Vc@swdZddlmZddlmZddlmZmZmZm Z m Z ddl Z ddlZddl Z ddl Z ddlmZddlmZmZmZmZmZmZddlmZdd lmZmZdd lmZmZmZm Z m!Z!dd l"m#Z#dd l$m%Z%dd lm&Z&ddl'm(Z(ddl)m*Z*ddlm+Z+ddl,m-Z-ddl.Z.ddl/Z/ddl0Z0ddl1Z1e/j2de3fdYZ4de5fdYZ6e7e7e7e7e7e7e7e7e8e7e8e7e8d Z9e7e7e7e7e7e7e7e7e8e7e8e7e8d Z:e7e7e7e7e7e7e7e7e7e7e7e7e8e7dZ;dS(sJoining a domain.i(tsystem_session(tSamDB(tgensectLdbt drs_utilstarcfour_encrypttstring_to_byte_arrayN(tndr_pack(tsecuritytdrsuapitmisctnbttlsatdrsblobs(tDS_DOMAIN_FUNCTION_2003(t CredentialstDONT_USE_KERBEROS(tsecretsdb_self_joint provisiontprovision_filltFILL_DRStFILL_SUBDOMAIN(t setup_path(tSchema(t descriptor(tNet(tsetup_bind9_dns(tread_and_sub_file(t b64encodetDCJoinExceptioncBseZdZRS(cCstt|jd|dS(NsCan't join, error: %s(tsuperRt__init__(tselftmsg((s./usr/lib/python2.7/dist-packages/samba/join.pyR/s(t__name__t __module__R(((s./usr/lib/python2.7/dist-packages/samba/join.pyR-stdc_joinc Bs:eZdZdddddddddeded ZedZdZdZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!RS(sPerform a DC join.c  Cs||_||_||_||_||_||_| |_| |_d|_ g|_ g|_ |jj |j tjBtd|jd|j|_|dk r||_n=|jjd||j||_|jjd|jtdd|jdtd|jd|j|_y#|jjd tjd d gWn(tjk rt\} }t|nX||_d |j|_t|jj |_!t|jj"|_#t|jj$|_%t|jj&|_'t(j)|jj*|_+|j+|_,|j-|_.|j/|_0t1j2tt3j4|_5|jj6|_7|j8|_9|j:|_;| dk r| |_<nt=j>d d|_<d|j|j|j'f|_?d|j?|_@d|j!}|jA|rd|j|f|_Bn d|_B|jjC|_D|jjE|_Fd|j!|_Gd|j#|_H|jjd tjd gd|jjIdd|jG}| dkrd|_Jn,tK|dkrd|_JdGHn | |_Jd|jjL|jDf|_M|jD|_Nd|j|j!f|_Od|_Pd|jd|jMd|jM|jFfg|_Qd|_Rd|_Sd|_TtU|_Vd|_Wd|_Xd|_YtU|_Zd|_[dS(Ntcredstlps&Finding a writeable DC for domain '%s's Found DC %sturls ldap://%st session_infot credentialstscopetattrstdns%s$i i(s"CN=%s,CN=Servers,CN=%s,CN=Sites,%ssCN=NTDS Settings,%ssGCN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,%ssCN=%s,%ssDC=DomainDnsZones,%ssDC=ForestDnsZones,%stbaset expressions$(&(objectClass=crossRef)(ncName=%s))tNONEisCNO DNS zone information found in source domain, not replicating DNSs%s.%ssCN=%s,OU=Domain Controllers,%ssHOST/%ssGC/%s/%s(\tloggerR%R&tsitet netbios_namet targetdirt use_ntvfstpromote_existingtNonetpromote_from_dntnc_listt full_nc_listtset_gensec_featurestget_gensec_featuresRt FEATURE_SEALRtnettservertinfotfind_dcRRtsamdbtsearchtldbtSCOPE_ONELEVELtLdbErrorRtmynametsamnametstrtget_default_basedntbase_dntget_root_basedntroot_dntget_schema_basednt schema_dntget_config_basednt config_dnRtdom_sidtget_domain_sidtdomsidt forestsidtget_domain_namet domain_nametget_forest_domain_nametforest_domain_nameR