1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r24729: First try and publishing a DNS service account, for folks to play with.

The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett
(This used to be commit af4d331eef)
This commit is contained in:
Andrew Bartlett 2007-08-28 04:28:02 +00:00 committed by Gerald (Jerry) Carter
parent 2fefa818a9
commit 73388ce54c
4 changed files with 34 additions and 0 deletions

View File

@ -379,6 +379,7 @@ function provision_default_paths(subobj)
paths.samdb = lp.get("sam database");
paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab";
paths.dns_keytab = "dns.keytab";
paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
paths.named_conf = lp.get("private dir") + "/named.conf";
paths.winsdb = "wins.ldb";
@ -469,6 +470,7 @@ function provision_fix_subobj(subobj, paths)
subobj.SAM_LDB = "tdb://" + paths.samdb;
subobj.SECRETS_KEYTAB = paths.keytab;
subobj.DNS_KEYTAB = paths.dns_keytab;
subobj.LDAPDIR = paths.ldapdir;
var ldap_path_list = split("/", paths.ldapdir);
@ -891,6 +893,7 @@ function provision_guess()
subobj.POLICYGUID = randguid();
subobj.KRBTGTPASS = randpass(12);
subobj.MACHINEPASS = randpass(12);
subobj.DNSPASS = randpass(12);
subobj.ADMINPASS = randpass(12);
subobj.LDAPMANAGERPASS = randpass(12);
subobj.DEFAULTSITE = "Default-First-Site-Name";

View File

@ -24,6 +24,7 @@ options = GetOptions(ARGV,
'adminpass=s',
'krbtgtpass=s',
'machinepass=s',
'dnspass=s',
'root=s',
'nobody=s',
'nogroup=s',

View File

@ -205,6 +205,22 @@ servicePrincipalName: kadmin/changepw
isCriticalSystemObject: TRUE
sambaPassword: ${KRBTGTPASS}
dn: CN=dns,CN=Users,${DOMAINDN}
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: dns
description: DNS Service Account
showInAdvancedViewOnly: TRUE
userAccountControl: 514
accountExpires: 9223372036854775807
sAMAccountName: dns
sAMAccountType: 805306368
servicePrincipalName: DNS/${DNSDOMAIN}
isCriticalSystemObject: TRUE
sambaPassword: ${DNSPASS}
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group

View File

@ -38,3 +38,17 @@ objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
krb5Keytab: HDB:ldb:${SAM_LDB}:
#The trailing : here is a HACK, but it matches the Heimdal format.
# A hook from our credentials system into HDB, as we must be on a KDC,
# we can look directly into the database.
dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
objectClass: top
objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
servicePrincipalName: DNS/${DNSDOMAIN}
privateKeytab: ${DNS_KEYTAB}
secret: ${DNSPASS}