summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-12-24 08:56:50 +1100
committerStefan Metzmacher <metze@samba.org>2013-09-04 07:06:05 +0200
commitb106d9090e8f8f44f02059d2ced3d10066787060 (patch)
tree34ae704d7bc844869d59d4e1e363842da66c75be /source4
parentbdab6f9431715fbfd28f8cc0dfb4dde2966f22f3 (diff)
downloadsamba-b106d9090e8f8f44f02059d2ced3d10066787060.tar.gz
samba-b106d9090e8f8f44f02059d2ced3d10066787060.tar.bz2
samba-b106d9090e8f8f44f02059d2ced3d10066787060.zip
scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rwxr-xr-xsource4/scripting/bin/samba_upgradedns11
-rw-r--r--source4/setup/secrets_dns.ldif2
2 files changed, 11 insertions, 2 deletions
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index b7af98c30d..9c1a6b4d5a 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -436,10 +436,19 @@ if __name__ == '__main__':
"DNSNAME" : dnsname }
)
+ res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+ expression='(sAMAccountName=dns-%s)' % (hostname),
+ attrs=["msDS-KeyVersionNumber"])
+ if "msDS-KeyVersionNumber" in res[0]:
+ dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
+ else:
+ dns_key_version_number = None
+
secretsdb_setup_dns(ldbs.secrets, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
+ key_version_number=dns_key_version_number)
else:
logger.info("dns-%s account already exists" % hostname)
diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif
index 67fd66b057..192c06d286 100644
--- a/source4/setup/secrets_dns.ldif
+++ b/source4/setup/secrets_dns.ldif
@@ -5,7 +5,7 @@ objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
servicePrincipalName: DNS/${DNSNAME}
-msDS-KeyVersionNumber: 1
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}
samAccountName: dns-${HOSTNAME}