[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Sep 7 18:05:03 MDT 2011
The branch, master has been updated
via 7800a50 s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning
via c212abe s4-provision: Make DNS entries consistent with dns_update script
via 4b5ebfc s4-provision: Reworked DNS provisioning to support AD DNS schema
via b36e9de s4-provision: LDIF files to set up AD DNS schema
via 595b9c4 s4-provision: Add DNS backend option to provision
via 92169e9 s4-provision: exit is not imported directed, use sys.exit
via 14664fa s4-provision: Extract dns account creation as separate ldif
from 4240509 samba-tool: Avoid use of "except .. as" construction introduced in python2.6.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7800a501cda683a3b8d78b952740d7131515806c
Author: Amitay Isaacs <amitay at gmail.com>
Date: Tue Sep 6 16:22:45 2011 +1000
s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning
This attribute is required by the hosting requirement.
[MS_ADTS].pdf 7.1.2.3.1 DC and Application NC Replica
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Thu Sep 8 02:04:51 CEST 2011 on sn-devel-104
commit c212abe83fdc5066f210db1fde4e30f7b2e57e62
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 5 16:19:37 2011 +1000
s4-provision: Make DNS entries consistent with dns_update script
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 4b5ebfc5ff812443b2db1ee58858d9e4e169c82b
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 5 16:19:02 2011 +1000
s4-provision: Reworked DNS provisioning to support AD DNS schema
This changes configure DNS partitions used by AD DNS and populate
with relevant entries. This has an advantage that Windows can
replicate these partitions and set up dns server using them.
In addition, these partitions are used by bind9_dlz module to query
zone information directly and do not need to create text database
for dynamic zones.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit b36e9de8634e0fa2476411f538b73a36d1d58bd3
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 5 16:11:57 2011 +1000
s4-provision: LDIF files to set up AD DNS schema
This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 595b9c4cc6a8a4937aff119583dd114092c04ccc
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 5 16:09:59 2011 +1000
s4-provision: Add DNS backend option to provision
This option is introduced temporarily to test bind9 backend with
and without dlz_dlopen module.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 92169e9debd955bda8f9f776954b750812bdf519
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 5 15:52:53 2011 +1000
s4-provision: exit is not imported directed, use sys.exit
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 14664fac34bbf0b7b10551a7a781ef2caf1cf779
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 5 15:48:27 2011 +1000
s4-provision: Extract dns account creation as separate ldif
MicrosoftDNS container and LDAP entries for root servers will be
added by sambadns.py directly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.../scripting/python/samba/provision/__init__.py | 10 +-
.../scripting/python/samba/provision/sambadns.py | 558 +++++++++++++++----
source4/setup/provision | 6 +-
source4/setup/provision_configuration.ldif | 2 +-
source4/setup/provision_dns_accounts_add.ldif | 12 +
source4/setup/provision_dns_add.ldif | 92 ----
source4/setup/provision_dnszones_add.ldif | 77 +++
source4/setup/provision_dnszones_modify.ldif | 36 ++
source4/setup/provision_dnszones_partitions.ldif | 16 +
source4/setup/provision_self_join.ldif | 4 +-
10 files changed, 595 insertions(+), 218 deletions(-)
