s4:provision split provision of DNS zone and self join keytab

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index fe11b94d67546902ee2b0d6105633c1a7cda969d..68a50b2e37df96580aaf21e90bdd0c3f6da0930d 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -669,7 +669,14 @@ def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain,
     :param setup_path: Setup path function
     :param machinepass: Machine password
     """
-    setup_ldb(secretsdb, setup_path("secrets_dc.ldif"), { 
+    setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { 
+            "REALM": realm,
+            "DNSDOMAIN": dnsdomain,
+            "DNS_KEYTAB": dns_keytab_path,
+            "DNSPASS_B64": b64encode(dnspass),
+            })
+
+    setup_ldb(secretsdb, setup_path("secrets_self_join.ldif"), { 
             "MACHINEPASS_B64": b64encode(machinepass),
             "DOMAIN": domain,
             "REALM": realm,
@@ -677,9 +684,8 @@ def secretsdb_become_dc(secretsdb, setup_path, domain, realm, dnsdomain,
             "DOMAINSID": str(domainsid),
             "SECRETS_KEYTAB": keytab_path,
             "NETBIOSNAME": netbiosname,
-            "SAM_LDB": samdb_url,
-            "DNS_KEYTAB": dns_keytab_path,
-            "DNSPASS_B64": b64encode(dnspass),
+            "SALT_PRINCIPAL": "host/%s.%s@%s" % (netbiosname.lower(), dnsdomain.lower(), realm.upper()),
+            "KEY_VERSION_NUMBER": "1"
             })
 
 

diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif
deleted file mode 100644 (file)
index b8251ee..0000000
--- a/source4/setup/secrets_dc.ldif
+++ /dev/null
@@ -1,24 +0,0 @@
-dn: flatname=${DOMAIN},CN=Primary Domains
-objectClass: top
-objectClass: primaryDomain
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-secret:: ${MACHINEPASS_B64}
-secureChannelType: 6
-sAMAccountName: ${NETBIOSNAME}$
-msDS-KeyVersionNumber: 1
-objectSid: ${DOMAINSID}
-privateKeytab: ${SECRETS_KEYTAB}
-
-#Update a keytab for the external DNS server to use 
-dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-realm: ${REALM}
-servicePrincipalName: DNS/${DNSDOMAIN}
-msDS-KeyVersionNumber: 1
-privateKeytab: ${DNS_KEYTAB}
-secret:: ${DNSPASS_B64}
-

diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif
new file mode 100644 (file)
index 0000000..8a19733
--- /dev/null
+++ b/source4/setup/secrets_dns.ldif
@@ -0,0 +1,11 @@
+#Update a keytab for the external DNS server to use 
+dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
+objectClass: top
+objectClass: secret
+objectClass: kerberosSecret
+realm: ${REALM}
+servicePrincipalName: DNS/${DNSDOMAIN}
+msDS-KeyVersionNumber: 1
+privateKeytab: ${DNS_KEYTAB}
+secret:: ${DNSPASS_B64}
+

diff --git a/source4/setup/secrets_self_join.ldif b/source4/setup/secrets_self_join.ldif
new file mode 100644 (file)
index 0000000..22be0ca
--- /dev/null
+++ b/source4/setup/secrets_self_join.ldif
@@ -0,0 +1,13 @@
+dn: flatname=${DOMAIN},CN=Primary Domains
+objectClass: top
+objectClass: primaryDomain
+objectClass: kerberosSecret
+flatname: ${DOMAIN}
+realm: ${REALM}
+secret:: ${MACHINEPASS_B64}
+secureChannelType: 6
+sAMAccountName: ${NETBIOSNAME}$
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
+objectSid: ${DOMAINSID}
+privateKeytab: ${SECRETS_KEYTAB}
+saltPrincipal: ${SALT_PRINCIPAL}