gdSSKJr SSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSK J r J r J r SSKJrJr SSKJrJrJr SSKJr SSKJr SSKJr SS KJr SS KJrJr S S K J!r! SS KJ"r"J#r#J$r$J%r%J&r& SSK'J(r(J)r)J*r*J+r+ S!Sjr,Sr-Sr.Sr/"SS\(5r0"SS\(5r1"SS\(5r2"SS\(5r3"SS\(5r4"SS\(5r5"SS \*5r6g)"N)sd_utils) dnsserverdnspsecurity)ARecord AAAARecord) ndr_unpackndr_pack ndr_print)remove_dns_references)system_session)SamDB) get_bytes) check_callCalledProcessError)common) credentialsdsdbLdbwerror WERRORError)Command CommandError SuperCommandOptioncU(d [R[R/nUHn[R"X 5 g g![Ra M6f=f)z Check ip string is valid addressTF)socketAF_INETAF_INET6 inet_ptonerror) ip_stringaddress_familiesaddress_familys 7/usr/lib/python3/dist-packages/samba/netcmd/computer.py _is_valid_ipr'8sW "NNFOO<*    ^ 7+ ||   sA  A! A!c4[U[R/S9$)z%Check ip string is valid ipv4 addressr$)r'rrr#s r&_is_valid_ipv4r+Gs  V^^4D EEc4[U[R/S9$)z%Check ip string is valid ipv6 addressr))r'rr r*s r&_is_valid_ipv6r.Ls  V__4E FFr,c URS5n[Rn[R[R-nUR 5n Sn [ R"U5n URUSUU US[RUSS5 upU (aW RHnUR HunUR"[R$:Xd UR"[R&:XdMA[R("5nUUlUR+USUU USU5 Mw M UHn[-U5(a)UR/SU<SU <SU<35 [1U5nOS[3U5(a)UR/S U<SU <S U<35 [5U5nO[7S R9U55e[R("5nUUlUR+USUU UUS5 M [;U5S:aw[<R>"US URA5-5nURCU<SU <3US 9unnU REUUS[FRH[FRJ--/S9 gg![a.nURS[R:XaSn SnAGN!SnAff=f![a.nURS[R:waeSnAGM:SnAff=f)z3Add DNS A or AAAA records while creating computer. $TrNFzAdding DNS AAAA record .z for IPv6 IP: zAdding DNS A record z for IPv4 IP: zInvalid IP: {}zDC=DomainDnsZones,%s) dns_partitionz sd_flags:1:%d)controls)&rstriprDNS_CLIENT_VERSION_LONGHORNDNS_RPC_VIEW_AUTHORITY_DATADNS_RPC_VIEW_NO_CHILDRENdomain_dns_namerSDUtilsDnssrvEnumRecords2r DNS_TYPE_ALLrargsr"WERR_DNS_ERROR_NAME_DOES_NOT_EXISTrecrecordswType DNS_TYPE_A DNS_TYPE_AAAADNS_RPC_RECORD_BUFDnssrvUpdateRecord2r.inforr+r ValueErrorformatlenldbDnget_default_basedn dns_lookupmodify_sd_on_dnr SECINFO_OWNER SECINFO_GROUP)samdbnamedns_connchange_owner_sdserverip_address_listloggerclient_version select_flagszone name_found sd_helperbuflenreser>record del_rec_buf ip_address add_rec_bufdomaindns_zone_dndns_a_dn ldap_records r&add_dns_recordsrfQs ;;s D::N889;];]]L  "DJ  'I11              77C++<<4??2flldFXFX6X"+">">"@K&,KO " 44*"   ' &(& * % % KKdJ( )Z(C J ' ' KKdJ( )*%C-44Z@A A 224  $$       !&4 Oq FF  "U%=%=%? ?  !& 0 0T "+!1! + !!  %)?)?(BXBX)XYZ "  !g  66!9AA AJ*'"66!9(Q(QQ!R"s0,*JJ? J<#J77J<? K7 "K22K7c \rSrSrSrSr\"SSS\SSS 9\"S S \S 9\"S S\S 9\"SSSS9\"SSSSS9\"SSSSS9/rS/r \ R\ R\ RS.rS SjrSrg)!cmd_computer_adda+Add a new computer. This command adds a new computer account to the Active Directory domain. The computername specified on the command is the sAMaccountName without the trailing $ (dollar sign). Computer accounts may represent physical entities, such as workstations. Computer accounts are also referred to as security principals and are assigned a security identifier (SID). Example1: samba-tool computer add Computer1 -H ldap://samba.samdom.example.com \ -Uadministrator%passw1rd Example1 shows how to add a new computer to the domain against a remote LDAP server. The -H parameter is used to specify the remote target server. The -U option is used to pass the userid and password authorized to issue the command remotely. Example2: sudo samba-tool computer add Computer2 Example2 shows how to add a new computer to the domain against the local server. sudo is used so a user may run the command as root. Example3: samba-tool computer add Computer3 --computerou='OU=OrgUnit' Example3 shows how to add a new computer in the OrgUnit organizational unit. %prog [options]-H--URL%LDB URL for database or target serverURLHhelptypemetavardestz --computerouzDN of alternative location (with or without domainDN counterpart) to default CN=Computers in which new computer object will be created. E.g. 