diff options
| -rw-r--r-- | source4/scripting/libjs/provision.js | 10 | ||||
| -rw-r--r-- | source4/selftest/Samba4.pm | 6 | ||||
| -rw-r--r-- | source4/setup/provision_self_join.ldif | 23 | ||||
| -rw-r--r-- | source4/setup/provision_users.ldif | 23 |
4 files changed, 37 insertions, 25 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 323c7cdacb..deaa97114a 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -700,6 +700,11 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda message("Setting up sam.ldb users and groups\n"); setup_add_ldif("provision_users.ldif", info, samdb, false); + if (lp.get("server role") == "domain controller") { + message("Setting up self join\n"); + setup_add_ldif("provision_self_join.ldif", info, samdb, false); + } + if (setup_name_mappings(info, samdb) == false) { return false; } @@ -769,6 +774,11 @@ function provision_schema(subobj, message, tmp_schema_path, paths) /* Write out a DNS zone file, from the info in the current database */ function provision_dns(subobj, message, paths, session_info, credentials) { + var lp = loadparm_init(); + if (lp.get("server role") != "domain controller") { + message("No DNS zone required for role %s\n", lp.get("server role")); + return; + } message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n"); var ldb = ldb_init(); ldb.session_info = session_info; diff --git a/source4/selftest/Samba4.pm b/source4/selftest/Samba4.pm index ec34358e0a..1da0439757 100644 --- a/source4/selftest/Samba4.pm +++ b/source4/selftest/Samba4.pm @@ -281,6 +281,8 @@ sub provision($$$$$$) $localdomain = $netbiosname if $server_role eq "member server"; my $localrealm = $realm; $localrealm = $netbiosname if $server_role eq "member server"; + my $localbasedn = $basedn; + $localbasedn = "DC=$netbiosname" if $server_role eq "member server"; open(CONFFILE, ">$conffile"); print CONFFILE " @@ -400,7 +402,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi push (@provision_options, "--krbtgtpass=krbtgt$password"); push (@provision_options, "--machinepass=machine$password"); push (@provision_options, "--root=$root"); - push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn"); + push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn"); push (@provision_options, "--password=$password"); push (@provision_options, "--root=$root"); @@ -430,7 +432,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi if (defined($self->{ldap})) { push (@provision_options, "--ldap-backend=$ldap_uri"); - system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); + system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$localrealm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed"); if ($self->{ldap} eq "openldap") { ($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories"); diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif new file mode 100644 index 0000000000..5ebc87b106 --- /dev/null +++ b/source4/setup/provision_self_join.ldif @@ -0,0 +1,23 @@ +#Join the DC to itself by default + +dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} +objectClass: computer +cn: ${NETBIOSNAME} +userAccountControl: 532480 +localPolicyFlags: 0 +primaryGroupID: 516 +accountExpires: 9223372036854775807 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +isCriticalSystemObject: TRUE +sambaPassword: ${MACHINEPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: HOST/${DNSNAME}/${REALM} +servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} +servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} +servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} +${HOSTGUID_ADD} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index d00570b121..f1244fe8a1 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -67,29 +67,6 @@ privilege: SeInteractiveLogonRight privilege: SeNetworkLogonRight privilege: SeRemoteInteractiveLogonRight - -dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} -objectClass: computer -cn: ${NETBIOSNAME} -userAccountControl: 532480 -localPolicyFlags: 0 -primaryGroupID: 516 -accountExpires: 9223372036854775807 -sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 -operatingSystem: Samba -operatingSystemVersion: 4.0 -dNSHostName: ${DNSNAME} -isCriticalSystemObject: TRUE -sambaPassword: ${MACHINEPASS} -servicePrincipalName: HOST/${DNSNAME} -servicePrincipalName: HOST/${NETBIOSNAME} -servicePrincipalName: HOST/${DNSNAME}/${REALM} -servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} -servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} -servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} -${HOSTGUID_ADD} - dn: CN=Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group |