summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Kroeger <andrew@sprocks.gotdns.com>2008-05-17 23:20:35 -0500
committerAndrew Kroeger <andrew@sprocks.gotdns.com>2008-05-18 01:54:56 -0500
commit18aa2d58ed684bd091084b87f7e93c4656ffaabe (patch)
treecc9155f68e3c28c3ada43847e5572f0f52dd7e4e
parentc3fcc909c952a4fe914aa0ea1cb2a752911f7fb1 (diff)
downloadsamba-18aa2d58ed684bd091084b87f7e93c4656ffaabe.tar.gz
samba-18aa2d58ed684bd091084b87f7e93c4656ffaabe.tar.bz2
samba-18aa2d58ed684bd091084b87f7e93c4656ffaabe.zip
provision: Allow DNS GSS-TSIG updates to work.
This change ensures the KVNO of the principal in secrets.ldb (which is also exported to the dns.keytab) matches the KVNO associated with the "dns" user. Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the dns.keytab was 0. KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora) consider KVNO == 0 as a sign to ignore that particular key. (This used to be commit 572efc8e65457a982a8cbb04d3b10e3aae22d574)
-rw-r--r--source4/setup/secrets_dc.ldif1
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
index 71c7fc2f5b..abc5860cf7 100644
--- a/source4/setup/secrets_dc.ldif
+++ b/source4/setup/secrets_dc.ldif
@@ -33,6 +33,7 @@ objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
servicePrincipalName: DNS/${DNSDOMAIN}
+msDS-KeyVersionNumber: 1
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}