'OU='rqrrz --descriptionzComputer's descriptionz--prepare-oldjoinz5Prepare enabled machine account for oldjoin mechanism store_true)rqactionz --ip-addressrUziIPv4 address for the computer's A record, or IPv6 address for AAAA record, can be provided multiple timesappend)rtrqrwz--service-principal-nameservice_principal_name_listzAComputer's Service Principal Name, can be provided multiple times computername sambaoptscredopts versionoptsNc U c/n U c/n U H-n [U 5(aM[SRU 55e UR5n UR U 5n [ U[ 5XS9nURXUUU U S9 U (Gas[R"SSU5nURS5(a[SU-5eSR[R"U55nURUR5[RUS S /S 9nUS S S n[!["R$US S S 5n[&R&"S RUR)55X5n["R*"5nUUl["R$"SRUR/5U55Ul[3XUUUR)5XR555 UR8R;SU-5 g![6an[SU-U5eSnAff=f)NzInvalid IP address {}url session_inforlp) computerou descriptionprepare_oldjoinrUryz\$$r0zIllegal computername "%s"z-(&(sAMAccountName={}$)(objectclass=computer))primaryGroupID objectSidbasescope expressionattrsrzncacn_ip_tcp:{}[sign]z{}-{}zFailed to add computer '%s': z!Computer '%s' added successfully )r'rrG get_loadparmget_credentialsrr newcomputerresubcountrI binary_encodesearch domain_dn SCOPE_SUBTREEr rdom_sidr host_dns_name descriptor owner_sidget_domain_sid group_sidrf get_logger Exceptionoutfwrite)selfrzr}r|r~rorrrrUryrarcredsrPhostnamefiltersrecsgroupownerrRrSr^s r&runcmd_computer_add.runs;  " O & .*, '*J ++"#:#A#A*#MNN* # # %((,. 0an.>&+4E   l*5.=.=:U  66&"l;>>#&&&'B\'QRRIPP%%h/1||*++&+[9 $; Q 01!4"8#3#3T!W[5I!5LM$..+2253F3F3HI#+"5"5"7,1),4,<,<NN5#7#7#95A-) X#U%8%8%:#__%68 <|KL  0>+ ,-.0 0 0s F!H H>*H99H>) NNNNNNFNN__name__ __module__ __qualname____firstlineno____doc__synopsisrstr takes_options takes_argsoptions SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsr__static_attributes__rr,r&rhrhs>0H tW#JS 2~L   %=CH"K" $ ~%  )1&  %M2!!J))..-- LPGL>BBMr,rhc \rSrSrSrSr\"SSS\SSS 9/rS /r \ R\ R\ RS .rSS jrSrg )cmd_computer_deletei7afDelete a computer. This command deletes a computer account from the Active Directory domain. The computername specified on the command is the sAMAccountName without the trailing $ (dollar sign). Once the account is deleted, all permissions and memberships associated with that account are deleted. If a new computer account is added with the same name as a previously deleted account name, the new computer does not have the previous permissions. The new account computer will be assigned a new security identifier (SID) and permissions and memberships will have to be added. The command may be run from the root userid or another authorized userid. The -H or --URL= option can be used to execute the command against a remote server. Example1: samba-tool computer delete Computer1 -H ldap://samba.samdom.example.com \ -Uadministrator%passw1rd Example1 shows how to delete a computer in the domain against a remote LDAP server. The -H parameter is used to specify the remote target server. The --computername= and --password= options are used to pass the computername and password of a computer that exists on the remote server and is authorized to issue the command on that server. Example2: sudo samba-tool computer delete Computer2 