s4/provision: add the nTDSDSA GUID based DNS entries and SPNs

author Andrew Tridgell <tridge@samba.org>

Fri, 11 Sep 2009 03:39:31 +0000 (13:39 +1000)

committer Andrew Tridgell <tridge@samba.org>

Fri, 11 Sep 2009 04:07:22 +0000 (14:07 +1000)
author Andrew Tridgell <tridge@samba.org>
Fri, 11 Sep 2009 03:39:31 +0000 (13:39 +1000)
committer Andrew Tridgell <tridge@samba.org>
Fri, 11 Sep 2009 04:07:22 +0000 (14:07 +1000)
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py

index cb485c32e387acb1e843fd8eebef29d1572a7b96..2495299e626469547fed854fc49d61a1558a8efc 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -791,14 +791,23 @@ def setup_self_join(samdb, names,
                "DNSDOMAIN": names.dnsdomain,
                "DOMAINSID": str(domainsid),
                "DOMAINDN": names.domaindn})
+    
+    # add the NTDSGUID based SPNs
+    ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+    names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
+                                     expression="", scope=SCOPE_BASE)
+    assert isinstance(names.ntdsguid, str)
  
      # Setup fSMORoleOwner entries to point at the newly created DC entry
      setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), {
+              "DOMAIN": names.domain,
                "DOMAINDN": names.domaindn,
                "CONFIGDN": names.configdn,
                "SCHEMADN": names.schemadn, 
                "DEFAULTSITE": names.sitename,
-              "SERVERDN": names.serverdn
+              "SERVERDN": names.serverdn,
+              "NETBIOSNAME": names.netbiosname,
+              "NTDSGUID": names.ntdsguid
                })
  
  
@@ -980,6 +989,11 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
                                  domainsid=domainsid, policyguid=policyguid,
                                  setup_path=setup_path,
                                  domainControllerFunctionality=domainControllerFunctionality)
+                # add the NTDSGUID based SPNs
+                ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+                names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
+                                                 expression="", scope=SCOPE_BASE)
+                assert isinstance(names.ntdsguid, str)
  
      except:
          samdb.transaction_cancel()
@@ -1194,16 +1208,12 @@ def provision(setup_dir, message, session_info,
  
              domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
              assert isinstance(domainguid, str)
-            hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID",
-                                       expression="(&(objectClass=computer)(cn=%s))" % names.hostname,
-                                       scope=SCOPE_SUBTREE)
-            assert isinstance(hostguid, str)
  
              create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
                               domaindn=names.domaindn, hostip=hostip,
                               hostip6=hostip6, hostname=names.hostname,
                               dnspass=dnspass, realm=names.realm,
-                             domainguid=domainguid, hostguid=hostguid)
+                             domainguid=domainguid, ntdsguid=names.ntdsguid)
  
              create_named_conf(paths.namedconf, setup_path, realm=names.realm,
                                dnsdomain=names.dnsdomain, private_dir=paths.private_dir)
@@ -1804,7 +1814,7 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri):
  
  def create_zone_file(path, setup_path, dnsdomain, domaindn, 
                       hostip, hostip6, hostname, dnspass, realm, domainguid,
-                     hostguid):
+                     ntdsguid):
      """Write out a DNS zone file, from the info in the current database.
  
      :param path: Path of the new zone file.
@@ -1817,7 +1827,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
      :param dnspass: Password for DNS
      :param realm: Realm name
      :param domainguid: GUID of the domain.
-    :param hostguid: GUID of the host.
+    :param ntdsguid: GUID of the hosts nTDSDSA record.
      """
      assert isinstance(domainguid, str)
  
@@ -1845,7 +1855,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn,
              "DOMAINGUID": domainguid,
              "DATESTRING": time.strftime("%Y%m%d%H"),
              "DEFAULTSITE": DEFAULTSITE,
-            "HOSTGUID": hostguid,
+            "NTDSGUID": ntdsguid,
              "HOSTIP6_BASE_LINE": hostip6_base_line,
              "HOSTIP6_HOST_LINE": hostip6_host_line,
          })
diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone

index e7d600df87952a87180ba1de7c9a8b8345d2a2f0..9e312dcd51cb585f9967ca7c0bf70d73a3e59f86 100644 (file)
--- a/source4/setup/provision.zone
+++ b/source4/setup/provision.zone
@@ -15,10 +15,10 @@ ${HOSTIP_BASE_LINE}
  ${HOSTIP6_HOST_LINE}
  ${HOSTIP_HOST_LINE}
  gc._msdcs              IN CNAME        ${HOSTNAME}
-${HOSTGUID}._msdcs     IN CNAME        ${HOSTNAME}
+${NTDSGUID}._msdcs     IN CNAME        ${HOSTNAME}
  ;
  ; global catalog servers
-_gc._tcp               IN SRV 0 100 3268       ${HOSTNAME}
+_gc._tcp               IN SRV 2 100 3268       ${HOSTNAME}
  _gc._tcp.${DEFAULTSITE}._sites IN SRV 0 100 3268       ${HOSTNAME}
  _ldap._tcp.gc._msdcs   IN SRV 0 100 389        ${HOSTNAME}
  _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs     IN SRV 0 100 389 ${HOSTNAME}
@@ -27,7 +27,6 @@ _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs    IN SRV 0 100 389 ${HOSTNAME}
  _ldap._tcp             IN SRV 0 100 389        ${HOSTNAME}
  _ldap._tcp.dc._msdcs   IN SRV 0 100 389        ${HOSTNAME}
  _ldap._tcp.pdc._msdcs  IN SRV 0 100 389        ${HOSTNAME}
-_ldap._tcp.${DOMAINGUID}       IN SRV 0 100 389        ${HOSTNAME}
  _ldap._tcp.${DOMAINGUID}.domains._msdcs                IN SRV 0 100 389 ${HOSTNAME}
  _ldap._tcp.${DEFAULTSITE}._sites               IN SRV 0 100 389 ${HOSTNAME}
  _ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs     IN SRV 0 100 389 ${HOSTNAME}
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif

index 4ba291f06f730a49a39223e62a1cd85d40bd9478..200fc6c6d910f77d0da4d73f10ae30da9ad0ee6a 100644 (file)
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -27,3 +27,9 @@ dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
  changetype: modify
  replace: interSiteTopologyGenerator
  interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+changetype: modify
+add: servicePrincipalName
+servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DOMAIN}
+servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DOMAIN}
author	Andrew Tridgell <tridge@samba.org>
	Fri, 11 Sep 2009 03:39:31 +0000 (13:39 +1000)
committer	Andrew Tridgell <tridge@samba.org>
	Fri, 11 Sep 2009 04:07:22 +0000 (14:07 +1000)
source4/scripting/python/samba/provision.py		patch \| blob \| history
source4/setup/provision.zone		patch \| blob \| history
source4/setup/provision_self_join_modify.ldif		patch \| blob \| history