diff options
-rw-r--r-- | source4/scripting/python/samba/provision.py | 9 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 5 | ||||
-rw-r--r-- | source4/setup/provision_dns_add.ldif | 31 | ||||
-rw-r--r-- | source4/setup/provision_self_join_modify.ldif | 15 |
4 files changed, 39 insertions, 21 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index bb8b93e268..84045da19f 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -920,11 +920,18 @@ def setup_self_join(samdb, names, "SERVERDN": names.serverdn, "NETBIOSNAME": names.netbiosname, "NTDSGUID": names.ntdsguid, - "DNSPASS_B64": b64encode(dnspass), "RIDALLOCATIONSTART": str(next_rid + 100), "RIDALLOCATIONEND": str(next_rid + 100 + 499), }) + # This is Samba4 specific and should be replacted by the correct + # DNS AD-style setup + setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), { + "DNSDOMAIN": names.dnsdomain, + "DOMAINDN": names.domaindn, + "DNSPASS_B64": b64encode(dnspass), + }) + def getpolicypath(sysvolpath, dnsdomain, guid): if guid[0] != "{": guid = "{%s}" % guid diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 2159aeff98..2db01f9bb9 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -780,11 +780,6 @@ objectClass: top objectClass: container isCriticalSystemObject: TRUE -dn: CN=MicrosoftDNS,CN=System,${DOMAINDN} -objectClass: top -objectClass: container -displayName: DNS Servers - dn: CN=Password Settings Container,CN=System,${DOMAINDN} objectClass: top objectClass: msDS-PasswordSettingsContainer diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif new file mode 100644 index 0000000000..abae85bb8c --- /dev/null +++ b/source4/setup/provision_dns_add.ldif @@ -0,0 +1,31 @@ +dn: CN=DnsAdmins,CN=Users,${DOMAINDN} +objectClass: group +description: DNS Administrators Group +sAMAccountName: DnsAdmins +groupType: -2147483644 + +dn: CN=DnsUpdateProxy,CN=Users,${DOMAINDN} +objectClass: group +description: DNS clients who are permitted to perform dynamic updates on behal + f of some other clients (such as DHCP servers). +sAMAccountName: DnsUpdateProxy +groupType: -2147483646 + +dn: CN=MicrosoftDNS,CN=System,${DOMAINDN} +objectClass: container +displayName: DNS Servers + +# NOTE: This account is SAMBA4 specific! +dn: CN=dns,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +description: DNS Service Account +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +servicePrincipalName: DNS/${DNSDOMAIN} +userPassword:: ${DNSPASS_B64} +isCriticalSystemObject: TRUE + diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif index c2bba888b7..b667e5c40d 100644 --- a/source4/setup/provision_self_join_modify.ldif +++ b/source4/setup/provision_self_join_modify.ldif @@ -43,18 +43,3 @@ servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMA servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN} add: rIDSetReferences rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} - -# NOTE: This account is SAMBA4 specific! -dn: CN=dns,CN=Users,${DOMAINDN} -changetype: add -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -description: DNS Service Account -userAccountControl: 514 -accountExpires: 9223372036854775807 -sAMAccountName: dns -servicePrincipalName: DNS/${DNSDOMAIN} -userPassword:: ${DNSPASS_B64} -isCriticalSystemObject: TRUE |