create mode 100644 source4/setup/provision_dns_accounts_add.ldif
delete mode 100644 source4/setup/provision_dns_add.ldif
create mode 100644 source4/setup/provision_dnszones_add.ldif
create mode 100644 source4/setup/provision_dnszones_modify.ldif
create mode 100644 source4/setup/provision_dnszones_partitions.ldif
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 61d016c..9c28157 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1518,7 +1518,8 @@ def provision(logger, session_info, credentials, smbconf=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
next_rid=1000, dc_rid=None, adminpass=None, ldapadminpass=None, krbtgtpass=None,
domainguid=None, policyguid=None, policyguid_dc=None,
- invocationid=None, machinepass=None, ntdsguid=None, dnspass=None,
+ invocationid=None, machinepass=None, ntdsguid=None,
+ dns_backend=None, dnspass=None,
root=None, nobody=None, users=None, wheel=None, backup=None, aci=None,
serverrole=None, dom_for_fun_level=None, ldap_backend_extra_port=None,
ldap_backend_forced_uri=None, backend_type=None, sitename=None,
@@ -1783,7 +1784,8 @@ def provision(logger, session_info, credentials, smbconf=None,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
- setup_ad_dns(samdb, names=names, hostip=hostip, hostip6=hostip6)
+ setup_ad_dns(samdb, names, logger, hostip=hostip, hostip6=hostip6,
+ dns_backend=dns_backend, os_level=dom_for_fun_level)
domainguid = samdb.searchone(basedn=domaindn,
attribute="objectGUID")
@@ -1911,7 +1913,7 @@ def provision_become_dc(smbconf=None, targetdir=None,
serverdn=None, domain=None, hostname=None, domainsid=None,
adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None,
policyguid_dc=None, invocationid=None, machinepass=None, dnspass=None,
- root=None, nobody=None, users=None, wheel=None, backup=None,
+ dns_backend=None, root=None, nobody=None, users=None, wheel=None, backup=None,
serverrole=None, ldap_backend=None, ldap_backend_type=None,
sitename=None, debuglevel=1):
@@ -1924,7 +1926,7 @@ def provision_become_dc(smbconf=None, targetdir=None,
configdn=configdn, serverdn=serverdn, domain=domain,
hostname=hostname, hostip=None, domainsid=domainsid,
machinepass=machinepass, serverrole="domain controller",
- sitename=sitename)
+ sitename=sitename, dns_backend=dns_backend, dnspass=dnspass)
res.lp.set("debuglevel", str(debuglevel))
return res
diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py
index 6b8561e..b28c0a4 100644
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -2,6 +2,7 @@
# backend code for provisioning DNS for a Samba4 server
#
# Copyright (C) Kai Blin <kai at samba.org> 2011
+# Copyright (C) Amitay Isaacs <amitay at gmail.com> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,14 +21,51 @@
"""DNS-related provisioning"""
import os
+import uuid
import ldb
import samba
-from samba.ndr import ndr_pack
+from samba.ndr import ndr_pack, ndr_unpack
from samba import read_and_sub_file
-from samba.dcerpc import dnsp
+from samba.dcerpc import dnsp, misc
+from samba.dsdb import (
+ DS_DOMAIN_FUNCTION_2000,
+ DS_DOMAIN_FUNCTION_2003,
+ DS_DOMAIN_FUNCTION_2008,
+ DS_DOMAIN_FUNCTION_2008_R2
+ )
+
+
+def add_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
+ ldif_file_path = os.path.join(samba.param.setup_dir(), ldif_file)
+ data = read_and_sub_file(ldif_file_path, subst_vars)
+ ldb.add_ldif(data, controls)
+
+def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
+ ldif_file_path = os.path.join(samba.param.setup_dir(), ldif_file)
+ data = read_and_sub_file(ldif_file_path, subst_vars)
+ ldb.modify_ldif(data, controls)
+
+def get_domainguid(samdb, domaindn):
