svn commit: samba r24729 - in branches/SAMBA_4_0/source: scripting/libjs setup

abartlet at samba.org abartlet at samba.org
Tue Aug 28 04:28:03 GMT 2007


Author: abartlet
Date: 2007-08-28 04:28:02 +0000 (Tue, 28 Aug 2007)
New Revision: 24729

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24729

Log:
First try and publishing a DNS service account, for folks to play with. 

The keytab in dns.keytab should (I hope) do the job.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/scripting/libjs/provision.js
   branches/SAMBA_4_0/source/setup/provision
   branches/SAMBA_4_0/source/setup/provision_users.ldif
   branches/SAMBA_4_0/source/setup/secrets.ldif


Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===================================================================
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-08-28 00:16:58 UTC (rev 24728)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js	2007-08-28 04:28:02 UTC (rev 24729)
@@ -379,6 +379,7 @@
 	paths.samdb = lp.get("sam database");
 	paths.secrets = lp.get("secrets database");
 	paths.keytab = "secrets.keytab";
+	paths.dns_keytab = "dns.keytab";
 	paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
 	paths.named_conf = lp.get("private dir") + "/named.conf";
 	paths.winsdb = "wins.ldb";
@@ -469,6 +470,7 @@
 
 	subobj.SAM_LDB		= "tdb://" + paths.samdb;
 	subobj.SECRETS_KEYTAB	= paths.keytab;
+	subobj.DNS_KEYTAB	= paths.dns_keytab;
 
 	subobj.LDAPDIR = paths.ldapdir;
 	var ldap_path_list = split("/", paths.ldapdir);
@@ -891,6 +893,7 @@
 	subobj.POLICYGUID   = randguid();
 	subobj.KRBTGTPASS   = randpass(12);
 	subobj.MACHINEPASS  = randpass(12);
+	subobj.DNSPASS  = randpass(12);
 	subobj.ADMINPASS    = randpass(12);
 	subobj.LDAPMANAGERPASS     = randpass(12);
 	subobj.DEFAULTSITE  = "Default-First-Site-Name";

Modified: branches/SAMBA_4_0/source/setup/provision
===================================================================
--- branches/SAMBA_4_0/source/setup/provision	2007-08-28 00:16:58 UTC (rev 24728)
+++ branches/SAMBA_4_0/source/setup/provision	2007-08-28 04:28:02 UTC (rev 24729)
@@ -24,6 +24,7 @@
 		'adminpass=s',
 		'krbtgtpass=s',
 		'machinepass=s',
+		'dnspass=s',
 		'root=s',
 		'nobody=s',
 		'nogroup=s',

Modified: branches/SAMBA_4_0/source/setup/provision_users.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/provision_users.ldif	2007-08-28 00:16:58 UTC (rev 24728)
+++ branches/SAMBA_4_0/source/setup/provision_users.ldif	2007-08-28 04:28:02 UTC (rev 24729)
@@ -205,6 +205,22 @@
 isCriticalSystemObject: TRUE
 sambaPassword: ${KRBTGTPASS}
 
+dn: CN=dns,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: dns
+description: DNS Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+sAMAccountType: 805306368
+servicePrincipalName: DNS/${DNSDOMAIN}
+isCriticalSystemObject: TRUE
+sambaPassword: ${DNSPASS}
+
 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group

Modified: branches/SAMBA_4_0/source/setup/secrets.ldif
===================================================================
--- branches/SAMBA_4_0/source/setup/secrets.ldif	2007-08-28 00:16:58 UTC (rev 24728)
+++ branches/SAMBA_4_0/source/setup/secrets.ldif	2007-08-28 04:28:02 UTC (rev 24729)
@@ -38,3 +38,17 @@
 servicePrincipalName: kadmin/changepw
 krb5Keytab: HDB:ldb:${SAM_LDB}:
 #The trailing : here is a HACK, but it matches the Heimdal format. 
+
+# A hook from our credentials system into HDB, as we must be on a KDC,
+# we can look directly into the database.
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+whenCreated: ${LDAPTIME}
+whenChanged: ${LDAPTIME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+privateKeytab: ${DNS_KEYTAB}
+secret: ${DNSPASS}
+



More information about the samba-cvs mailing list