summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/libjs/provision.js3
-rwxr-xr-xsource4/setup/provision1
-rw-r--r--source4/setup/provision_users.ldif16
-rw-r--r--source4/setup/secrets.ldif14
4 files changed, 34 insertions, 0 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 6ec29748f6..57531a28b9 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -379,6 +379,7 @@ function provision_default_paths(subobj)
paths.samdb = lp.get("sam database");
paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab";
+ paths.dns_keytab = "dns.keytab";
paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
paths.named_conf = lp.get("private dir") + "/named.conf";
paths.winsdb = "wins.ldb";
@@ -469,6 +470,7 @@ function provision_fix_subobj(subobj, paths)
subobj.SAM_LDB = "tdb://" + paths.samdb;
subobj.SECRETS_KEYTAB = paths.keytab;
+ subobj.DNS_KEYTAB = paths.dns_keytab;
subobj.LDAPDIR = paths.ldapdir;
var ldap_path_list = split("/", paths.ldapdir);
@@ -891,6 +893,7 @@ function provision_guess()
subobj.POLICYGUID = randguid();
subobj.KRBTGTPASS = randpass(12);
subobj.MACHINEPASS = randpass(12);
+ subobj.DNSPASS = randpass(12);
subobj.ADMINPASS = randpass(12);
subobj.LDAPMANAGERPASS = randpass(12);
subobj.DEFAULTSITE = "Default-First-Site-Name";
diff --git a/source4/setup/provision b/source4/setup/provision
index ddb424477b..f6b9cde188 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -24,6 +24,7 @@ options = GetOptions(ARGV,
'adminpass=s',
'krbtgtpass=s',
'machinepass=s',
+ 'dnspass=s',
'root=s',
'nobody=s',
'nogroup=s',
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index dcb9ef14fa..60a26c1ebf 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -205,6 +205,22 @@ servicePrincipalName: kadmin/changepw
isCriticalSystemObject: TRUE
sambaPassword: ${KRBTGTPASS}
+dn: CN=dns,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: dns
+description: DNS Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+sAMAccountType: 805306368
+servicePrincipalName: DNS/${DNSDOMAIN}
+isCriticalSystemObject: TRUE
+sambaPassword: ${DNSPASS}
+
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index ef5cb695d0..8c61c06a54 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -38,3 +38,17 @@ objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
krb5Keytab: HDB:ldb:${SAM_LDB}:
#The trailing : here is a HACK, but it matches the Heimdal format.
+
+# A hook from our credentials system into HDB, as we must be on a KDC,
+# we can look directly into the database.
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+privateKeytab: ${DNS_KEYTAB}
+secret: ${DNSPASS}
+