tGUIDtuuidtuuid4t invocation_idtget_dsServiceNamet dc_ntds_dntget_dnsHostNametdc_dnsHostNametget_behavior_versiontbehavior_versiont acct_passtsambatgenerate_random_passwordt server_dntntds_dnt dn_existst topology_dntdomain_dns_namet dnsdomaintforest_dns_namet dnsforesttdomaindns_zonetforestdns_zonetget_partitions_dnt dns_backendtlentlowert dnshostnametrealmtacct_dnt tmp_samdbtSPNstnever_reveal_sidt reveal_sidt connection_dntFalsetRODCt krbtgt_dnR t managedbyt subdomaint adminpass(tctxR0R>R%R&R1R2R3tdomaint machinepassR4RqR5tenumtestrt topology_baset res_domaindns((s./usr/lib/python2.7/dist-packages/samba/join.pyR6s              #                      cCs|rpy+|jjd|dtjddg}Wntk rEdSXx'|D]}|j|jdtqMWny|jj|d|GHWntk rnXdS(NR-R*R+R,t recursives Deleted %s( RARBRCRDt Exceptiont del_noerrorR,tTruetdelete(RR,Rtrestr((s./usr/lib/python2.7/dist-packages/samba/join.pyRs+    c CsYyAdGH|jrd}nT|jjd|jjddtj|jddg}|rz|j|dj dt n|jjd|jjdd tjd |j tjd |j fdg}|r|j|dj dt n|jjd|jjdd tjd |j dg}|rnt d tjd |j tjd |j fn|jdk r|j|jn|jdk r|j|jn|j|j|j|jdt |jr|j|jn|jr|j|jn|r>|ddd|_|j|jn|jr@d}tjd|j|f|j|j}tj}tj|_|jdjd|tj }tj!}|j"|_#|j$||tj%}|j&||j'j(tj!}|j)|_#|j$||tj%}|j&||j'j(nWnt*k rTnXdS(s$Remove any DNs from a previous join.schecking sAMAccountNameR-R.ssAMAccountName=%sR+smsDS-krbTgtLinkiRs/(&(sAMAccountName=%s)(servicePrincipalName=%s))sdns-%ssdns/%ss(sAMAccountName=%s)snNot removing account %s which looks like a Samba DNS service account but does not have servicePrincipalName=%ssmsDS-Krbtgtlinktsignsncacn_ip_tcp:%s[%s]tsutf-8N(+RR6RARBRIRCt binary_encodeRGRR,RRFRtt RuntimeErrorR{R~RgRfRit partition_dnt new_krbtgt_dnR tlsarpcR>R&R%tObjectAttributetQosInfotsec_qost OpenPolicy2tdecodeRtSEC_FLAG_MAXIMUM_ALLOWEDtStringRutstringtQueryTrustedDomainInfoByNamet!LSA_TRUSTED_DOMAIN_INFO_FULL_INFOtDeleteTrustedDomaintinfo_extsidRXR(RRtbinding_optionstlsaconnt objectAttrt pol_handletnameR?((s./usr/lib/python2.7/dist-packages/samba/join.pytcleanup_old_joinsd   0  9         c Cs(|jrtdn|jjd|jjddtj|jddddd g}t|d krtd |jnd|d ksd|d ksd |d krtd |jnt |d dd t j j t j j B@d krtd |jn|d j|_dS(s]confirm that the account is just a bare NT4 BDC or a member server, so can be safely promoteds Can not promote into a subdomainR-R.ssAMAccountName=%sR+smsDS-krbTgtLinktuserAccountControltserverReferenceBLtrIDSetReferencesiscCould not find domain member account '%s' to promote to a DC, use 'samba-tool domain join' instead'shAccount '%s' appears to be