Example2 shows how to delete a computer in the domain against the local server. sudo is used so a computer may run the command as root. rjrkrlrmrnrorprzr{NcJUR5nURUSS9n[U[5XvS9nUn UR S5(dSU-n S[ R "U 5[R4-n URUR5[ RU SS/S 9n U S Rn [U S SS 5n SU S ;a[U S SS 5nOSnU [R"-nU(d[!S U-5eUR%U 5 U(a['XR)5USS 9 UR,R/SU-5 g![a [!S U-5ef=f![*an[!SU -U5eSnAff=f)NTfallback_machinerr0%s$)(&(sAMAccountName=%s)(sAMAccountType=%u))userAccountControl dNSHostNamerrUnable to find computer "%s"zNFailed to remove computer "%s": Computer is not a workstation - removal denied)ignore_no_namezFailed to remove computer "%s"zDeleted computer %s )rrrr endswithrIrrATYPE_WORKSTATION_TRUSTrrrdnintr IndexErrorrUF_WORKSTATION_TRUST_ACCOUNTdeleter rrrr)rrzr}r|r~rorrrPsamaccountnamefilterr] computer_dn computer_accomputer_dns_host_namecomputer_is_workstationr^s r&rcmd_computer_delete.rungs  # # %((d(C!.*:"'0&$$S))"\1N=$$^4//11 N,,EOO$5%(%6%6*0&:M%JLCa&))Kc!f%9:1=>KA&),SVM-B1-E)F&)-& $;; ; & P!- ./ / 2 LL %%%??,.D#') /,>?% N= LM M N 2?- ./02 2 2s+;A0E(,E(1F(F F"FF"rNNNNrrr,r&rr7si B0H tW#JS 2M !!J))..-- :> $,@r,rc \rSrSrSrSr\"SSS\SSS 9\"S S \S 9/rS /r \ R\ R\ RS.rSSjrSrg)cmd_computer_editiaModify Computer AD object. This command will allow editing of a computer account in the Active Directory domain. You will then be able to add or change attributes and their values. The computername specified on the command is the sAMaccountName with or without the trailing $ (dollar sign). The command may be run from the root userid or another authorized userid. The -H or --URL= option can be used to execute the command against a remote server. Example1: samba-tool computer edit Computer1 -H ldap://samba.samdom.example.com \ -U administrator --password=passw1rd Example1 shows how to edit a computers attributes in the domain against a remote LDAP server. The -H parameter is used to specify the remote target server. Example2: samba-tool computer edit Computer2 Example2 shows how to edit a computers attributes in the domain against a local LDAP server. Example3: samba-tool computer edit Computer3 --editor=nano Example3 shows how to edit a computers attributes in the domain against a local LDAP server using the 'nano' editor. rjrkrlrmrnrorpz--editorzQEditor to use instead of the system default, or 'vi' if no system default is set.rurzr{NctUR5nURUSS9n[U[5XS9n Un UR S5(dSU-n S[ R [R"U 54-n U R5n U RU U [RS9n U SRn[U 5S :wa[S U[U 54-5eU Sn[ R""X5nUc$[$R&R)S 5nUcS n[*R,"SS9nUR/[1U55 UR35 [5UUR6/5 [;UR65nUR=5nSSS5 SSS5 U R?W5n[AU5S nU RCUU5n[U5S:XaURDR/S5 gU RGU5 URDR/SU-5 g![a [S U-5ef=f![8an[9SU5eSnAff=f!,(df  N=f!,(df  N=f![Han[SU-U5eSnAff=f)NTrrr0r)(&(sAMAccountType=%d)(sAMAccountName=%s))rrrrrrz'Invalid number of results: for "%s": %dEDITORviz.tmp)suffixzERROR: zNothing to do z Failed to modify computer '%s': z$Modified computer '%s' successfully )%rrrr rrrrIrrrrrrrrHrget_ldif_for_editorosenvirongettempfileNamedTemporaryFilerrflushrrQropenread parse_ldifnextmsg_diffrmodifyr)rrzr}r|r~roeditorrrrPrrdomaindnr]rmsg result_ldift_filer^ edited_fileedited_message msgs_edited msg_edited res_msg_diffs r&rcmd_computer_edit.runs  # # %((d(C!.*:"'0&$$S))"\1N=//$$^466??$ P,,H*0%(%6%68Ca&))K s8q=H!-C9 :; ;!f00< >ZZ^^H-F~  ( ( 76 LL;/ 0 LLN 7FFKK01fkk"k!,!1!1!3#8&&~6 +&q) ~~c:6 |  ! IIOO- .  0 LL & ?,NOO P=NO O P(& 7(A66 7""8 7( 0A+ ,-.0 0 0sl .H=7+J#I:JI7 J J=I I4# I//I44J7 J J J J7#J22J7rNNNNNrrr,r&rrs~"F0H tW#JS 2z!7=@ BM!!J))..