+ res = samdb.search(base=domaindn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
+ domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0]))
+ return domainguid
+
+def get_ntdsguid(samdb, domaindn):
+ configdn = "CN=Configuration,%s" % domaindn
+
+ res1 = samdb.search(base="OU=Domain Controllers,%s" % domaindn, scope=ldb.SCOPE_ONELEVEL,
+ attrs=["dNSHostName"])
+
+ res2 = samdb.search(expression="serverReference=%s" % res1[0].dn, base=configdn)
+
+ res3 = samdb.search(base="CN=NTDS Settings,%s" % res2[0].dn, scope=ldb.SCOPE_BASE,
+ attrs=["objectGUID"])
+ ntdsguid = str(ndr_unpack(misc.GUID, res3[0]["objectGUID"][0]))
+ return ntdsguid
+
class ARecord(dnsp.DnssrvRpcRecord):
- def __init__(self, ip_addr, serial=1, ttl=3600):
+ def __init__(self, ip_addr, serial=1, ttl=900):
super(ARecord, self).__init__()
self.wType = dnsp.DNS_TYPE_A
self.dwSerial = serial
@@ -35,21 +73,38 @@ class ARecord(dnsp.DnssrvRpcRecord):
self.data = ip_addr
class AAAARecord(dnsp.DnssrvRpcRecord):
- def __init__(self, ip6_addr, serial=1, ttl=3600):
+ def __init__(self, ip6_addr, serial=1, ttl=900):
super(AAAARecord, self).__init__()
self.wType = dnsp.DNS_TYPE_AAAA
self.dwSerial = serial
self.dwTtlSeconds = ttl
self.data = ip6_addr
+class CNameRecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, cname, serial=1, ttl=900):
+ super(CNameRecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_CNAME
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ self.data = cname
+
class NSRecord(dnsp.DnssrvRpcRecord):
- def __init__(self, dns_server, serial=1, ttl=3600):
+ def __init__(self, dns_server, serial=1, ttl=900):
super(NSRecord, self).__init__()
self.wType = dnsp.DNS_TYPE_NS
self.dwSerial = serial
self.dwTtlSeconds = ttl
self.data = dns_server
+class RootNSRecord(dnsp.DnssrvRpcRecord):
+ def __init__(self, dns_server, serial=1, ttl=3600):
+ super(RootNSRecord, self).__init__()
+ self.wType = dnsp.DNS_TYPE_NS
+ self.dwSerial = serial
+ self.dwTtlSeconds = ttl
+ self.data = dns_server
+ self.rank = dnsp.DNS_RANK_ROOT_HINT
+
class SOARecord(dnsp.DnssrvRpcRecord):
def __init__(self, mname, rname, serial=1, refresh=900, retry=600,
expire=86400, minimum=3600, ttl=3600):
@@ -67,7 +122,7 @@ class SOARecord(dnsp.DnssrvRpcRecord):
self.data = soa
class SRVRecord(dnsp.DnssrvRpcRecord):
- def __init__(self, target, port, priority=0, weight=0, serial=1, ttl=3600):
+ def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900):
super(SRVRecord, self).__init__()
self.wType = dnsp.DNS_TYPE_SRV
self.dwSerial = serial
@@ -79,153 +134,420 @@ class SRVRecord(dnsp.DnssrvRpcRecord):
srv.wWeight = weight
self.data = srv
-def setup_ad_dns(samdb, names, hostip=None, hostip6=None):
- domaindn = names.domaindn
- dnsdomain = names.dnsdomain.lower()
- hostname = names.netbiosname.lower()
- dnsname = "%s.%s" % (hostname, dnsdomain)
- site = names.sitename
- dns_ldif = os.path.join(samba.param.setup_dir(), "provision_dns_add.ldif")
+def setup_dns_partitions(samdb, domaindn, forestdn, configdn, serverdn):
+
+ # FIXME: Default security descriptor for Domain-DNS objectCategory is different in
+ # our documentation from windows
+
+ domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
+ forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
- dns_data = read_and_sub_file(dns_ldif, {
- "DOMAINDN": domaindn,
- "DNSDOMAIN" : dnsdomain
- })
- samdb.add_ldif(dns_data, ["relax:0"])
+ add_ldif(samdb, "provision_dnszones_partitions.ldif", {
+ "DOMAINZONE_DN": domainzone_dn,
+ "FORESTZONE_DN": forestzone_dn,
+ })
- soa_subrecords = []
- dns_records = []
