summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/provision.py9
-rw-r--r--source4/setup/provision.ldif5
-rw-r--r--source4/setup/provision_dns_add.ldif31
-rw-r--r--source4/setup/provision_self_join_modify.ldif15
4 files changed, 39 insertions, 21 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index bb8b93e268..84045da19f 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -920,11 +920,18 @@ def setup_self_join(samdb, names,
"SERVERDN": names.serverdn,
"NETBIOSNAME": names.netbiosname,
"NTDSGUID": names.ntdsguid,
- "DNSPASS_B64": b64encode(dnspass),
"RIDALLOCATIONSTART": str(next_rid + 100),
"RIDALLOCATIONEND": str(next_rid + 100 + 499),
})
+ # This is Samba4 specific and should be replacted by the correct
+ # DNS AD-style setup
+ setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+ "DNSDOMAIN": names.dnsdomain,
+ "DOMAINDN": names.domaindn,
+ "DNSPASS_B64": b64encode(dnspass),
+ })
+
def getpolicypath(sysvolpath, dnsdomain, guid):
if guid[0] != "{":
guid = "{%s}" % guid
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 2159aeff98..2db01f9bb9 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -780,11 +780,6 @@ objectClass: top
objectClass: container
isCriticalSystemObject: TRUE
-dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-displayName: DNS Servers
-
dn: CN=Password Settings Container,CN=System,${DOMAINDN}
objectClass: top
objectClass: msDS-PasswordSettingsContainer
diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif
new file mode 100644
index 0000000000..abae85bb8c
--- /dev/null
+++ b/source4/setup/provision_dns_add.ldif
@@ -0,0 +1,31 @@
+dn: CN=DnsAdmins,CN=Users,${DOMAINDN}
+objectClass: group
+description: DNS Administrators Group
+sAMAccountName: DnsAdmins
+groupType: -2147483644
+
+dn: CN=DnsUpdateProxy,CN=Users,${DOMAINDN}
+objectClass: group
+description: DNS clients who are permitted to perform dynamic updates on behal
+ f of some other clients (such as DHCP servers).
+sAMAccountName: DnsUpdateProxy
+groupType: -2147483646
+
+dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
+objectClass: container
+displayName: DNS Servers
+
+# NOTE: This account is SAMBA4 specific!
+dn: CN=dns,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+servicePrincipalName: DNS/${DNSDOMAIN}
+userPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE
+
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index c2bba888b7..b667e5c40d 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -43,18 +43,3 @@ servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMA
servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
add: rIDSetReferences
rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
-
-# NOTE: This account is SAMBA4 specific!
-dn: CN=dns,CN=Users,${DOMAINDN}
-changetype: add
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account
-userAccountControl: 514
-accountExpires: 9223372036854775807
-sAMAccountName: dns
-servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE