From d26c42f5bfd212c18d53f439030fd830ecab2cf3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 11 Sep 2009 13:39:31 +1000 Subject: s4/provision: add the nTDSDSA GUID based DNS entries and SPNs The DNS entries and SPNs are needed for samba<->samba DRS replication. This patch adds them for a standalone DC configure. A separate patch will add them for the vampire configure --- source4/scripting/python/samba/provision.py | 28 ++++++++++++++++++--------- source4/setup/provision.zone | 5 ++--- source4/setup/provision_self_join_modify.ldif | 6 ++++++ 3 files changed, 27 insertions(+), 12 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index cb485c32e3..2495299e62 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -791,14 +791,23 @@ def setup_self_join(samdb, names, "DNSDOMAIN": names.dnsdomain, "DOMAINSID": str(domainsid), "DOMAINDN": names.domaindn}) + + # add the NTDSGUID based SPNs + ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) + names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID", + expression="", scope=SCOPE_BASE) + assert isinstance(names.ntdsguid, str) # Setup fSMORoleOwner entries to point at the newly created DC entry setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), { + "DOMAIN": names.domain, "DOMAINDN": names.domaindn, "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, "DEFAULTSITE": names.sitename, - "SERVERDN": names.serverdn + "SERVERDN": names.serverdn, + "NETBIOSNAME": names.netbiosname, + "NTDSGUID": names.ntdsguid }) @@ -980,6 +989,11 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, domainsid=domainsid, policyguid=policyguid, setup_path=setup_path, domainControllerFunctionality=domainControllerFunctionality) + # add the NTDSGUID based SPNs + ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) + names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID", + expression="", scope=SCOPE_BASE) + assert isinstance(names.ntdsguid, str) except: samdb.transaction_cancel() @@ -1194,16 +1208,12 @@ def provision(setup_dir, message, session_info, domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID") assert isinstance(domainguid, str) - hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID", - expression="(&(objectClass=computer)(cn=%s))" % names.hostname, - scope=SCOPE_SUBTREE) - assert isinstance(hostguid, str) create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain, domaindn=names.domaindn, hostip=hostip, hostip6=hostip6, hostname=names.hostname, dnspass=dnspass, realm=names.realm, - domainguid=domainguid, hostguid=hostguid) + domainguid=domainguid, ntdsguid=names.ntdsguid) create_named_conf(paths.namedconf, setup_path, realm=names.realm, dnsdomain=names.dnsdomain, private_dir=paths.private_dir) @@ -1804,7 +1814,7 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri): def create_zone_file(path, setup_path, dnsdomain, domaindn, hostip, hostip6, hostname, dnspass, realm, domainguid, - hostguid): + ntdsguid): """Write out a DNS zone file, from the info in the current database. :param path: Path of the new zone file. @@ -1817,7 +1827,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn, :param dnspass: Password for DNS :param realm: Realm name :param domainguid: GUID of the domain. - :param hostguid: GUID of the host. + :param ntdsguid: GUID of the hosts nTDSDSA record. """ assert isinstance(domainguid, str) @@ -1845,7 +1855,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn, "DOMAINGUID": domainguid, "DATESTRING": time.strftime("%Y%m%d%H"), "DEFAULTSITE": DEFAULTSITE, - "HOSTGUID": hostguid, + "NTDSGUID": ntdsguid, "HOSTIP6_BASE_LINE": hostip6_base_line, "HOSTIP6_HOST_LINE": hostip6_host_line, }) diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index e7d600df87..9e312dcd51 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -15,10 +15,10 @@ ${HOSTIP_BASE_LINE} ${HOSTIP6_HOST_LINE} ${HOSTIP_HOST_LINE} gc._msdcs IN CNAME ${HOSTNAME} -${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} +${NTDSGUID}._msdcs IN CNAME ${HOSTNAME} ; ; global catalog servers -_gc._tcp IN SRV 0 100 3268 ${HOSTNAME} +_gc._tcp IN SRV 2 100 3268 ${HOSTNAME} _gc._tcp.${DEFAULTSITE}._sites IN SRV 0 100 3268 ${HOSTNAME} _ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} @@ -27,7 +27,6 @@ _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.${DOMAINGUID} IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif index 4ba291f06f..200fc6c6d9 100644 --- a/source4/setup/provision_self_join_modify.ldif +++ b/source4/setup/provision_self_join_modify.ldif @@ -27,3 +27,9 @@ dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} changetype: modify replace: interSiteTopologyGenerator interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN} + +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} +changetype: modify +add: servicePrincipalName +servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DOMAIN} +servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DOMAIN} -- cgit