sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-12 12:23:50 +03:00
Code Activity

r24729: First try and publishing a DNS service account, for folks to play with.

Browse Source 
The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2007-08-28 04:28:02 +00:00
committed by Gerald (Jerry) Carter
parent da3a7ee407
commit af4d331eef
4 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/scripting/libjs/provision.js
View File

@@ -379,6 +379,7 @@ function provision_default_paths(subobj)
paths.samdb = lp.get("sam database"); paths.samdb = lp.get("sam database");
paths.secrets = lp.get("secrets database"); paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab"; paths.keytab = "secrets.keytab";
paths.dns_keytab = "dns.keytab";
paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone"; paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
paths.named_conf = lp.get("private dir") + "/named.conf"; paths.named_conf = lp.get("private dir") + "/named.conf";
paths.winsdb = "wins.ldb"; paths.winsdb = "wins.ldb";
@@ -469,6 +470,7 @@ function provision_fix_subobj(subobj, paths)
subobj.SAM_LDB = "tdb://" + paths.samdb; subobj.SAM_LDB = "tdb://" + paths.samdb;
subobj.SECRETS_KEYTAB = paths.keytab; subobj.SECRETS_KEYTAB = paths.keytab;
subobj.DNS_KEYTAB = paths.dns_keytab;
subobj.LDAPDIR = paths.ldapdir; subobj.LDAPDIR = paths.ldapdir;
var ldap_path_list = split("/", paths.ldapdir); var ldap_path_list = split("/", paths.ldapdir);
@@ -891,6 +893,7 @@ function provision_guess()
subobj.POLICYGUID = randguid(); subobj.POLICYGUID = randguid();
subobj.KRBTGTPASS = randpass(12); subobj.KRBTGTPASS = randpass(12);
subobj.MACHINEPASS = randpass(12); subobj.MACHINEPASS = randpass(12);
subobj.DNSPASS = randpass(12);
subobj.ADMINPASS = randpass(12); subobj.ADMINPASS = randpass(12);
subobj.LDAPMANAGERPASS = randpass(12); subobj.LDAPMANAGERPASS = randpass(12);
subobj.DEFAULTSITE = "Default-First-Site-Name"; subobj.DEFAULTSITE = "Default-First-Site-Name";

1
source/setup/provision
View File

@@ -24,6 +24,7 @@ options = GetOptions(ARGV,
'adminpass=s', 'adminpass=s',
'krbtgtpass=s', 'krbtgtpass=s',
'machinepass=s', 'machinepass=s',
'dnspass=s',
'root=s', 'root=s',
'nobody=s', 'nobody=s',
'nogroup=s', 'nogroup=s',

16
source/setup/provision_users.ldif
View File

@@ -205,6 +205,22 @@ servicePrincipalName: kadmin/changepw
isCriticalSystemObject: TRUE isCriticalSystemObject: TRUE
sambaPassword: ${KRBTGTPASS} sambaPassword: ${KRBTGTPASS}
dn: CN=dns,CN=Users,${DOMAINDN}
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: dns
description: DNS Service Account
showInAdvancedViewOnly: TRUE
userAccountControl: 514
accountExpires: 9223372036854775807
sAMAccountName: dns
sAMAccountType: 805306368
servicePrincipalName: DNS/${DNSDOMAIN}
isCriticalSystemObject: TRUE
sambaPassword: ${DNSPASS}
dn: CN=Domain Computers,CN=Users,${DOMAINDN} dn: CN=Domain Computers,CN=Users,${DOMAINDN}
objectClass: top objectClass: top
objectClass: group objectClass: group

14
source/setup/secrets.ldif
View File

@@ -38,3 +38,17 @@ objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw servicePrincipalName: kadmin/changepw
krb5Keytab: HDB:ldb:${SAM_LDB}: krb5Keytab: HDB:ldb:${SAM_LDB}:
#The trailing : here is a HACK, but it matches the Heimdal format. #The trailing : here is a HACK, but it matches the Heimdal format.
# A hook from our credentials system into HDB, as we must be on a KDC,
# we can look directly into the database.
dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
objectClass: top
objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
servicePrincipalName: DNS/${DNSDOMAIN}
privateKeytab: ${DNS_KEYTAB}
secret: ${DNSPASS}