+ domainzone_guid = get_domainguid(samdb, domainzone_dn)
+ forestzone_guid = get_domainguid(samdb, forestzone_dn)
+
+ domainzone_guid = str(uuid.uuid4())
+ forestzone_guid = str(uuid.uuid4())
+
+ domainzone_dns = ldb.Dn(samdb, domainzone_dn).canonical_ex_str().strip()
+ forestzone_dns = ldb.Dn(samdb, forestzone_dn).canonical_ex_str().strip()
+
+ add_ldif(samdb, "provision_dnszones_add.ldif", {
+ "DOMAINZONE_DN": domainzone_dn,
+ "FORESTZONE_DN": forestzone_dn,
+ "DOMAINZONE_GUID": domainzone_guid,
+ "FORESTZONE_GUID": forestzone_guid,
+ "DOMAINZONE_DNS": domainzone_dns,
+ "FORESTZONE_DNS": forestzone_dns,
+ "CONFIGDN": configdn,
+ "SERVERDN": serverdn,
+ })
+
+ modify_ldif(samdb, "provision_dnszones_modify.ldif", {
+ "CONFIGDN": configdn,
+ "SERVERDN": serverdn,
+ "DOMAINZONE_DN": domainzone_dn,
+ "FORESTZONE_DN": forestzone_dn,
+ })
+
+
+def add_dns_accounts(samdb, domaindn):
+ add_ldif(samdb, "provision_dns_accounts_add.ldif", {
+ "DOMAINDN": domaindn,
+ })
+
+def add_dns_container(samdb, domaindn, prefix):
+ # CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
+ msg = ldb.Message(ldb.Dn(samdb, "CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)))
+ msg["objectClass"] = ["top", "container"]
+ msg["displayName"] = ldb.MessageElement("DNS Servers", ldb.FLAG_MOD_ADD, "displayName")
+ samdb.add(msg)
- # @ entry for the domain
- at_soa_record = SOARecord(dnsname, "hostmaster.%s" % dnsdomain)
- soa_subrecords.append(ndr_pack(at_soa_record))
- at_ns_record = NSRecord(dnsname)
- soa_subrecords.append(ndr_pack(at_ns_record))
+def add_rootservers(samdb, domaindn, prefix):
+ rootservers = {}
+ rootservers["a.root-servers.net"] = "198.41.0.4"
+ rootservers["b.root-servers.net"] = "192.228.79.201"
+ rootservers["c.root-servers.net"] = "192.33.4.12"
+ rootservers["d.root-servers.net"] = "128.8.10.90"
+ rootservers["e.root-servers.net"] = "192.203.230.10"
+ rootservers["f.root-servers.net"] = "192.5.5.241"
+ rootservers["g.root-servers.net"] = "192.112.36.4"
+ rootservers["h.root-servers.net"] = "128.63.2.53"
+ rootservers["i.root-servers.net"] = "192.36.148.17"
+ rootservers["j.root-servers.net"] = "192.58.128.30"
+ rootservers["k.root-servers.net"] = "193.0.14.129"
+ rootservers["l.root-servers.net"] = "199.7.83.42"
+ rootservers["m.root-servers.net"] = "202.12.27.33"
+
+ rootservers_v6 = {}
+ rootservers_v6["a.root-servers.net"] = "2001:503:ba3e::2:30"
+ rootservers_v6["f.root-servers.net"] = "2001:500:2f::f"
+ rootservers_v6["h.root-servers.net"] = "2001:500:1::803f:235"
+ rootservers_v6["j.root-servers.net"] = "2001:503:c27::2:30"
+ rootservers_v6["k.root-servers.net"] = "2001:7fd::1"
+ rootservers_v6["m.root-servers.net"] = "2001:dc3::35"
+
+ container_dn = "DC=RootDNSServers,CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)
+
+ # Add DC=RootDNSServers,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
+ msg = ldb.Message(ldb.Dn(samdb, container_dn))
+ msg["objectClass"] = ["top", "dnsZone"]
+ samdb.add(msg)
+
+ # Add DC=@,DC=RootDNSServers,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
+ record = []
+ for rserver in rootservers:
+ record.append(ndr_pack(RootNSRecord(rserver, serial=0, ttl=0)))
+
+ msg = ldb.Message(ldb.Dn(samdb, "DC=@,%s" % container_dn))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = ldb.MessageElement(record, ldb.FLAG_MOD_ADD, "dnsRecord")
+ samdb.add(msg)
+
+ # Add DC=<rootserver>,DC=RootDNSServers,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
+ for rserver in rootservers:
+ record = [ndr_pack(ARecord(rootservers[rserver], serial=0, ttl=0))]
+ # Add AAAA record as well (How does W2K* add IPv6 records?)
