r} |j|| d |j qXn|dk rmy'|j|d}|j j d Wqmtk ri} |j j d |j|| dqmXn|dk ry'| j|d}|j j dWqtk r} |j j d |j|| dqXndS(NRsfailed to connect lsa servers#failed to query LSA_POLICY_INFO_DNSs(LocalDomain Netbios[%s] DNS[%s] SID[%s] s$Failed to find trust for domain '%s'sfailed to locate remote servers)RemoteDomain Netbios[%s] DNS[%s] SID[%s] s2LocalTDO inconsistend: Netbios[%s] DNS[%s] SID[%s]s QueryTrustedDomainInfoByName(%s)s3RemoteTDO inconsistend: Netbios[%s] DNS[%s] SID[%s]sOpenTrustedDomainByName(%s)sRemoteTDO deleted. s%s sDeleteObject() failedsLocalTDO deleted. (R RRRRDRRRXRR RYRZRRfR\RRRtLSA_TRUSTED_DOMAIN_INFO_INFO_EXRRRRRRRR]tOpenTrustedDomainByNameRtSEC_STD_DELETER(RFRR<RR=R>R&RRRRRRRRRtremote_tdo_infoRRRRR R ((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRI s                                *  *N(RJRKRLRMRNRORQRPRRRRRTRURDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyR% s        tcmd_domain_trust_validatecBseZdZdZiejd6ejd6ejd6ed6Z e dddd d d d d gdddddd gZ dgZ ddddddZRS(sValidate a domain trust.s%prog DOMAIN [options]R<R>R=Rs--validate-locationR@RpRgRRqRRR?s?Where to validate the trusted domain object: 'local' or 'both'.RTtvalidate_locationRvRc Cs'tj}|j||}y|j} Wn(tk rU} |j|| dnXy|j| |\} } Wn(tk r} |j|| dnX|jjd| j j | j j | j fy1tj } || _ | j| | tj}WnPtk rL} |j| |jr4td|n|j|| dnX|jjd|jj |jj |j fy|j}Wn(tk r} |j|| dnXy%|j|tjd|jj }Wn(tk r} |j|| d nX|j|jd }|j|jd }|jtj@rgd |j|jd |jd f}n$d |j|jd |jd f}||jks||jkrt|n|jjd|yJ|jj dd}d|jj |f}|j|tj!d|}Wn(tk r@} |j|| dnX|j|jd }d|j|jd f}||jkrt|n|jjd||dkr#y|j"||dt#}Wn(tk r} |j$|| dnXy|j%}Wn(tk r0} |j$|| dnXy%|j|tjd| j j }Wn(tk r} |j$|| d nX|j|jd }|j|jd }|jtj@rd|j|jd |jd f}n$d|j|jd |jd f}||jks&||jkr5t|n|jjd|yJ|jj dd}d| j j |f}|j|tj!d|}Wn(tk r} |j$|| dnX|j|jd }d|j|jd f}||jkr t|q#|jjd|ndS(Nsfailed to connect lsa servers#failed to query LSA_POLICY_INFO_DNSs(LocalDomain Netbios[%s] DNS[%s] SID[%s] s4trusted domain object does not exist for domain [%s]s,QueryTrustedDomainInfoByName(INFO_EX) faileds%LocalTDO Netbios[%s] DNS[%s] SID[%s] s!failed to connect netlogon serveris!NETLOGON_CONTROL_TC_VERIFY failedisGLocalValidation: DC[%s] CONNECTION[%s] TRUST[%s] VERIFY_STATUS_RETURNEDis0LocalValidation: DC[%s] CONNECTION[%s] TRUST[%s]sOK: %s s\Rs%s\%ss"NETLOGON_CONTROL_REDISCOVER faileds&LocalRediscover: DC[%s] CONNECTION[%s]RRsfailed to locate remote serversHRemoteValidation: DC[%s] CONNECTION[%s] TRUST[%s] VERIFY_STATUS_RETURNEDs1RemoteValidation: DC[%s] CONNECTION[%s] TRUST[%s]s'RemoteRediscover: DC[%s] CONNECTION[%s](&R RRRRXRR RYRZRRfR\RRRR'RRRRR]RRRRRRRRRRRR6tNETLOGON_CONTROL_REDISCOVERRRRR( RFRR<R>R=RR,RRRRRRRRRRRRR Rtdomain_and_servertlocal_trust_rediscovertlocal_rediscoverRRR!R"R#R$tremote_trust_rediscovertremote_rediscover((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRI s                     N(RJRKRLRMRNRORQRPRRRRRTRURDRI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyR+ s        tcmd_domain_trust_namespacescBseZdZdZiejd6ejd6ed6Ze ddddd d d d dAgd dddddAe dddd dddde e dddddd ddddge dddddd ddddge dddddd d dd!dge d"ddddd d#dd$dge d%dddd&d d'dd(dge d)dddd&d d*dd+dge d,dddd-d d.dd/dge d0dddd-d d1dd2dge d3ddddd d4dd5dge d6ddddd d7dd8dge d9ddddd d:dd;dge d<ddddd d=dd>dggZ d?gZ dAdAdAdAdAe ggggggggggggd@ZRS(BsManage forest trust namespaces.s%prog [DOMAIN] [options]R<R>Rs --refreshR@RpRgs check|storeRqtchecktstoreR?sLList and maybe store refreshed forest trust information: 'check' or 'store'.RTtrefreshRvs --enable-allRdResATry to update disabled entries, not allowed with --refresh=check.t enable_alls --enable-tlnRbt DNSDOMAINs?Enable a top level name entry. Can be specified multiple times.t enable_tlns --disable-tlns@Disable a top level name entry. Can be specified multiple times.t disable_tlns --add-tln-exsAAdd a top level exclusion entry. Can be specified multiple times.t add_tln_exs--delete-tln-exsDDelete a top level exclusion entry. Can be specified multiple times.t delete_tln_exs --enable-nbt NETBIOSDOMAINsIEnable a netbios name in a domain entry. Can be specified multiple times.t enable_nbs --disable-nbsJDisable a netbios name in a domain entry. Can be specified multiple times.t disable_nbs --enable-sidt DOMAINSIDs@Enable a SID in a domain entry. Can be specified multiple times.tenable_sid_strs --disable-sidsADisable a SID in a domain entry. Can be specified multiple times.tdisable_sid_strs--add-upn-suffixsVAdd a new uPNSuffixes attribute for the local forest. Can be specified multiple times.tadd_upns--delete-upn-suffixs^Delete an existing uPNSuffixes attribute of the local forest. Can be specified multiple times.t delete_upns--add-spn-suffixs[Add a new msDS-SPNSuffixes attribute for the local forest. Can be specified multiple times.tadd_spns--delete-spn-suffixscDelete an existing msDS-SPNSuffixes attribute of the local forest. Can be specified multiple times.t delete_spnsdomain?cG Cs t}|dkr5|dkr1td|n|rFtdnt|dkrgtdnt|dkrtdnt| dkrtdnt| dkrtdnt| dkrtd nt|dkr td nt| dkr-td nt| dkrNtd nt|dkrx3|D]+}|jd sqgntd|qgWt}nt|dkrx3|D]+}|jd sqntd|qWt}nxM|D]E}x<|D]4}|j|jkr(qntd|qWqWt|dkrx3|D]+}|jd stqYntd|qYWt}nt|dkrx3|D]+}|jd sqntd|qWt}nx|D]E}x<|D]4}|j|jkrqntd|qWqWnt|dkrVtdnt|dkrwtdnt|dkrtdnt|dkrtdn|dk r |dkrt}n|r|dkrtd|nt|dkr tdnt|dkrAtdnt| dkrbtdnt| dkrtdnt| dkrtdnt|dkrtdnt| dkrtdnt| dkrtd qn|r|t}t|dkr7td!nt| dkrXtd"nt|dkr|td#q|nt|dkrt}nt|dkrt}nxM|D]E}x<|D]4}|j|jkrqntd$|qWqWt| dkrSx3| D]+}|jd s6qntd%|qWt}nt| dkrx3| D]+}|jd sqlntd&|qlWt}nxM| D]E}x<| D]4}|j|jkrqntd'|qWqWt| dkrt}nt|dkr*t}nxM| D]E}x<|D]4}|j|jkrbq>ntd(|q>Wq1Wg}xT| D]L}ytj |}Wn#t k r}td)|nX|j |qWg}xT| D]L}ytj |}Wn#t k r"}td*|nX|j |qWt|dkrOt}nt|dkrjt}nxA|D]9}x0|D](}||krq~ntd+|q~WqqWt j }|r|t jO}n|j||}y|j}Wn(tk r }|j||d,nXy|j||\} }!Wn(tk r` }|j||d-nX|jjd.|!jj|!jj|!jf|dkry|j}"Wn(tk r }|j||d/nXy|j|"|}#Wn(tk r }|j||d0nX|#j|#jkrF td1|#j|#jfny|"j|#jdd}$Wntk r }|j ||j!r td2|j"n|j ||j#r td2|j"n|j ||j$r td2|j"n|j||d3nX|jjd4|j%|$d5|!jjy|j&}%Wn(tk rq }|j||d6nXd7t'|%j(}&d8d9g}'y5|%j)d:|&d;t*j+d<d=d>|'}(|(d})Wn+t*j,k r }|j-||d?nXg}*d8|)kr |*j.|)d8ng}+d9|)krC |+j.|)d9n|jjd@t|*x(|*D] },|jjdAdB|,fqd W|jjdCt|+x(|+D] },|jjdAdB|,fq W|s dSt}-g}.|.j.|*t}/g}0|0j.|+x|D]}1d}2xLt/dt|.D]5}3|.|3},|,j|1jkr` q2 n|3}2Pq2 W|2dk r tdD|1n|.j |1t}-q Wx|D]}1d}2xLt/dt|.D]5}3|.|3},|,j|1jkr q n|3}2Pq W|2dkr"tdE|1n|.j0|2t}-q Wx|D]}4d}2xLt/dt|0D]5}3|0|3},|,j|4jkrqbn|3}2PqbW|2dk rtdF|4n|0j |4t}/q@Wx|D]}4d}2xLt/dt|0D]5}3|0|3},|,j|4jkr(qn|3}2PqW|2dkrRtdG|4n|0j0|2t}/qW|jjdHt|.x(|.D] },|jjdAdB|,fqW|jjdIt|0x(|0D] },|jjdAdB|,fqWt*j1}5|)j2|5_2|-r0t*j3|.t*j4d8|5d8}:|rd}9qnd}:y"|"j|#j|8jj|:};Wn(tk r}|j||d3nXy%|j?| |8jt j@|;|9}<Wn(tk r2}|j||dQnX|jjdR|j%|;d5|8jjdS|<|dkry7t j6}7|8jj|7_|jA| |7t j@}6Wn(tk r}|j||dTnX|jjdK|j%|6d5|8jjndSy7t j6}7|8jj|7_|jA| |7t j@}=Wn(tk ra}|j||dTnX|jjdU|j%|=d5|8jj|sdSg}>|>j.|=jBt jC}?t|>|?_D|>|?_B|rxt/dt|?jBD]q}3|?jB|3}@|@jEt jFkrqn|?jB|3jGdkr5qnd|?jB|3_H|?jB|3jGt jIM_GqWxt/dt|?jBD]}3|?jB|3}@|@jEt j@krq|n|?jB|3jGdkrq|nd|?jB|3_H|?jB|3jGt jJM_G|?jB|3jGt jKM_Gq|Wnx|D]}Ad}2xpt/dt|?jBD]V}3|?jB|3}@|@jEt jFkreq:n|@jLjj|Ajkrq:n|3}2Pq:W|2dkrtdV|An|?jB|2jGt jI@stdW|And|?jB|2_H|?jB|2jGt jIM_GqWx|D] }Ad}2xpt/dt|?jBD]V}3|?jB|3}@|@jEt jFkrbq7n|@jLjj|Ajkrq7n|3}2Pq7W|2dkrtdX|An|?jB|2jGt jM@rtdY|And|?jB|2_H|?jB|2jGt jIM_G|?jB|2jGt jMO_GqWx| D]}Bd}2xpt/dt|?jBD]V}3|?jB|3}@|@jEt jNkrxqMn|@jLjj|BjkrqMn|3}2PqMW|2dk rtdZ|Bnd[|Bj}Cd}2xt/dt|?jBD]|}3|?jB|3}@|@jEt jFkr qnd[|@jLjj}D|C|DkrUtd\|Bn|CjO|Dsjqn|3}2PqW|2dkrtd]|Bnt jP}@t jN|@_Ed|@_Gd|@_H|B|@jL_g}>|>j.|?jB|>jQ|2dP|@t|>|?_D|>|?_Bq(Wx| D]}Bd}2xpt/dt|?jBD]V}3|?jB|3}@|@jEt jNkrgq<n|@jLjj|Bjkrq<n|3}2Pq<W|2dkrtd^|Bng}>|>j.|?jB|>j0|2t|>|?_D|>|?_BqWx| D]}Ed}2xst/dt|?jBD]Y}3|?jB|3}@|@jEt j@krKq n|@jLjRjj|Ejkrrq n|3}2Pq W|2dkrtd_|En|?jB|2jGt jJ@std`|End|?jB|2_H|?jB|2jGt jJM_GqWx|D]}Ed}2xst/dt|?jBD]Y}3|?jB|3}@|@jEt j@krKq n|@jLjRjj|Ejkrrq n|3}2Pq W|2dkrtda|En|?jB|2jGt jS@rtdb|End|?jB|2_H|?jB|2jGt jJM_G|?jB|2jGt jSO_GqWx|D]}d}2xdt/dt|?jBD]J}3|?jB|3}@|@jEt j@krdq9n|@jLjT|kr|q9n|3}2Pq9W|2dkrtdc|n|?jB|2jGt jK@stdd|End|?jB|2_H|?jB|2jGt jKM_GqWx|D]}d}2xdt/dt|?jBD]J}3|?jB|3}@|@jEt j@krUq*n|@jLjT|krmq*n|3}2Pq*W|2dkrtde|n|?jB|2jGt jU@rtdf|End|?jB|2_H|?jB|2jGt jKM_G|?jB|2jGt jUO_GqWy%|j?