mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
r8158: - use the timestring for the serial number of the bind zone file
- add --krbtgtpass and --machinepass options, with them you can easy set them to default values for testing so that you don't need to setup a new keytab file when you rerun provision.pl metze
This commit is contained in:
Stefan Metzmacher
Gerald (Jerry) Carter
parent
ccc9d9267a
commit
cfb7245597
@ -615,7 +615,7 @@ operatingSystemVersion: 4.0
|
||||
dNSHostName: ${DNSNAME}
|
||||
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unicodePwd: ${JOINPASS}
|
||||
unicodePwd: ${MACHINEPASS}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}
|
||||
msDS-KeyVersionNumber: 1
|
||||
@ -653,7 +653,7 @@ sAMAccountType: 805306368
|
||||
servicePrincipalName: kadmin/changepw
|
||||
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
unicodePwd: ${RANDPASS}
|
||||
unicodePwd: ${KRBTGTPASS}
|
||||
|
||||
dn: CN=Domain Computers,CN=Users,${BASEDN}
|
||||
objectClass: top
|
||||
|
||||
@ -10,6 +10,8 @@ my $opt_hostip;
|
||||
my $opt_realm;
|
||||
my $opt_domain;
|
||||
my $opt_adminpass;
|
||||
my $opt_krbtgtpass;
|
||||
my $opt_machinepass;
|
||||
my $opt_root;
|
||||
my $opt_nobody;
|
||||
my $opt_nogroup;
|
||||
@ -69,8 +71,6 @@ sub randpass()
|
||||
return $pass;
|
||||
}
|
||||
|
||||
my $joinpass = randpass();
|
||||
|
||||
sub ldaptime()
|
||||
{
|
||||
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time);
|
||||
@ -78,6 +78,13 @@ sub ldaptime()
|
||||
$year+1900, $mon+1, $mday, $hour, $min, $sec;
|
||||
}
|
||||
|
||||
sub timestring()
|
||||
{
|
||||
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time);
|
||||
return sprintf "%04u%02u%02u%02u%02u%02u",
|
||||
$year+1900, $mon+1, $mday, $hour, $min, $sec;
|
||||
}
|
||||
|
||||
#######################
|
||||
# substitute a single variable
|
||||
sub substitute($)
|
||||
@ -124,6 +131,10 @@ sub substitute($)
|
||||
return ldaptime();
|
||||
}
|
||||
|
||||
if ($var eq "TIMESTRING") {
|
||||
return timestring();
|
||||
}
|
||||
|
||||
if ($var eq "NEWGUID") {
|
||||
return randguid();
|
||||
}
|
||||
@ -152,12 +163,12 @@ sub substitute($)
|
||||
return $opt_adminpass;
|
||||
}
|
||||
|
||||
if ($var eq "RANDPASS") {
|
||||
return randpass();
|
||||
if ($var eq "KRBTGTPASS") {
|
||||
return $opt_krbtgtpass;
|
||||
}
|
||||
|
||||
if ($var eq "JOINPASS") {
|
||||
return $joinpass;
|
||||
if ($var eq "MACHINEPASS") {
|
||||
return $opt_machinepass;
|
||||
}
|
||||
|
||||
if ($var eq "NTTIME") {
|
||||
@ -283,6 +294,8 @@ provision.pl [options]
|
||||
--invocationid GUID set invocationid (otherwise random)
|
||||
--outputdir OUTPUTDIR set output directory
|
||||
--adminpass PASSWORD choose admin password (otherwise random)
|
||||
--krbtgtpass PASSWORD choose krbtgt password (otherwise random)
|
||||
--machinepass PASSWORD choose machine password (otherwise random)
|
||||
--root USERNAME choose 'root' unix username
|
||||
--nobody USERNAME choose 'nobody' user
|
||||
--nogroup GROUPNAME choose 'nogroup' group
|
||||
@ -309,6 +322,8 @@ GetOptions(
|
||||
'host-guid=s' => \$opt_hostguid,
|
||||
'invocationid=s' => \$opt_invocationid,
|
||||
'adminpass=s' => \$opt_adminpass,
|
||||
'krbtgtpass=s' => \$opt_krbtgtpass,
|
||||
'machinepass=s' => \$opt_machinepass,
|
||||
'root=s' => \$opt_root,
|
||||
'nobody=s' => \$opt_nobody,
|
||||
'nogroup=s' => \$opt_nogroup,
|
||||
@ -401,6 +416,16 @@ if (!$opt_adminpass) {
|
||||
print "chose random Administrator password '$opt_adminpass'\n";
|
||||
}
|
||||
|
||||
if (!$opt_krbtgtpass) {
|
||||
$opt_krbtgtpass = randpass();
|
||||
print "chose random krbtgt password '$opt_krbtgtpass'\n";
|
||||
}
|
||||
|
||||
if (!$opt_machinepass) {
|
||||
$opt_machinepass = randpass();
|
||||
print "chose random machine password '$opt_machinepass'\n";
|
||||
}
|
||||
|
||||
# allow provisioning to be run from the source directory
|
||||
$ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"};
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
$ORIGIN ${DNSDOMAIN}.
|
||||
$TTL 1W
|
||||
@ IN SOA @ hostmaster (
|
||||
42 ; serial (d. adams)
|
||||
${TIMESTRING} ; serial
|
||||
2D ; refresh
|
||||
4H ; retry
|
||||
6W ; expiry
|
||||
|
||||
@ -23,7 +23,7 @@ objectClass: top
|
||||
objectClass: primaryDomain
|
||||
flatname: ${DOMAIN}
|
||||
realm: ${REALM}
|
||||
secret: ${JOINPASS}
|
||||
secret: ${MACHINEPASS}
|
||||
secureChannelType: 6
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
whenCreated: ${LDAPTIME}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user