r24729: First try and publishing a DNS service account, for folks to play with.

The keytab in dns.keytab should (I hope) do the job. Andrew Bartlett (This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb)
author: Andrew Bartlett <abartlet@samba.org> 2007-08-28 04:28:02 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 15:02:58 -0500
commit: 73388ce54c5910ee407af6b70e25597d0b696a58 (patch)
tree: 346cce5e112945c2f7792d63d1c063972cec8341 /source4/setup
parent: 2fefa818a95138fc7d6508093f426cb4ed92138f (diff)
download: samba-73388ce54c5910ee407af6b70e25597d0b696a58.tar.gz
samba-73388ce54c5910ee407af6b70e25597d0b696a58.tar.bz2
samba-73388ce54c5910ee407af6b70e25597d0b696a58.zip
3 files changed, 31 insertions, 0 deletions
diff --git a/source4/setup/provision b/source4/setup/provision
index ddb424477b..f6b9cde188 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -24,6 +24,7 @@ options = GetOptions(ARGV,
 		'adminpass=s',
 		'krbtgtpass=s',
 		'machinepass=s',
+		'dnspass=s',
 		'root=s',
 		'nobody=s',
 		'nogroup=s',
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index dcb9ef14fa..60a26c1ebf 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -205,6 +205,22 @@ servicePrincipalName: kadmin/changepw
 isCriticalSystemObject: TRUE
 sambaPassword: ${KRBTGTPASS}
 
+dn: CN=dns,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: dns
+description: DNS Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+sAMAccountType: 805306368
+servicePrincipalName: DNS/${DNSDOMAIN}
+isCriticalSystemObject: TRUE
+sambaPassword: ${DNSPASS}
+
 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index ef5cb695d0..8c61c06a54 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -38,3 +38,17 @@ objectSid: ${DOMAINSID}
 servicePrincipalName: kadmin/changepw
 krb5Keytab: HDB:ldb:${SAM_LDB}:
 #The trailing : here is a HACK, but it matches the Heimdal format. 
+
+# A hook from our credentials system into HDB, as we must be on a KDC,
+# we can look directly into the database.
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+privateKeytab: ${DNS_KEYTAB}
+secret: ${DNSPASS}
+
author	Andrew Bartlett <abartlet@samba.org>	2007-08-28 04:28:02 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 15:02:58 -0500
commit	73388ce54c5910ee407af6b70e25597d0b696a58 (patch)
tree	346cce5e112945c2f7792d63d1c063972cec8341 /source4/setup
parent	2fefa818a95138fc7d6508093f426cb4ed92138f (diff)
download	samba-73388ce54c5910ee407af6b70e25597d0b696a58.tar.gz samba-73388ce54c5910ee407af6b70e25597d0b696a58.tar.bz2 samba-73388ce54c5910ee407af6b70e25597d0b696a58.zip