| |8jt j@|?d}FWn(tk rW}|j||dQnX|jjdg|j%|?d5|8jjdS|Fy7t j6}7|8jj|7_|jA| |7t j@}6Wn(tk r}|j||dTnX|jjdK|j%|6d5|8jjdS(hNR5s'--refresh=%s not allowed without DOMAINs'--enable-all not allowed without DOMAINis'--enable-tln not allowed without DOMAINs(--disable-tln not allowed without DOMAINs'--add-tln-ex not allowed without DOMAINs*--delete-tln-ex not allowed without DOMAINs&--enable-nb not allowed without DOMAINs'--disable-nb not allowed without DOMAINs'--enable-sid not allowed without DOMAINs(--disable-sid not allowed without DOMAINs*.sEvalue[%s] specified for --add-upn-suffix should not include with '*.'sHvalue[%s] specified for --delete-upn-suffix should not include with '*.'s@value[%s] specified for --add-upn-suffix and --delete-upn-suffixsEvalue[%s] specified for --add-spn-suffix should not include with '*.'sHvalue[%s] specified for --delete-spn-suffix should not include with '*.'s@value[%s] specified for --add-spn-suffix and --delete-spn-suffixs1--add-upn-suffix not allowed together with DOMAINs4--delete-upn-suffix not allowed together with DOMAINs1--add-spn-suffix not allowed together with DOMAINs4--delete-spn-suffix not allowed together with DOMAINs3--enable-all not allowed together with --refresh=%ss0--enable-tln not allowed together with --refreshs1--disable-tln not allowed together with --refreshs0--add-tln-ex not allowed together with --refreshs3--delete-tln-ex not allowed together with --refreshs/--enable-nb not allowed together with --refreshs0--disable-nb not allowed together with --refreshs0--enable-sid not allowed together with --refreshs1--disable-sid not allowed together with --refreshs3--enable-tln not allowed together with --enable-alls2--enable-nb not allowed together with --enable-alls3--enable-sid not allowed together with --enable-alls6value[%s] specified for --enable-tln and --disable-tlnsAvalue[%s] specified for --add-tln-ex should not include with '*.'sDvalue[%s] specified for --delete-tln-ex should not include with '*.'s8value[%s] specified for --add-tln-ex and --delete-tln-exs4value[%s] specified for --enable-nb and --disable-nbs7value[%s] specified for --enable-sid is not a valid SIDs8value[%s] specified for --disable-sid is not a valid SIDs6value[%s] specified for --enable-sid and --disable-sidsfailed to connect lsa servers#failed to query LSA_POLICY_INFO_DNSs(LocalDomain Netbios[%s] DNS[%s] SID[%s] s!failed to connect netlogon serversfailed to get netlogon dc infos1The local domain [%s] is not the forest root [%s]s@LOCAL_DC[%s]: netr_DsRGetForestTrustInformation() not supported.s*netr_DsRGetForestTrustInformation() faileds Own forest trust information... Rsfailed to connect to SamDBsCN=Partitions,%st uPNSuffixessmsDS-SPNSuffixesR"R#Rs(objectClass=crossRefContainer)R sfailed to search partition dns#Stored uPNSuffixes attributes[%d]: sTLN: %-32s DNS[*.