diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-09-24 23:25:49 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-26 01:21:49 +0000 |
commit | b8444b64a32d698b01acce2a1307723cc69a472b (patch) | |
tree | 7779549492310c5a89ab2383f4e604d55c3f9c48 /source4/setup/provision_dns_add.ldif | |
parent | 00791652f4a4894ecffbca38d1f9bb4584fb2635 (diff) | |
download | samba-b8444b64a32d698b01acce2a1307723cc69a472b.tar.gz samba-b8444b64a32d698b01acce2a1307723cc69a472b.tar.bz2 samba-b8444b64a32d698b01acce2a1307723cc69a472b.zip |
s4-provision: switch to dns-HOSTNAME instead of dns
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/setup/provision_dns_add.ldif')
-rw-r--r-- | source4/setup/provision_dns_add.ldif | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif index ac818a573d..a0a8187030 100644 --- a/source4/setup/provision_dns_add.ldif +++ b/source4/setup/provision_dns_add.ldif @@ -88,15 +88,19 @@ dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwDqAHg== # NOTE: This account is SAMBA4 specific! -dn: CN=dns,CN=Users,${DOMAINDN} +# we have it to avoid the need for the bind daemon to +# have access to the whole secrets.keytab for the domain, +# otherwise bind could impersonate any user +dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN} objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user -description: DNS Service Account +description: DNS Service Account for ${HOSTNAME} userAccountControl: 514 accountExpires: 9223372036854775807 -sAMAccountName: dns +sAMAccountName: dns-${HOSTNAME} +servicePrincipalName: DNS/${DNSNAME} servicePrincipalName: DNS/${DNSDOMAIN} userPassword:: ${DNSPASS_B64} isCriticalSystemObject: TRUE |