mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
provision: Allow DNS GSS-TSIG updates to work.
This change ensures the KVNO of the principal in secrets.ldb (which is also
exported to the dns.keytab) matches the KVNO associated with the "dns" user.
Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the
dns.keytab was 0.
KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora)
consider KVNO == 0 as a sign to ignore that particular key.
(This used to be commit 572efc8e65
)
This commit is contained in:
parent
c3fcc909c9
commit
18aa2d58ed
@ -33,6 +33,7 @@ objectClass: secret
|
||||
objectClass: kerberosSecret
|
||||
realm: ${REALM}
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
msDS-KeyVersionNumber: 1
|
||||
privateKeytab: ${DNS_KEYTAB}
|
||||
secret:: ${DNSPASS_B64}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user