mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
f832d93751
There are two reasons for this. Firstly, leaving SPNs unclaimed is dangerous, as someone else could grab them first. Secondly, in some circumstances (self join) we try to add a DNS/ SPN a little bit later in provision. Under the rules we are introducing for CVE-2020-25722, this will make our later attempts to add HOST/ fail. This causes a few errors in samba4.blackbox.dbcheck.* tests, which assert that revivified old domains match stored reference versions. Now they don't, because they have servicePrincipalNames. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
35 lines
1.2 KiB
Plaintext
35 lines
1.2 KiB
Plaintext
# Accounts for selfjoin (joins DC to itself)
|
|
|
|
# Object under "Domain Controllers"
|
|
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
objectClass: computer
|
|
accountExpires: 9223372036854775807
|
|
dNSHostName: ${DNSNAME}
|
|
# "MSDFSR-ComputerReferenceBL" doesn't exist since we still miss DFSR support
|
|
# "isCritcalSystemObject" is now filled in by the samldb LDB module
|
|
localPolicyFlags: 0
|
|
operatingSystem: Samba
|
|
operatingSystemVersion: ${SAMBA_VERSION_STRING}
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
userAccountControl: 532480
|
|
clearTextPassword:: ${MACHINEPASS_B64}
|
|
objectSid: ${DOMAINSID}-${DCRID}
|
|
# While some "servicePrincipalName" updates might be handled by the
|
|
# "samba_spnupdate" script, we need to get the basics in here before
|
|
# we add any others.
|
|
servicePrincipalName: HOST/${DNSNAME}
|
|
servicePrincipalName: HOST/${NETBIOSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}/${DNSNAME}
|
|
|
|
|
|
dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
objectClass: rIDSet
|
|
rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
|
|
rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND}
|
|
rIDUsedPool: 0
|
|
rIDNextRID: ${RIDALLOCATIONSTART}
|