%s] Rs(Stored msDS-SPNSuffixes attributes[%d]: sBEntry already present for value[%s] specified for --add-upn-suffixs?Entry not found for value[%s] specified for --delete-upn-suffixsBEntry already present for value[%s] specified for --add-spn-suffixs?Entry not found for value[%s] specified for --delete-spn-suffixs#Update uPNSuffixes attributes[%d]: s(Update msDS-SPNSuffixes attributes[%d]: sfailed to update partition dns#Stored forest trust information... s4trusted domain object does not exist for domain [%s]s,QueryTrustedDomainInfoByName(INFO_EX) faileds%LocalTDO Netbios[%s] DNS[%s] SID[%s] sItrusted domain object for domain [%s] is not marked as FOREST_TRANSITIVE.is&lsaRSetForestTrustInformation() faileds"Fresh forest trust information... Rs(lsaRQueryForestTrustInformation() faileds"Local forest trust information... s8Entry not found for value[%s] specified for --enable-tlnsGEntry found for value[%s] specified for --enable-tln is already enableds9Entry not found for value[%s] specified for --disable-tlnsIEntry found for value[%s] specified for --disable-tln is already disableds>Entry already present for value[%s] specified for --add-tln-exs.%ss:TLN entry present for value[%s] specified for --add-tln-exs>No TLN parent present for value[%s] specified for --add-tln-exs;Entry not found for value[%s] specified for --delete-tln-exs7Entry not found for value[%s] specified for --enable-nbsFEntry found for value[%s] specified for --enable-nb is already enableds7Entry not found for value[%s] specified for --delete-nbsHEntry found for value[%s] specified for --disable-nb is already disableds8Entry not found for value[%s] specified for --enable-sidsGEntry found for value[%s] specified for --enable-sid is already enableds8Entry not found for value[%s] specified for --delete-sidsIEntry found for value[%s] specified for --disable-sid is already disableds$Updated forest trust information... (VRRDRRRRRRRRt TypeErrorRbR RRRRRXRR RYRZRRfR\RRR R]t forest_nameRRRRRRRRRRSR)R'R*R]R<RRRztpopR-R,R.R/R0RRR'RRRRRRRRRRyRRR@R}RttimetLSA_TLN_DISABLED_MASKtLSA_NB_DISABLED_MASKtLSA_SID_DISABLED_MASKR|RpR~tendswithtForestTrustRecordtinsertRRvRRt(GRFRR<RR>R6R7R9R:R;R<RARBR>R?RCRDRERFtrequire_updatetnR Rt enable_sidRRPRRt disable_sidRRRRRRRtown_forest_infot local_samdbtlocal_partitions_dnR Rmt stored_msgtstored_upn_valststored_spn_valsRt replace_upntupdate_upn_valst replace_spntupdate_spn_valstupntidxRKtspnt update_msgtstored_forest_infoRRtlsa_update_checktnetlogon_update_tdotfresh_forest_infotfresh_forest_collisionRRytupdate_forest_infoR0Rttln_exttln_dottr_dottnbtupdate_forest_collision((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyRI s                                                                                                                 !                         !   !              N(RJRKRLRMRNRORQRRRRRDRRTRURI(((s7/usr/lib/python2.7/dist-packages/samba/netcmd/domain.pyR3E s        tcmd_domain_trustcBsbeZdZiZeeds~         ""F    CL`-d)