an active DC, use 'samba-tool domain join' if you must re-create this accountsZAccount %s is not a domain member or a bare NT4 BDC, use 'samba-tool domain join' instead'N(RRRARBRIRCRRGRrtintRdtdsdbtUF_WORKSTATION_TRUST_ACCOUNTtUF_SERVER_TRUST_ACCOUNTR,R7(RR((s./usr/lib/python2.7/dist-packages/samba/join.pytpromote_possibles 02cCsy3|jjd|dtjtjBtjB|_Wn!tk rVtd|nX|jjdk r|jjdkr|jj|_ n|jj S(s(find a writeable DC for the given domainRtflagss-Failed to find a writeable DC for domain '%s'RN( R=tfinddcR tNBT_SERVER_LDAPt NBT_SERVER_DStNBT_SERVER_WRITABLEt cldap_retRt client_siteR6R1t pdc_dns_name(RR((s./usr/lib/python2.7/dist-packages/samba/join.pyR@s3 $cCs^|jjd|jdtjddg}d|dkrPt|dddStjjSdS(NR-R*R+smsDS-Behavior-Versioni( RARBRJRCt SCOPE_BASERRdRtDS_DOMAIN_FUNCTION_2000(RR((s./usr/lib/python2.7/dist-packages/samba/join.pyRas*cCs7|jjdddtjddg}|dddS(NR-RR*R+t dnsHostNamei(RARBRCR(RR((s./usr/lib/python2.7/dist-packages/samba/join.pyR_s'c CsY|jj}|jjd|dtjddgdd|jj}|dddS(s9get netbios name of the domain from the partitions recordR-R*R+t nETBIOSNameR.s ncName=%si(RARpRBRCRDRI(Rt partitions_dnR((s./usr/lib/python2.7/dist-packages/samba/join.pyRUs$c CsY|jj}|jjd|dtjddgdd|jj}|dddS(s9get netbios name of the domain from the partitions recordR-R*R+RR.s ncName=%si(RARpRBRCRDRK(RRR((s./usr/lib/python2.7/dist-packages/samba/join.pyRW#s$c CsN|jjd|jdgdd|jtjtjjf}t |dj S(s7get the parent domain partition DN from parent DNS nameR-R+R.s9(&(objectclass=crossRef)(dnsRoot=%s)(systemFlags:%s:=%u))i( RARBRPtparent_dnsdomainRCtOID_COMPARATOR_ANDRdRtSYSTEM_FLAG_CR_NTDS_DOMAINRHR,(RR((s./usr/lib/python2.7/dist-packages/samba/join.pytget_parent_partition_dn*sc Cs|jjdd|jddgdtjddg}d|dkritd |j|jjfny=tt j tj |j|dddj d }Wn-t k rtd |dddnXd ||jf}|S( s7get the parent domain partition DN from parent DNS nameR-sCN=Partitions,%sR+t fSMORoleOwnerR*tcontrolssextended_dn:1:1is1Can't find naming master on partition DN %s in %sRYs3Can't find GUID in naming master on partition DN %ss %s._msdcs.%s(RARBRPRCRRRR'RHR RYtDntget_extended_componenttKeyErrorRm(RRt master_guidt master_host((s./usr/lib/python2.7/dist-packages/samba/join.pytget_naming_master1s""=  cCsL|jjdddtjddg}|ddd}|jjd|S(shget the SID of the connected user. Only works with w2k8 and later, so only used for RODC joinR-RR*R+t tokenGroupsit objectSID(RARBRCRtschema_format_value(RRtbinsid((s./usr/lib/python2.7/dist-packages/samba/join.pyt get_mysid?s'cCsay(|jjd|dtjdg}Wn2tjk r\\}}|tjkrVtSnXtS(scheck