:param setup_path: Setup path function
:param machinepass: Machine password
"""
- setup_ldb(secretsdb, setup_path("secrets_dc.ldif"), {
+ setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
+ "REALM": realm,
+ "DNSDOMAIN": dnsdomain,
+ "DNS_KEYTAB": dns_keytab_path,
+ "DNSPASS_B64": b64encode(dnspass),
+ })
+
+ setup_ldb(secretsdb, setup_path("secrets_self_join.ldif"), {
"MACHINEPASS_B64": b64encode(machinepass),
"DOMAIN": domain,
"REALM": realm,
"DOMAINSID": str(domainsid),
"SECRETS_KEYTAB": keytab_path,
"NETBIOSNAME": netbiosname,
- "SAM_LDB": samdb_url,
- "DNS_KEYTAB": dns_keytab_path,
- "DNSPASS_B64": b64encode(dnspass),
+ "SALT_PRINCIPAL": "host/%s.%s@%s" % (netbiosname.lower(), dnsdomain.lower(), realm.upper()),
+ "KEY_VERSION_NUMBER": "1"
})
+++ /dev/null
-dn: flatname=${DOMAIN},CN=Primary Domains
-objectClass: top
-objectClass: primaryDomain
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-secret:: ${MACHINEPASS_B64}
-secureChannelType: 6
-sAMAccountName: ${NETBIOSNAME}$
-msDS-KeyVersionNumber: 1
-objectSid: ${DOMAINSID}
-privateKeytab: ${SECRETS_KEYTAB}
-
-#Update a keytab for the external DNS server to use
-dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-realm: ${REALM}
-servicePrincipalName: DNS/${DNSDOMAIN}
-msDS-KeyVersionNumber: 1
-privateKeytab: ${DNS_KEYTAB}
-secret:: ${DNSPASS_B64}
-
--- /dev/null
+#Update a keytab for the external DNS server to use
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+servicePrincipalName: DNS/${DNSDOMAIN}
+msDS-KeyVersionNumber: 1
+privateKeytab: ${DNS_KEYTAB}
+secret:: ${DNSPASS_B64}
+
--- /dev/null
+dn: flatname=${DOMAIN},CN=Primary Domains
+objectClass: top
+objectClass: primaryDomain
+objectClass: kerberosSecret
+flatname: ${DOMAIN}
+realm: ${REALM}
+secret:: ${MACHINEPASS_B64}
+secureChannelType: 6
+sAMAccountName: ${NETBIOSNAME}$
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
+objectSid: ${DOMAINSID}
+privateKeytab: ${SECRETS_KEYTAB}
+saltPrincipal: ${SALT_PRINCIPAL}