mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
ee257e902a
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719)
45 lines
1.2 KiB
Plaintext
45 lines
1.2 KiB
Plaintext
dn: flatname=${DOMAIN},CN=Primary Domains
|
|
objectClass: top
|
|
objectClass: primaryDomain
|
|
objectClass: kerberosSecret
|
|
flatname: ${DOMAIN}
|
|
realm: ${REALM}
|
|
secret:: ${MACHINEPASS_B64}
|
|
secureChannelType: 6
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
msDS-KeyVersionNumber: 1
|
|
objectSid: ${DOMAINSID}
|
|
privateKeytab: ${SECRETS_KEYTAB}
|
|
|
|
# A hook from our credentials system into HDB, as we must be on a KDC,
|
|
# we can look directly into the database.
|
|
dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
|
|
objectClass: top
|
|
objectClass: secret
|
|
objectClass: kerberosSecret
|
|
flatname: ${DOMAIN}
|
|
realm: ${REALM}
|
|
sAMAccountName: krbtgt
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
objectSid: ${DOMAINSID}
|
|
servicePrincipalName: kadmin/changepw
|
|
krb5Keytab: HDB:ldb:${SAM_LDB}:
|
|
#The trailing : here is a HACK, but it matches the Heimdal format.
|
|
|
|
# A hook from our credentials system into HDB, as we must be on a KDC,
|
|
# we can look directly into the database.
|
|
dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
|
|
objectClass: top
|
|
objectClass: secret
|
|
objectClass: kerberosSecret
|
|
realm: ${REALM}
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
servicePrincipalName: DNS/${DNSDOMAIN}
|
|
privateKeytab: ${DNS_KEYTAB}
|
|
secret:: ${DNSPASS_B64}
|
|
|