+ #if rserver in rootservers_v6:
+ # record.append(ndr_pack(AAAARecord(rootservers_v6[rserver], serial=0, ttl=0)))
+ msg = ldb.Message(ldb.Dn(samdb, "DC=%s,%s" % (rserver, container_dn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = ldb.MessageElement(record, ldb.FLAG_MOD_ADD, "dnsRecord")
+ samdb.add(msg)
+
+def add_at_record(samdb, container_dn, prefix, hostname, dnsdomain, hostip, hostip6):
+
+ fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
+
+ at_records = []
+
+ # SOA record
+ at_soa_record = SOARecord(fqdn_hostname, "hostmaster.%s" % dnsdomain)
+ at_records.append(ndr_pack(at_soa_record))
+
+ # NS record
+ at_ns_record = NSRecord(fqdn_hostname)
+ at_records.append(ndr_pack(at_ns_record))
if hostip is not None:
# A record
at_a_record = ARecord(hostip)
- dns_records.append(ndr_pack(at_a_record))
+ at_records.append(ndr_pack(at_a_record))
if hostip6 is not None:
+ # AAAA record
at_aaaa_record = AAAARecord(hostip6)
- dns_records.append(ndr_pack(at_aaaa_record))
+ at_records.append(ndr_pack(at_aaaa_record))
- msg = ldb.Message(ldb.Dn(samdb, "DC=@,DC=%s,CN=MicrosoftDNS,CN=System,%s" %\
- (dnsdomain, domaindn )))
+ msg = ldb.Message(ldb.Dn(samdb, "DC=@,%s" % container_dn))
msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = ldb.MessageElement(soa_subrecords + dns_records,
- ldb.FLAG_MOD_ADD, "dnsRecord")
+ msg["dnsRecord"] = ldb.MessageElement(at_records, ldb.FLAG_MOD_ADD, "dnsRecord")
samdb.add(msg)
- # _gc._tcp record
- gc_tcp_record = SRVRecord(dnsname, 3268)
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_gc._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
+def add_srv_record(samdb, container_dn, prefix, host, port):
+ srv_record = SRVRecord(host, port)
+ msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(gc_tcp_record)]
+ msg["dnsRecord"] = ldb.MessageElement(ndr_pack(srv_record), ldb.FLAG_MOD_ADD, "dnsRecord")
samdb.add(msg)
- # _gc._tcp.sitename._site record
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_gc._tcp.%s._sites,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (names.sitename, dnsdomain, domaindn)))
+def add_ns_record(samdb, container_dn, prefix, host):
+ ns_record = NSRecord(host)
+ msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(gc_tcp_record)]
+ msg["dnsRecord"] = ldb.MessageElement(ndr_pack(ns_record), ldb.FLAG_MOD_ADD, "dnsRecord")
samdb.add(msg)
- # _kerberos._tcp record
- kerberos_record = SRVRecord(dnsname, 88)
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_kerberos._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
+def add_cname_record(samdb, container_dn, prefix, host):
+ cname_record = CNameRecord(host)
+ msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(kerberos_record)]
+ msg["dnsRecord"] = ldb.MessageElement(ndr_pack(cname_record), ldb.FLAG_MOD_ADD, "dnsRecord")
samdb.add(msg)
- # _kerberos._tcp.sitename._site record
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_kerberos._tcp.%s._sites,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (site, dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(kerberos_record)]
- samdb.add(msg)
+def add_host_record(samdb, container_dn, prefix, hostip, hostip6):
+ host_records = []
+ if hostip:
+ a_record = ARecord(hostip)
+ host_records.append(ndr_pack(a_record))
+ if hostip6:
+ aaaa_record = AAAARecord(hostip6)
+ host_records.append(ndr_pack(aaaa_record))
+ if host_records:
+ msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
+ msg["objectClass"] = ["top", "dnsNode"]
+ msg["dnsRecord"] = ldb.MessageElement(host_records, ldb.FLAG_MOD_ADD, "dnsRecord")
+ samdb.add(msg)
- # _kerberos._udp record
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_kerberos._udp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(kerberos_record)]
+def add_domain_record(samdb, domaindn, prefix, dnsdomain):
+ # DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
