"RIDALLOCATIONEND": str(next_rid + 100 + 499),
})
- # This is partially Samba4 specific and should be replaced by the correct
+ setup_ad_dns(samdb, names)
+ # This is Samba4 specific and should be replaced by the correct
# DNS AD-style setup
- setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+ setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
"DNSDOMAIN": names.dnsdomain,
"DOMAINDN": names.domaindn,
"DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
})
+def setup_ad_dns(samdb, names):
+ setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+ "DOMAINDN": names.domaindn,
+ "DNSNAME" : '%s.%s' % (
+ names.netbiosname.lower(), names.dnsdomain.lower())
+ })
+
def getpolicypath(sysvolpath, dnsdomain, guid):
"""Return the physical path of policy given its guid.
objectClass: container
displayName: DNS Servers
+
+dn: DC=${DNSNAME},CN=MicrosoftDNS,CN=System,${DOMAINDN}
+objectClass: dnsZone
+
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN}
objectClass: dnsZone
objectClass: dnsNode
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwDqAHg==
-
-# NOTE: This account is SAMBA4 specific!
-# we have it to avoid the need for the bind daemon to
-# have access to the whole secrets.keytab for the domain,
-# otherwise bind could impersonate any user
-dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account for ${HOSTNAME}
-userAccountControl: 512
-accountExpires: 9223372036854775807
-sAMAccountName: dns-${HOSTNAME}
-servicePrincipalName: DNS/${DNSNAME}
-servicePrincipalName: DNS/${DNSDOMAIN}
-clearTextPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
-
--- /dev/null
+# NOTE: This account is SAMBA4 specific!
+# we have it to avoid the need for the bind daemon to
+# have access to the whole secrets.keytab for the domain,
+# otherwise bind could impersonate any user
+dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account for ${HOSTNAME}
+userAccountControl: 512
+accountExpires: 9223372036854775807
+sAMAccountName: dns-${HOSTNAME}
+servicePrincipalName: DNS/${DNSNAME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+clearTextPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE