diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-07-05 06:15:40 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:59:08 -0500 |
commit | 967866f17084df7a78ed6ecfcb9d2b31deaa28a1 (patch) | |
tree | 0827759af3160905337f746044bbadbfb62d0773 /source4 | |
parent | cc0756c3020ff4e1c7cc3f5945155b3375e9b608 (diff) | |
download | samba-967866f17084df7a78ed6ecfcb9d2b31deaa28a1.tar.gz samba-967866f17084df7a78ed6ecfcb9d2b31deaa28a1.tar.bz2 samba-967866f17084df7a78ed6ecfcb9d2b31deaa28a1.zip |
r23720: Allow the member server to work against an LDAP Backend. Another case
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal. (Easier to just skip the useless self-join).
Andrew Bartlett
(This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/libjs/provision.js | 10 | ||||
-rw-r--r-- | source4/selftest/Samba4.pm | 6 | ||||
-rw-r--r-- | source4/setup/provision_self_join.ldif | 23 | ||||
-rw-r--r-- | source4/setup/provision_users.ldif | 23 |
4 files changed, 37 insertions, 25 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 323c7cdacb..deaa97114a 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -700,6 +700,11 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda message("Setting up sam.ldb users and groups\n"); setup_add_ldif("provision_users.ldif", info, samdb, false); + if (lp.get("server role") == "domain controller") { + message("Setting up self join\n"); + setup_add_ldif("provision_self_join.ldif", info, samdb, false); + } + if (setup_name_mappings(info, samdb) == false) { return false; } @@ -769,6 +774,11 @@ function provision_schema(subobj, message, tmp_schema_path, paths) /* Write out a DNS zone file, from the info in the current database */ function provision_dns(subobj, message, paths, session_info, credentials) { + var lp = loadparm_init(); + if (lp.get("server role") != "domain controller") { + message("No DNS zone required for role %s\n", lp.get("server role")); + return; + } message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n"); var ldb = ldb_init(); ldb.session_info = session_info; diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm index ec34358e0a..1da0439757 100644 --- a/source4/selftest/Samba4.pm +++ b/source4/selftest/Samba4.pm @@ -281,6 +281,8 @@ sub provision($$$$$$) $localdomain = $netbiosname if $server_role eq "member server"; my $localrealm = $realm; $localrealm = $netbiosname if $server_role eq "member server"; + my $localbasedn = $basedn; + $localbasedn = "DC=$netbiosname" if $server_role eq "member server"; open(CONFFILE, ">$conffile"); print CONFFILE " @@ -400,7 +402,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi push (@provision_options, "--krbtgtpass=krbtgt$password"); push (@provision_options, "--machinepass=machine$password"); push (@provision_options, "--root=$root"); - push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn"); + push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn"); push (@provision_options, "--password=$password"); push (@provision_options, "--root=$root"); @@ -430,7 +432,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi if (defined($self->{ldap})) { push (@provision_options, "--ldap-backend=$ldap_uri"); - system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); + system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$localrealm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); if ($self->{ldap} eq "openldap") { ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories"); diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif new file mode 100644 index 0000000000..5ebc87b106 --- /dev/null +++ b/source4/setup/provision_self_join.ldif @@ -0,0 +1,23 @@ +#Join the DC to itself by default + +dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} +objectClass: computer +cn: ${NETBIOSNAME} +userAccountControl: 532480 +localPolicyFlags: 0 +primaryGroupID: 516 +accountExpires: 9223372036854775807 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +isCriticalSystemObject: TRUE +sambaPassword: ${MACHINEPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: HOST/${DNSNAME}/${REALM} +servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} +servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} +servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} +${HOSTGUID_ADD} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index d00570b121..f1244fe8a1 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -67,29 +67,6 @@ privilege: SeInteractiveLogonRight privilege: SeNetworkLogonRight privilege: SeRemoteInteractiveLogonRight - -dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} -objectClass: computer -cn: ${NETBIOSNAME} -userAccountControl: 532480 -localPolicyFlags: 0 -primaryGroupID: 516 -accountExpires: 9223372036854775807 -sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 -operatingSystem: Samba -operatingSystemVersion: 4.0 -dNSHostName: ${DNSNAME} -isCriticalSystemObject: TRUE -sambaPassword: ${MACHINEPASS} -servicePrincipalName: HOST/${DNSNAME} -servicePrincipalName: HOST/${NETBIOSNAME} -servicePrincipalName: HOST/${DNSNAME}/${REALM} -servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} -servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} -servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} -${HOSTGUID_ADD} - dn: CN=Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group |