+ msg = ldb.Message(ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" % (dnsdomain, prefix, domaindn)))
+ msg["objectClass"] = ["top", "dnsZone"]
samdb.add(msg)
- # _kpasswd._tcp record
- kpasswd_record = SRVRecord(dnsname, 464)
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_kpasswd._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(kpasswd_record)]
+def add_msdcs_record(samdb, forestdn, prefix, dnsforest):
+ # DC=_msdcs.<DNSFOREST>,CN=MicrosoftDNS,<PREFIX>,<FORESTDN>
+ msg = ldb.Message(ldb.Dn(samdb, "DC=_msdcs.%s,CN=MicrosoftDNS,%s,%s" %
+ (dnsforest, prefix, forestdn)))
+ msg["objectClass"] = ["top", "dnsZone"]
samdb.add(msg)
- # _kpasswd._udp record
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_kpasswd._udp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(kpasswd_record)]
- samdb.add(msg)
- # _ldap._tcp record
- ldap_record = SRVRecord(dnsname, 389)
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_ldap._tcp,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(ldap_record)]
- samdb.add(msg)
+def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, hostip, hostip6):
- # _ldap._tcp.sitename._site record
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_ldap._tcp.%s._site,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (site, dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(ldap_record)]
- samdb.add(msg)
+ fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
- # _msdcs record
- msdcs_record = NSRecord(dnsname)
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=_msdcs,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = [ndr_pack(msdcs_record)]
- samdb.add(msg)
+ # Set up domain container - DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
+ domain_container_dn = ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" %
+ (dnsdomain, prefix, domaindn))
- # the host's own record
- # Only do this if there's IP addresses to set up.
- # This is a bit weird, but the samba4.blackbox.provision.py test apparently
- # doesn't set up any IPs
- if len(dns_records) > 0:
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=%s,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (hostname, dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = ldb.MessageElement(dns_records,
- ldb.FLAG_MOD_ADD, "dnsRecord")
- samdb.add(msg)
+ # DC=@ record
+ add_at_record(samdb, domain_container_dn, "DC=@", hostname, dnsdomain, hostip, hostip6)
- # DomainDnsZones record
- msg = ldb.Message(ldb.Dn(samdb,
- "DC=DomainDnsZones,DC=%s,CN=MicrosoftDNS,CN=System,%s" % \
- (dnsdomain, domaindn)))
- msg["objectClass"] = ["top", "dnsNode"]
- msg["dnsRecord"] = ldb.MessageElement(dns_records,
- ldb.FLAG_MOD_ADD, "dnsRecord")
+ # DC=<HOSTNAME> record
+ add_host_record(samdb, domain_container_dn, "DC=%s" % hostname, hostip, hostip6)
- samdb.add(msg)
+ # DC=_kerberos._tcp record
+ add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp", fqdn_hostname, 88)
+
+ # DC=_kerberos._tcp.<SITENAME>._sites record
+ add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp.%s._sites" % site,
+ fqdn_hostname, 88)
+
+ # DC=_kerberos._udp record
+ add_srv_record(samdb, domain_container_dn, "DC=_kerberos._udp", fqdn_hostname, 88)
+
+ # DC=_kpasswd._tcp record
+ add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._tcp", fqdn_hostname, 464)
+
+ # DC=_kpasswd._udp record
+ add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._udp", fqdn_hostname, 464)
+
+ # DC=_ldap._tcp record
+ add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp", fqdn_hostname, 389)
+
+ # DC=_ldap._tcp.<SITENAME>._sites record
+ add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites" % site,
+ fqdn_hostname, 389)
+
+ # FIXME: The number of SRV records depend on the various roles this DC has.
+ # _gc and _msdcs records are added if the we are the forest dc and not subdomain dc
+ #
--
Samba Shared Repository
More information about the samba-cvs
mailing list