Author: abartlet Date: 2007-08-28 04:28:02 +0000 (Tue, 28 Aug 2007) New Revision: 24729
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24729 Log: First try and publishing a DNS service account, for folks to play with. The keytab in dns.keytab should (I hope) do the job. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/provision branches/SAMBA_4_0/source/setup/provision_users.ldif branches/SAMBA_4_0/source/setup/secrets.ldif Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js =================================================================== --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-08-28 00:16:58 UTC (rev 24728) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-08-28 04:28:02 UTC (rev 24729) @@ -379,6 +379,7 @@ paths.samdb = lp.get("sam database"); paths.secrets = lp.get("secrets database"); paths.keytab = "secrets.keytab"; + paths.dns_keytab = "dns.keytab"; paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone"; paths.named_conf = lp.get("private dir") + "/named.conf"; paths.winsdb = "wins.ldb"; @@ -469,6 +470,7 @@ subobj.SAM_LDB = "tdb://" + paths.samdb; subobj.SECRETS_KEYTAB = paths.keytab; + subobj.DNS_KEYTAB = paths.dns_keytab; subobj.LDAPDIR = paths.ldapdir; var ldap_path_list = split("/", paths.ldapdir); @@ -891,6 +893,7 @@ subobj.POLICYGUID = randguid(); subobj.KRBTGTPASS = randpass(12); subobj.MACHINEPASS = randpass(12); + subobj.DNSPASS = randpass(12); subobj.ADMINPASS = randpass(12); subobj.LDAPMANAGERPASS = randpass(12); subobj.DEFAULTSITE = "Default-First-Site-Name"; Modified: branches/SAMBA_4_0/source/setup/provision =================================================================== --- branches/SAMBA_4_0/source/setup/provision 2007-08-28 00:16:58 UTC (rev 24728) +++ branches/SAMBA_4_0/source/setup/provision 2007-08-28 04:28:02 UTC (rev 24729) @@ -24,6 +24,7 @@ 'adminpass=s', 'krbtgtpass=s', 'machinepass=s', + 'dnspass=s', 'root=s', 'nobody=s', 'nogroup=s', Modified: branches/SAMBA_4_0/source/setup/provision_users.ldif =================================================================== --- branches/SAMBA_4_0/source/setup/provision_users.ldif 2007-08-28 00:16:58 UTC (rev 24728) +++ branches/SAMBA_4_0/source/setup/provision_users.ldif 2007-08-28 04:28:02 UTC (rev 24729) @@ -205,6 +205,22 @@ isCriticalSystemObject: TRUE sambaPassword: ${KRBTGTPASS} +dn: CN=dns,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: dns +description: DNS Service Account +showInAdvancedViewOnly: TRUE +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +sAMAccountType: 805306368 +servicePrincipalName: DNS/${DNSDOMAIN} +isCriticalSystemObject: TRUE +sambaPassword: ${DNSPASS} + dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top objectClass: group Modified: branches/SAMBA_4_0/source/setup/secrets.ldif =================================================================== --- branches/SAMBA_4_0/source/setup/secrets.ldif 2007-08-28 00:16:58 UTC (rev 24728) +++ branches/SAMBA_4_0/source/setup/secrets.ldif 2007-08-28 04:28:02 UTC (rev 24729) @@ -38,3 +38,17 @@ servicePrincipalName: kadmin/changepw krb5Keytab: HDB:ldb:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. + +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. +dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals +objectClass: top +objectClass: secret +objectClass: kerberosSecret +realm: ${REALM} +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +servicePrincipalName: DNS/${DNSDOMAIN} +privateKeytab: ${DNS_KEYTAB} +secret: ${DNSPASS} +