-- LP=Pr,rc \rSrSrSrSr\"SSS\SSS 9\"S S S \S 9\"SSSSSS9/r\ R\ R\ RS.r SSjrSrg)cmd_computer_listi zList all computers.z%prog [options]rkrlrmrnrorpz-bz --base-dnzSpecify base DN to useruz --full-dnfull_dnFrvz)Display DN instead of the sAMAccountName.)rtdefaultrwrqr{Nc UR5nURUSS9n[U[5XS9n S[R -n U R 5n U(aU RU5n U RU [RU S/S9n [U 5S:XagU Hen U(a/URRSU RS 5-5 M9URRSU RSSS 9-5 Mg g) NTrrz(sAMAccountType=%u)r)rrrrz%s r)idx)rrrr rrrnormalize_dn_in_domainrrIrrHrrr)rr|r}r~robase_dnrrrrPr search_dnr]rs r&rcmd_computer_list.run s # # %((d(C!.*:"'0'$*F*FGOO% 44W=Ill9!$!2!2&,"2!35 HM C  67 IIOOFSWW-=1W%EE F r,r)NNNNNF)rrrrrrrrrrrrrrrrrr,r&rr s H tW#JS 2t[,  {"? A M))..-- Gr,rc \rSrSrSrSr\"SSS\SSS 9\"S S \S S 9/rS/r \ R\ R\ RS.rSSjrSrg)cmd_computer_showiBaDisplay a computer AD object. This command displays a computer account and it's attributes in the Active Directory domain. The computername specified on the command is the sAMAccountName. The command may be run from the root userid or another authorized userid. The -H or --URL= option can be used to execute the command against a remote server. Example1: samba-tool computer show Computer1 -H ldap://samba.samdom.example.com \ -U administrator Example1 shows how display a computers attributes in the domain against a remote LDAP server. The -H parameter is used to specify the remote target server. Example2: samba-tool computer show Computer2 Example2 shows how to display a computers attributes in the domain against a local LDAP server. Example3: samba-tool computer show Computer2 --attributes=objectSid,operatingSystem Example3 shows how to display a computers objectSid and operatingSystem attribute. rjrkrlrmrnrorpz --attributesz:Comma separated list of attributes, which will be printed.computer_attrs)rqrrrtrzr{NcVUR5nURUSS9n[U[5XS9n Sn U(aUR S5n Un UR S5(dSU-n S[ R[R"U 54-n U R5n U RX[RU S9nUS RnUH5n[ R""U U5nUR$R'U5 M7 g![a [S U -5ef=f) NTrr,r0rr)rrrrrr)rrrr splitrrrrIrrrrrrrrrrr)rrzr}r|r~rorrrrPrrrrr]rr computer_ldifs r&rcmd_computer_show.runvs3 # # %((d(C!.*:"'0 "((-E%$$S))"\1N=//$$^466??$ /,,H%(%6%6eECa&))K C"66ucBM IIOOM *  /=- ./ / /s %.DD(rrrrr,r&rrBs B0H tW#JS 2~.. 0M!!J))..-- LP#' +r,rc \rSrSrSrSr\"SSS\SSS 9/rS S /r \ R\ R\ RS .rSSjrSrg )cmd_computer_moveiz4Move a computer to an organizational unit/container.z*%prog [options]rkrlrmrnrorprz new_ou_dnr{NcUR5nURUSS9n[U[5XS9n [R "XR 55n Un URS5(dSU-n S[R"U 5[R4-n U RU U [RS9n U SRn[R "X5nUR!U 5(dUR#U 5 [R "U [%U55nUR'[)U5S - 5 UR#U5 U R+UU5 UR.R1S U<S U<S35 g![a [S U-5ef=f![,an[S U-U5eSnAff=f)NTrrr0rrrrrrzFailed to move computer "%s"zMoved computer "z" to "z" )rrrr rIrJrrrrrrrrrr is_child_ofadd_baserremove_base_componentsrHrenamerrr)rrzr r}r|r~rorrrPrrrr]rfull_new_ou_dnnew_computer_dnr^s r&rcmd_computer_move.runs  # # %((d(C!.*:"'0FF5//"34 %$$S))"\1N=$$^4//11 P,,I*0%(%6%68Ca&))K1)))44  # #I .&&K(89..s;/?/BC  0 Q LLo 6 %y2 3 P=NO O P Q= LaP P Qs$.FF,F), G 6GG rrrrr,r&r r sg>;H tW#JS 2M !+.J))..-- EI $"3r,r c\rSrSrSr0r\"5\S'\"5\S'\"5\S'\"5\S'\ "5\S'\ "5\S'\ "5\S 'S r g ) cmd_computerizComputer management.addcreatereditlistshowmoverN) rrrrr subcommandsrhrrrrr rrr,r&rrseK)+K,.K/1K+-K+-K+-K+-Kr,r)N)7 samba.getoptgetoptrrIrsambarrrr samba.dcerpcrrrsamba.dnsserverrr samba.ndrr r r samba.remove_dcr samba.authr samba.samdbr samba.commonr subprocessrrrrrrrrr samba.netcmdrrrrr'r+r.rfrhrrrrr rrr,r&r*s. 22/551%"5 F G [ |EMwEMP\@'\@~qPqPf6G6GrT+T+n3333l .< .r,