if a DN existsR-R*R+(RARBRCRREtERR_NO_SUCH_OBJECTR|R(RR,RRR((s./usr/lib/python2.7/dist-packages/samba/join.pyRhFs(cCsWd|jGHi|jd6dd6ttjjtjjBd6dd6d|jd 6}|jj|d g|jj d |jd t j d dg}|ddd|_ d|j GHt j }t j|j|j|_t j|jt jd|d<|jj|d|j |jf|_d|j|jfGH|jj|j|jdS(s#RODCs need a special krbtgt accounts Adding %sR,tusert objectclasstuseraccountcontroltTRUEtshowinadvancedviewonlys krbtgt for %st descriptions rodc_join:1:1R-R*R+tsamAccountNameisGot krbtgt_name=%ssmsDS-krbTgtLinksCN=%s,CN=Users,%ssRenaming %s to %sN(R~RHRdRtUF_NORMAL_ACCOUNTtUF_ACCOUNTDISABLERGRAtaddRBRCRt krbtgt_nametMessageRRvR,tMessageElementtFLAG_MOD_REPLACEtmodifyRJRtrename(RtrecRtm((s./usr/lib/python2.7/dist-packages/samba/join.pytadd_krbtgt_accountPs(   *   cCsd}t|jjddkr1|d7}nd|j|f}tj||j|j|_tj|j\|_|_ dS(s.make a DRSUAPI connection to the naming mastertseals log levelis,printsncacn_ip_tcp:%s[%s]N( RR&tgetR>R R%Rt drs_DsBindtdrsuapi_handletbind_supported_extensions(RRtbinding_string((s./usr/lib/python2.7/dist-packages/samba/join.pytdrsuapi_connectms  cCsqt|jd|j|_tdtdd dtd|jd|j dtdt|_ |j j |jd S( s2create a temporary samdb object for schema queriestschemadnR(R't auto_connectR)R&t global_schematam_rodcN( RRSRNt tmp_schemaRRR6R|R%R&Rwt set_schema(R((s./usr/lib/python2.7/dist-packages/samba/join.pytcreate_tmp_samdbvs   cCs.tj}|jj||_d|_dS(s$build a DsReplicaAttributeCtr objectiN(R tDsReplicaAttributeRwtget_attid_from_lDAPDisplayNametattidt value_ctr(Rtattrnamet attrvalueR((s./usr/lib/python2.7/dist-packages/samba/join.pytbuild_DsReplicaAttributes cCs|jd kr|jn|jd kr8|jng}x |D]}tj}|d|_g}xu|D]m}|dkrqqnt||ts||g}n ||}|jj |j||}|j |qqWtj } t || _ || _tj} || _| | _tj} | | _|j | qEWtj} |d| _| j} x!|dD]}|| _|} qwW|jj|jd| \}}|dkr|jtjkrd|jGHtdn|jd krd|jGHtdqn|d kr|jdkrHtd |jn|jjd krd|jj|jj jfGHtdn|jjtjkrd|jjGHtdqn|j!S(s,add a record via the DRSUAPI DsAddEntry callR,iiis!DsAddEntry failed with dir_err %usDsAddEntry failedtWERR_OKs(DsAddEntry failed with status %s info %sisexpected err_ver 1, got %uN(iR(iR("R R6RRwRtDsReplicaObjectIdentifierR,t isinstancetlisttdsdb_DsReplicaAttributetappendtDsReplicaAttributeCtrRrtnum_attributest attributestDsReplicaObjectt identifiert attribute_ctrtDsReplicaObjectListItemtobjecttDsAddEntryRequest2t first_objectt next_objectt DsAddEntryRtdir_errtDRSUAPI_DIRERR_OKRt extended_errterr_verterr_datatstatusR?tobjects(RtrecsRRtidR+tatvtrattrRRt list_objecttreq2tprevtotleveltctr((s./usr/lib/python2.7/dist-packages/samba/join.pyR sf                    !     