summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-09-19 20:40:17 -0700
committerAndrew Bartlett <abartlet@samba.org>2009-09-20 16:29:37 -0700
commit509a2bb97c5ccb13c4c2f885f3961f2880aceb91 (patch)
treea5f84fafb1447ad505adf41920ef32c6121ff844
parent11bfbc516077d1cead94d0bc70ef24267b9014e7 (diff)
downloadsamba-509a2bb97c5ccb13c4c2f885f3961f2880aceb91.tar.gz
samba-509a2bb97c5ccb13c4c2f885f3961f2880aceb91.tar.bz2
samba-509a2bb97c5ccb13c4c2f885f3961f2880aceb91.zip
s4:provision split provision of DNS zone and self join keytab
-rw-r--r--source4/scripting/python/samba/provision.py14
-rw-r--r--source4/setup/secrets_dc.ldif24
-rw-r--r--source4/setup/secrets_dns.ldif11
-rw-r--r--source4/setup/secrets_self_join.ldif13
4 files changed, 34 insertions, 28 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index fe11b94d67..68a50b2e37 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -669,7 +669,14 @@ def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain,
:param setup_path: Setup path function
:param machinepass: Machine password
"""
- setup_ldb(secretsdb, setup_path("secrets_dc.ldif"), {
+ setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
+ "REALM": realm,
+ "DNSDOMAIN": dnsdomain,
+ "DNS_KEYTAB": dns_keytab_path,
+ "DNSPASS_B64": b64encode(dnspass),
+ })
+
+ setup_ldb(secretsdb, setup_path("secrets_self_join.ldif"), {
"MACHINEPASS_B64": b64encode(machinepass),
"DOMAIN": domain,
"REALM": realm,
@@ -677,9 +684,8 @@ def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain,
"DOMAINSID": str(domainsid),
"SECRETS_KEYTAB": keytab_path,
"NETBIOSNAME": netbiosname,
- "SAM_LDB": samdb_url,
- "DNS_KEYTAB": dns_keytab_path,
- "DNSPASS_B64": b64encode(dnspass),
+ "SALT_PRINCIPAL": "host/%s.%s@%s" % (netbiosname.lower(), dnsdomain.lower(), realm.upper()),
+ "KEY_VERSION_NUMBER": "1"
})
diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
deleted file mode 100644
index b8251eece5..0000000000
--- a/source4/setup/secrets_dc.ldif
+++ /dev/null
@@ -1,24 +0,0 @@
-dn: flatname=${DOMAIN},CN=Primary Domains
-objectClass: top
-objectClass: primaryDomain
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-secret:: ${MACHINEPASS_B64}
-secureChannelType: 6
-sAMAccountName: ${NETBIOSNAME}$
-msDS-KeyVersionNumber: 1
-objectSid: ${DOMAINSID}
-privateKeytab: ${SECRETS_KEYTAB}
-
-#Update a keytab for the external DNS server to use
-dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-realm: ${REALM}
-servicePrincipalName: DNS/${DNSDOMAIN}
-msDS-KeyVersionNumber: 1
-privateKeytab: ${DNS_KEYTAB}
-secret:: ${DNSPASS_B64}
-
diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif
new file mode 100644
index 0000000000..8a19733d19
--- /dev/null
+++ b/source4/setup/secrets_dns.ldif
@@ -0,0 +1,11 @@
+#Update a keytab for the external DNS server to use
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+servicePrincipalName: DNS/${DNSDOMAIN}
+msDS-KeyVersionNumber: 1
+privateKeytab: ${DNS_KEYTAB}
+secret:: ${DNSPASS_B64}
+
diff --git a/source4/setup/secrets_self_join.ldif b/source4/setup/secrets_self_join.ldif
new file mode 100644
index 0000000000..22be0cab0b
--- /dev/null
+++ b/source4/setup/secrets_self_join.ldif
@@ -0,0 +1,13 @@
+dn: flatname=${DOMAIN},CN=Primary Domains
+objectClass: top
+objectClass: primaryDomain
+objectClass: kerberosSecret
+flatname: ${DOMAIN}
+realm: ${REALM}
+secret:: ${MACHINEPASS_B64}
+secureChannelType: 6
+sAMAccountName: ${NETBIOSNAME}$
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
+objectSid: ${DOMAINSID}
+privateKeytab: ${SECRETS_KEYTAB}
+saltPrincipal: ${SALT_PRINCIPAL}