diff options
Diffstat (limited to 'source4/setup')
| -rw-r--r-- | source4/setup/provision_dns_add.ldif | 23 | ||||
| -rw-r--r-- | source4/setup/provision_dns_add_samba.ldif | 17 |
2 files changed, 21 insertions, 19 deletions
diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif index 2263fcbdb7..3039bc0485 100644 --- a/source4/setup/provision_dns_add.ldif +++ b/source4/setup/provision_dns_add.ldif @@ -15,6 +15,10 @@ dn: CN=MicrosoftDNS,CN=System,${DOMAINDN} objectClass: container displayName: DNS Servers + +dn: DC=${DNSNAME},CN=MicrosoftDNS,CN=System,${DOMAINDN} +objectClass: dnsZone + dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN} objectClass: dnsZone @@ -86,22 +90,3 @@ dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN objectClass: dnsNode dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwDqAHg== - -# NOTE: This account is SAMBA4 specific! -# we have it to avoid the need for the bind daemon to -# have access to the whole secrets.keytab for the domain, -# otherwise bind could impersonate any user -dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -description: DNS Service Account for ${HOSTNAME} -userAccountControl: 512 -accountExpires: 9223372036854775807 -sAMAccountName: dns-${HOSTNAME} -servicePrincipalName: DNS/${DNSNAME} -servicePrincipalName: DNS/${DNSDOMAIN} -clearTextPassword:: ${DNSPASS_B64} -isCriticalSystemObject: TRUE - diff --git a/source4/setup/provision_dns_add_samba.ldif b/source4/setup/provision_dns_add_samba.ldif new file mode 100644 index 0000000000..6c664d910b --- /dev/null +++ b/source4/setup/provision_dns_add_samba.ldif @@ -0,0 +1,17 @@ +# NOTE: This account is SAMBA4 specific! +# we have it to avoid the need for the bind daemon to +# have access to the whole secrets.keytab for the domain, +# otherwise bind could impersonate any user +dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +description: DNS Service Account for ${HOSTNAME} +userAccountControl: 512 +accountExpires: 9223372036854775807 +sAMAccountName: dns-${HOSTNAME} +servicePrincipalName: DNS/${DNSNAME} +servicePrincipalName: DNS/${DNSDOMAIN} +clearTextPassword:: ${DNSPASS_B64} +isCriticalSystemObject: TRUE |