From 509a2bb97c5ccb13c4c2f885f3961f2880aceb91 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 19 Sep 2009 20:40:17 -0700 Subject: s4:provision split provision of DNS zone and self join keytab --- source4/scripting/python/samba/provision.py | 14 ++++++++++---- source4/setup/secrets_dc.ldif | 24 ------------------------ source4/setup/secrets_dns.ldif | 11 +++++++++++ source4/setup/secrets_self_join.ldif | 13 +++++++++++++ 4 files changed, 34 insertions(+), 28 deletions(-) delete mode 100644 source4/setup/secrets_dc.ldif create mode 100644 source4/setup/secrets_dns.ldif create mode 100644 source4/setup/secrets_self_join.ldif (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index fe11b94d67..68a50b2e37 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -669,7 +669,14 @@ def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain, :param setup_path: Setup path function :param machinepass: Machine password """ - setup_ldb(secretsdb, setup_path("secrets_dc.ldif"), { + setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { + "REALM": realm, + "DNSDOMAIN": dnsdomain, + "DNS_KEYTAB": dns_keytab_path, + "DNSPASS_B64": b64encode(dnspass), + }) + + setup_ldb(secretsdb, setup_path("secrets_self_join.ldif"), { "MACHINEPASS_B64": b64encode(machinepass), "DOMAIN": domain, "REALM": realm, @@ -677,9 +684,8 @@ def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain, "DOMAINSID": str(domainsid), "SECRETS_KEYTAB": keytab_path, "NETBIOSNAME": netbiosname, - "SAM_LDB": samdb_url, - "DNS_KEYTAB": dns_keytab_path, - "DNSPASS_B64": b64encode(dnspass), + "SALT_PRINCIPAL": "host/%s.%s@%s" % (netbiosname.lower(), dnsdomain.lower(), realm.upper()), + "KEY_VERSION_NUMBER": "1" }) diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif deleted file mode 100644 index b8251eece5..0000000000 --- a/source4/setup/secrets_dc.ldif +++ /dev/null @@ -1,24 +0,0 @@ -dn: flatname=${DOMAIN},CN=Primary Domains -objectClass: top -objectClass: primaryDomain -objectClass: kerberosSecret -flatname: ${DOMAIN} -realm: ${REALM} -secret:: ${MACHINEPASS_B64} -secureChannelType: 6 -sAMAccountName: ${NETBIOSNAME}$ -msDS-KeyVersionNumber: 1 -objectSid: ${DOMAINSID} -privateKeytab: ${SECRETS_KEYTAB} - -#Update a keytab for the external DNS server to use -dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals -objectClass: top -objectClass: secret -objectClass: kerberosSecret -realm: ${REALM} -servicePrincipalName: DNS/${DNSDOMAIN} -msDS-KeyVersionNumber: 1 -privateKeytab: ${DNS_KEYTAB} -secret:: ${DNSPASS_B64} - diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif new file mode 100644 index 0000000000..8a19733d19 --- /dev/null +++ b/source4/setup/secrets_dns.ldif @@ -0,0 +1,11 @@ +#Update a keytab for the external DNS server to use +dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals +objectClass: top +objectClass: secret +objectClass: kerberosSecret +realm: ${REALM} +servicePrincipalName: DNS/${DNSDOMAIN} +msDS-KeyVersionNumber: 1 +privateKeytab: ${DNS_KEYTAB} +secret:: ${DNSPASS_B64} + diff --git a/source4/setup/secrets_self_join.ldif b/source4/setup/secrets_self_join.ldif new file mode 100644 index 0000000000..22be0cab0b --- /dev/null +++ b/source4/setup/secrets_self_join.ldif @@ -0,0 +1,13 @@ +dn: flatname=${DOMAIN},CN=Primary Domains +objectClass: top +objectClass: primaryDomain +objectClass: kerberosSecret +flatname: ${DOMAIN} +realm: ${REALM} +secret:: ${MACHINEPASS_B64} +secureChannelType: 6 +sAMAccountName: ${NETBIOSNAME}$ +msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER} +objectSid: ${DOMAINSID} +privateKeytab: ${SECRETS_KEYTAB} +saltPrincipal: ${SALT_PRINCIPAL} -- cgit