cCstd|jGHi|jd6dd6ttjjd6|jd6}|j|j|jg}|jtjj krttjj |dd,i|j?d-6|j@d.6|jAd/6tB|j;d06|jd16}x|D]\}} |tjCksytD| d} d2| dGH| d3=| d4=ttjjEtjjB| dRRRtserverReferenceNtnTDSConnectionRtenabledconnectiont65R"t fromServersAdding SPNs to %ss $NTDSGUIDtservicePrincipalNamesSetting account password for %ss((&(objectClass=user)(sAMAccountName=%s))tforce_change_at_next_logintusernamet account_nameRVt newpasswordR-R*R+smsDS-KeyVersionNumberisEnabling accounttBIND9_iisprovision_dns_add_samba.ldift DNSDOMAINtDOMAINDNtHOSTNAMEt DNSPASS_B64tDNSNAMEs#Adding DNS account %s with dns/ SPNtclearTextPasswordtisCriticalSystemObjects#Setting account password for dns-%ss,(&(objectClass=user)(samAccountName=dns-%s))sdns-%s(HRvRGRHRRdRRRtRbtDS_DOMAIN_FUNCTION_2008t ENC_ALL_TYPESR5RRyRzR7RARRRCRt from_dictRRR~RRftSYSTEM_FLAG_CONFIG_ALLOW_RENAMEt%SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVER&RR6R+R,R{R^RR,trangeRrRxtreplaceRt setpasswordRRcR|REtERR_UNWILLING_TO_PERFORMR=t set_passwordRVRBRRtkey_version_numberRqt startswithRetdnspasst parse_ldifRRRkRJRFRtCHANGETYPE_NONEtAssertionErrorRtERR_ENTRY_ALREADY_EXISTStdns_key_version_number( RRRtitnumt_RRt changetypeR!t dns_acct_dn((s./usr/lib/python2.7/dist-packages/samba/join.pytjoin_add_objectss                  +               -                     cCsd|jGHidt|jtjfd6}tj|jd|}i |jd6dd6d|jd 6|j d 6|j d 6|j d 6|j d 6tt jjt jjBd6|d6}|jt jjkrt|j|dR\RjRNRRcRPRtdomain_replica_flagstDRSUAPI_DRS_CRITICAL_ONLYtDRSUAPI_DRS_GET_ANCRJRnRoR8RHRvtDRSUAPI_EXOP_REPL_SECRETRRitsource_dsa_invocation_idtdestination_dsa_guidttransaction_cancelttransaction_commit(RRRt repl_credsRRiR(((s./usr/lib/python2.7/dist-packages/samba/join.pytjoin_replicate sz                   cCstj}tj|_t||j_tjd|j_t j d|j_ |j |_ dt|j |jf|_tjtjB|_|js|jtjO_n|jr|jj|jd|ndS(Ns$00000000-0000-0000-0000-000000000000sS-0-0s %s._msdcs.%si(R tDsReplicaUpdateRefsRequest1Rtnaming_contextRHR,R RYRhRRQRR+t dest_dsa_guidRmtdest_dsa_dns_nametDRSUAPI_DRS_ADD_REFtDRSUAPI_DRS_DEL_REFR"R}RltDsReplicaUpdateRefsR(RR,R((s./usr/lib/python2.7/dist-packages/samba/join.pytsend_DsReplicaUpdateRefs\s    cCst|jjdx|jD]}|j|qW|jrdGH|jjt|j|jj d|j t j }t j |jd|j|_t jt|jt jd|d<|jj||jj|jddn|jjdt j }t j |jd|_t jd t jd |d t dsServiceNameNR(R&sSetting up secrets databaseRRuRkt netbiosnameRwRtsecure_channel_typeRMR;RqROtos_levelR3(,R0R?R8RR}R|RRHR\tset_opaque_integerRbRCRRRgR,RRRRt"set_attribute_replmetadata_versionR+RRR}RRR&RRVRuRkRFRSRcRRMRqRNRR~ROR3RT(RR(RR((s./usr/lib/python2.7/dist-packages/samba/join.pyt join_finaliseksV         $          cCsd|jGHd}tjd|j|f|j|j}tj}tj|_|jdj d|t j }tj }|j |j_|j|j_|j|_tjtjB|_tj|_tj|_ybtj}|j |_|j||tj}d|j |jjfGH|j||jjWntk rLnXt |j!j"d}t#j$} t%|| _&|| _'t#j(} t)j*t+t,j,| _-tj.