mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
r23720: Allow the member server to work against an LDAP Backend. Another case
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal. (Easier to just skip the useless self-join).
Andrew Bartlett
(This used to be commit 49ff929be6
)
This commit is contained in:
parent
cc0756c302
commit
967866f170
source4
@ -700,6 +700,11 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
|
||||
message("Setting up sam.ldb users and groups\n");
|
||||
setup_add_ldif("provision_users.ldif", info, samdb, false);
|
||||
|
||||
if (lp.get("server role") == "domain controller") {
|
||||
message("Setting up self join\n");
|
||||
setup_add_ldif("provision_self_join.ldif", info, samdb, false);
|
||||
}
|
||||
|
||||
if (setup_name_mappings(info, samdb) == false) {
|
||||
return false;
|
||||
}
|
||||
@ -769,6 +774,11 @@ function provision_schema(subobj, message, tmp_schema_path, paths)
|
||||
/* Write out a DNS zone file, from the info in the current database */
|
||||
function provision_dns(subobj, message, paths, session_info, credentials)
|
||||
{
|
||||
var lp = loadparm_init();
|
||||
if (lp.get("server role") != "domain controller") {
|
||||
message("No DNS zone required for role %s\n", lp.get("server role"));
|
||||
return;
|
||||
}
|
||||
message("Setting up DNS zone: " + subobj.DNSDOMAIN + " \n");
|
||||
var ldb = ldb_init();
|
||||
ldb.session_info = session_info;
|
||||
|
@ -281,6 +281,8 @@ sub provision($$$$$$)
|
||||
$localdomain = $netbiosname if $server_role eq "member server";
|
||||
my $localrealm = $realm;
|
||||
$localrealm = $netbiosname if $server_role eq "member server";
|
||||
my $localbasedn = $basedn;
|
||||
$localbasedn = "DC=$netbiosname" if $server_role eq "member server";
|
||||
|
||||
open(CONFFILE, ">$conffile");
|
||||
print CONFFILE "
|
||||
@ -400,7 +402,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi
|
||||
push (@provision_options, "--krbtgtpass=krbtgt$password");
|
||||
push (@provision_options, "--machinepass=machine$password");
|
||||
push (@provision_options, "--root=$root");
|
||||
push (@provision_options, "--simple-bind-dn=cn=Manager,$basedn");
|
||||
push (@provision_options, "--simple-bind-dn=cn=Manager,$localbasedn");
|
||||
push (@provision_options, "--password=$password");
|
||||
push (@provision_options, "--root=$root");
|
||||
|
||||
@ -430,7 +432,7 @@ my @provision_options = ("$self->{bindir}/smbscript", "$self->{setupdir}/provisi
|
||||
if (defined($self->{ldap})) {
|
||||
|
||||
push (@provision_options, "--ldap-backend=$ldap_uri");
|
||||
system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$dnsname --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
|
||||
system("$self->{bindir}/smbscript $self->{setupdir}/provision-backend $configuration --ldap-manager-pass=$password --root=$root --realm=$localrealm --host-name=$netbiosname --ldap-backend-type=$self->{ldap}>&2") == 0 or die("backend provision failed");
|
||||
|
||||
if ($self->{ldap} eq "openldap") {
|
||||
($ret->{SLAPD_CONF}, $ret->{OPENLDAP_PIDFILE}) = $self->mk_openldap($ldapdir, $configuration) or die("Unable to create openldap directories");
|
||||
|
23
source4/setup/provision_self_join.ldif
Normal file
23
source4/setup/provision_self_join.ldif
Normal file
@ -0,0 +1,23 @@
|
||||
#Join the DC to itself by default
|
||||
|
||||
dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
|
||||
objectClass: computer
|
||||
cn: ${NETBIOSNAME}
|
||||
userAccountControl: 532480
|
||||
localPolicyFlags: 0
|
||||
primaryGroupID: 516
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
sAMAccountType: 805306369
|
||||
operatingSystem: Samba
|
||||
operatingSystemVersion: 4.0
|
||||
dNSHostName: ${DNSNAME}
|
||||
isCriticalSystemObject: TRUE
|
||||
sambaPassword: ${MACHINEPASS}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
|
||||
${HOSTGUID_ADD}
|
@ -67,29 +67,6 @@ privilege: SeInteractiveLogonRight
|
||||
privilege: SeNetworkLogonRight
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
|
||||
|
||||
dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
|
||||
objectClass: computer
|
||||
cn: ${NETBIOSNAME}
|
||||
userAccountControl: 532480
|
||||
localPolicyFlags: 0
|
||||
primaryGroupID: 516
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
sAMAccountType: 805306369
|
||||
operatingSystem: Samba
|
||||
operatingSystemVersion: 4.0
|
||||
dNSHostName: ${DNSNAME}
|
||||
isCriticalSystemObject: TRUE
|
||||
sambaPassword: ${MACHINEPASS}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
|
||||
${HOSTGUID_ADD}
|
||||
|
||||
dn: CN=Users,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
|
Loading…
Reference in New Issue
Block a user