summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-11 13:39:31 +1000
committerAndrew Tridgell <tridge@samba.org>2009-09-11 14:07:22 +1000
commitd26c42f5bfd212c18d53f439030fd830ecab2cf3 (patch)
tree4f52d3a68f8c06839d72c43b1af1c7316113e15a
parentfdb8758e698e6df602b14ad7abe1152a2551e706 (diff)
downloadsamba-d26c42f5bfd212c18d53f439030fd830ecab2cf3.tar.gz
samba-d26c42f5bfd212c18d53f439030fd830ecab2cf3.tar.bz2
samba-d26c42f5bfd212c18d53f439030fd830ecab2cf3.zip
s4/provision: add the nTDSDSA GUID based DNS entries and SPNs
The DNS entries and SPNs are needed for samba<->samba DRS replication. This patch adds them for a standalone DC configure. A separate patch will add them for the vampire configure
-rw-r--r--source4/scripting/python/samba/provision.py28
-rw-r--r--source4/setup/provision.zone5
-rw-r--r--source4/setup/provision_self_join_modify.ldif6
3 files changed, 27 insertions, 12 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index cb485c32e3..2495299e62 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -791,14 +791,23 @@ def setup_self_join(samdb, names,
"DNSDOMAIN": names.dnsdomain,
"DOMAINSID": str(domainsid),
"DOMAINDN": names.domaindn})
+
+ # add the NTDSGUID based SPNs
+ ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+ names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
+ expression="", scope=SCOPE_BASE)
+ assert isinstance(names.ntdsguid, str)
# Setup fSMORoleOwner entries to point at the newly created DC entry
setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
+ "DOMAIN": names.domain,
"DOMAINDN": names.domaindn,
"CONFIGDN": names.configdn,
"SCHEMADN": names.schemadn,
"DEFAULTSITE": names.sitename,
- "SERVERDN": names.serverdn
+ "SERVERDN": names.serverdn,
+ "NETBIOSNAME": names.netbiosname,
+ "NTDSGUID": names.ntdsguid
})
@@ -980,6 +989,11 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
domainsid=domainsid, policyguid=policyguid,
setup_path=setup_path,
domainControllerFunctionality=domainControllerFunctionality)
+ # add the NTDSGUID based SPNs
+ ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+ names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
+ expression="", scope=SCOPE_BASE)
+ assert isinstance(names.ntdsguid, str)
except:
samdb.transaction_cancel()
@@ -1194,16 +1208,12 @@ def provision(setup_dir, message, session_info,
domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
assert isinstance(domainguid, str)
- hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
- expression="(&(objectClass=computer)(cn=%s))" % names.hostname,
- scope=SCOPE_SUBTREE)
- assert isinstance(hostguid, str)
create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
domaindn=names.domaindn, hostip=hostip,
hostip6=hostip6, hostname=names.hostname,
dnspass=dnspass, realm=names.realm,
- domainguid=domainguid, hostguid=hostguid)
+ domainguid=domainguid, ntdsguid=names.ntdsguid)
create_named_conf(paths.namedconf, setup_path, realm=names.realm,
dnsdomain=names.dnsdomain, private_dir=paths.private_dir)
@@ -1804,7 +1814,7 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri):
def create_zone_file(path, setup_path, dnsdomain, domaindn,
hostip, hostip6, hostname, dnspass, realm, domainguid,
- hostguid):
+ ntdsguid):
"""Write out a DNS zone file, from the info in the current database.
:param path: Path of the new zone file.
@@ -1817,7 +1827,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
:param dnspass: Password for DNS
:param realm: Realm name
:param domainguid: GUID of the domain.
- :param hostguid: GUID of the host.
+ :param ntdsguid: GUID of the hosts nTDSDSA record.
"""
assert isinstance(domainguid, str)
@@ -1845,7 +1855,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
"DOMAINGUID": domainguid,
"DATESTRING": time.strftime("%Y%m%d%H"),
"DEFAULTSITE": DEFAULTSITE,
- "HOSTGUID": hostguid,
+ "NTDSGUID": ntdsguid,
"HOSTIP6_BASE_LINE": hostip6_base_line,
"HOSTIP6_HOST_LINE": hostip6_host_line,
})
diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone
index e7d600df87..9e312dcd51 100644
--- a/source4/setup/provision.zone
+++ b/source4/setup/provision.zone
@@ -15,10 +15,10 @@ ${HOSTIP_BASE_LINE}
${HOSTIP6_HOST_LINE}
${HOSTIP_HOST_LINE}
gc._msdcs IN CNAME ${HOSTNAME}
-${HOSTGUID}._msdcs IN CNAME ${HOSTNAME}
+${NTDSGUID}._msdcs IN CNAME ${HOSTNAME}
;
; global catalog servers
-_gc._tcp IN SRV 0 100 3268 ${HOSTNAME}
+_gc._tcp IN SRV 2 100 3268 ${HOSTNAME}
_gc._tcp.${DEFAULTSITE}._sites IN SRV 0 100 3268 ${HOSTNAME}
_ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME}
@@ -27,7 +27,6 @@ _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME}
-_ldap._tcp.${DOMAINGUID} IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp.${DEFAULTSITE}._sites IN SRV 0 100 389 ${HOSTNAME}
_ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME}
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index 4ba291f06f..200fc6c6d9 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -27,3 +27,9 @@ dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
changetype: modify
replace: interSiteTopologyGenerator
interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+changetype: modify
+add: servicePrincipalName
+servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DOMAIN}
+servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DOMAIN}