| _/| | _0t#j1} d| _2| g| _3t#j4} d| _2| | _5t#j6} dgd }x*t7d D]}t8j9d d |||j?|}tj@}t%||_&t ||_AtjB}||_C|jD|||t jE}i d |jF|jGfd 6dd6tH|jd6tH|jd6tH|jd6|jId6|jFd6t=| d6t=| d6t=|jJd6}|jKjL|id|jI|jGfd 6dd6tHt)jMjNd6|j!j"dd6d|jId6}|jKjL|dS(sprovision the local SAM.s"Setup domain trusts with server %sRsncacn_np:%s[%s]sutf-8s)Removing old trust record for %s (SID %s)s utf-16-leiiiiiscn=%s,cn=system,%sR,t trustedDomainRt trustTypettrustAttributesttrustDirectiontflatnamet trustPartnerttrustAuthIncomingttrustAuthOutgoingtsecurityIdentifierscn=%s$,cn=users,%sRRRAs%s$RN(OR>R RR&R%RRRRRRRtTrustDomainInfoInfoExRkRVRR2RSRtLSA_TRUST_DIRECTION_INBOUNDtLSA_TRUST_DIRECTION_OUTBOUNDttrust_directiontLSA_TRUST_TYPE_UPLEVELt trust_typet!LSA_TRUST_ATTRIBUTE_WITHIN_FORESTttrust_attributesRRRRRRRt trustdom_passtencodeR t AuthInfoClearRrtsizetpasswordtAuthenticationInformationRdt unix2nttimeRttimetLastUpdateTimetTRUST_AUTH_TYPE_CLEARtAuthTypetAuthInfotAuthenticationInformationArraytcounttarrayttrustAuthInOutBlobtcurrentttrustDomainPasswordsRHtrandomtrandintt confoundertoutgoingtincomingRRt session_keyt DATA_BUF2tdatatTrustDomainInfoAuthInfoInternalt auth_blobtCreateTrustedDomainEx2tSEC_STD_DELETERmRJRHRXRTR|RRtUF_INTERDOMAIN_TRUST_ACCOUNT(RRRRRR?toldnametoldinfot password_blobt clear_valuet clear_authentication_informationt authentication_information_arrayRt trustpassRRUttrustpass_blobtencrypted_trustpassRt auth_infottrustdom_handleR((s./usr/lib/python2.7/dist-packages/samba/join.pytjoin_setup_trustss                                     cCs}|j|jg|_|j|j|jg|_|jr`|jdkr`|j|jg7_n|js|j|jg7_|jdkr|j|jg7_|j|jg7_|j|jg7_|j|jg7_qn|j r|j n |j yV|j |j |j|jrR|j|j|jn|jWndGH|j nXdS(NR/sJoin failed - cleaning up(RPRNR8RJR9RRqRnRoR5RRRZRRRoRRR(R((s./usr/lib/python2.7/dist-packages/samba/join.pytdo_joins6            N("R"R#t__doc__R6R|RRRRR@RaR_RURWRRRRhRRRRR R)R,RZRoRRRRRRR(((s./usr/lib/python2.7/dist-packages/samba/join.pyR$3sB   j  B           ? # +  ( P  E fc  Cst||||||||| | | | } |jd| j|jd| j|jd| j|jd| jd| j| jf| _d| jt j fdt j dt j dt j dt jg| _d| jt jf| _| j}d|}|| _tjjtjjBtjjB| _| jjd| jd| jgd | j| _tj | _!t"| _#t$j%t$j&Bt$j'Bt$j(Bt$j)Bt$j*B| _+| j+| _,|r| j,t$j-O_,n| j.