mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r24729: First try and publishing a DNS service account, for folks to play with.
The keytab in dns.keytab should (I hope) do the job.
Andrew Bartlett
(This used to be commit af4d331eef
)
This commit is contained in:
parent
2fefa818a9
commit
73388ce54c
@ -379,6 +379,7 @@ function provision_default_paths(subobj)
|
||||
paths.samdb = lp.get("sam database");
|
||||
paths.secrets = lp.get("secrets database");
|
||||
paths.keytab = "secrets.keytab";
|
||||
paths.dns_keytab = "dns.keytab";
|
||||
paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
|
||||
paths.named_conf = lp.get("private dir") + "/named.conf";
|
||||
paths.winsdb = "wins.ldb";
|
||||
@ -469,6 +470,7 @@ function provision_fix_subobj(subobj, paths)
|
||||
|
||||
subobj.SAM_LDB = "tdb://" + paths.samdb;
|
||||
subobj.SECRETS_KEYTAB = paths.keytab;
|
||||
subobj.DNS_KEYTAB = paths.dns_keytab;
|
||||
|
||||
subobj.LDAPDIR = paths.ldapdir;
|
||||
var ldap_path_list = split("/", paths.ldapdir);
|
||||
@ -891,6 +893,7 @@ function provision_guess()
|
||||
subobj.POLICYGUID = randguid();
|
||||
subobj.KRBTGTPASS = randpass(12);
|
||||
subobj.MACHINEPASS = randpass(12);
|
||||
subobj.DNSPASS = randpass(12);
|
||||
subobj.ADMINPASS = randpass(12);
|
||||
subobj.LDAPMANAGERPASS = randpass(12);
|
||||
subobj.DEFAULTSITE = "Default-First-Site-Name";
|
||||
|
@ -24,6 +24,7 @@ options = GetOptions(ARGV,
|
||||
'adminpass=s',
|
||||
'krbtgtpass=s',
|
||||
'machinepass=s',
|
||||
'dnspass=s',
|
||||
'root=s',
|
||||
'nobody=s',
|
||||
'nogroup=s',
|
||||
|
@ -205,6 +205,22 @@ servicePrincipalName: kadmin/changepw
|
||||
isCriticalSystemObject: TRUE
|
||||
sambaPassword: ${KRBTGTPASS}
|
||||
|
||||
dn: CN=dns,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
cn: dns
|
||||
description: DNS Service Account
|
||||
showInAdvancedViewOnly: TRUE
|
||||
userAccountControl: 514
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: dns
|
||||
sAMAccountType: 805306368
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
isCriticalSystemObject: TRUE
|
||||
sambaPassword: ${DNSPASS}
|
||||
|
||||
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
|
@ -38,3 +38,17 @@ objectSid: ${DOMAINSID}
|
||||
servicePrincipalName: kadmin/changepw
|
||||
krb5Keytab: HDB:ldb:${SAM_LDB}:
|
||||
#The trailing : here is a HACK, but it matches the Heimdal format.
|
||||
|
||||
# A hook from our credentials system into HDB, as we must be on a KDC,
|
||||
# we can look directly into the database.
|
||||
dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
|
||||
objectClass: top
|
||||
objectClass: secret
|
||||
objectClass: kerberosSecret
|
||||
realm: ${REALM}
|
||||
whenCreated: ${LDAPTIME}
|
||||
whenChanged: ${LDAPTIME}
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
privateKeytab: ${DNS_KEYTAB}
|
||||
secret: ${DNSPASS}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user