|jd | j| jfd S( sJoin as a RODC.t workgroupsworkgroup is %sRus realm is %ssCN=krbtgt_%s,CN=Users,%ss ssRestrictedKrbHost/%ssCN=RODC Connection (FRS),%ss$Joined domain %s (SID %s) as an RODCN(/R$tsetRVR?RuRFRJR~RSRtDOMAIN_RID_RODC_DENYtSID_BUILTIN_ADMINISTRATORStSID_BUILTIN_SERVER_OPERATORStSID_BUILTIN_BACKUP_OPERATORStSID_BUILTIN_ACCOUNT_OPERATORSRytDOMAIN_RID_RODC_ALLOWRzRRRdRRt)UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATIONtUF_PARTIAL_SECRETS_ACCOUNTRRxtextendRtRgR{R t SEC_CHAN_RODCRRR}R tDRSUAPI_DRS_INIT_SYNCtDRSUAPI_DRS_PER_SYNCRtDRSUAPI_DRS_NEVER_SYNCEDt%DRSUAPI_DRS_SPECIAL_SECRET_PROCESSINGt$DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIPRcRRR(R0R>R%R&R1R2R3Rtdomain_critical_onlyRR4RqR5Rtmysidtadmin_dn((s./usr/lib/python2.7/dist-packages/samba/join.pyt join_RODC?s<        "   c  Cs1t||||||||| | | | } |jd| j|jd| j|jd| j|jd| jtjjtjjB| _ | j j d| j t j| _tjtjBtjBtjBtjB| _| j| _|r| jtjO_n| j|jd| j| jfdS(s Join as a DC.Rsworkgroup is %sRus realm is %ss1E3514235-4B06-11D1-AB04-00C04FC2DCD2/$NTDSGUID/%ss!Joined domain %s (SID %s) as a DCN(R$RRVR?RuRdRRtUF_TRUSTED_FOR_DELEGATIONRRxRRkR t SEC_CHAN_BDCRR RlRRt!DRSUAPI_DRS_FULL_SYNC_IN_PROGRESSRRcRRRRS(R0R>R%R&R1R2R3RRRR4RqR5R((s./usr/lib/python2.7/dist-packages/samba/join.pytjoin_DCvs     c Cst||||||||| | | }t|_| dkrWtjdd|_n | |_|j|_| |_||_ |j |_ |j |_ ||_ d|j|jf|_|j|_|j|jkr|jd|j|j|_tdd|jdtd|jd |j|_|jjd d d tjd dgdg}|dd|_|jd|jntj||_|j|_t j!|_d|_"d|j#j$|j f|_%tjdd|_&tj'j(tj'j)B|_*|j+j,d|j t-j.|_/t0j1t0j2Bt0j3Bt0j4Bt0j5B|_6|j6|_7|j8|j9jd|j|jfdS(s Join as a DC.i i sCN=%s,CN=Partitions,%ss Reconnecting to naming master %sR's ldap://%sR(R)R&R-RR*R+RRis#DNS name of new naming master is %ss%s.%sis1E3514235-4B06-11D1-AB04-00C04FC2DCD2/$NTDSGUID/%ss"Created domain %s (SID %s) as a DCN(:R$RRR6RdReRRVtparent_domain_nameRuRkRRRfRPRRt naming_masterR>R?RRR%R&RARBRCRtdn_from_dns_nameRJRSRTRt random_sidRvRFRsRtRRRRRRxRR RRR RlRRRRRcRRR0(R0R>R%R&R1R2R3t parent_domainRktnetbios_domainRRR4RqRR((s./usr/lib/python2.7/dist-packages/samba/join.pytjoin_subdomainsL          $       (<Rt samba.authRt samba.samdbRRdRRRRRRCtsysRZt samba.ndrRt samba.dcerpcRR R R R R t samba.dsdbRtsamba.credentialsRRtsamba.provisionRRRRRtsamba.provision.commonRt samba.schemaRRt samba.netRtsamba.provision.sambadnsRRtbase64RtloggingttallocRRtenable_null_trackingRRRR$R6R|RRR (((s./usr/lib/python2.7/dist-packages/samba/join.pytsN(0.(        4