From fee6fa5e2f2a56ef3d8a02d9cd4348f2cccb0a3f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Dec 2012 08:56:50 +1100 Subject: scripting/join.py: Handle creating the dns-NAME account during a DC join This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher Signed-off-by: Andrew Bartlett (cherry picked from commit b106d9090e8f8f44f02059d2ced3d10066787060) --- source4/scripting/bin/samba_upgradedns | 11 ++++++++++- source4/setup/secrets_dns.ldif | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns index b7af98c30d..9c1a6b4d5a 100755 --- a/source4/scripting/bin/samba_upgradedns +++ b/source4/scripting/bin/samba_upgradedns @@ -436,10 +436,19 @@ if __name__ == '__main__': "DNSNAME" : dnsname } ) + res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, + expression='(sAMAccountName=dns-%s)' % (hostname), + attrs=["msDS-KeyVersionNumber"]) + if "msDS-KeyVersionNumber" in res[0]: + dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0]) + else: + dns_key_version_number = None + secretsdb_setup_dns(ldbs.secrets, names, paths.private_dir, realm=names.realm, dnsdomain=names.dnsdomain, - dns_keytab_path=paths.dns_keytab, dnspass=dnspass) + dns_keytab_path=paths.dns_keytab, dnspass=dnspass, + key_version_number=dns_key_version_number) else: logger.info("dns-%s account already exists" % hostname) diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif index 67fd66b057..192c06d286 100644 --- a/source4/setup/secrets_dns.ldif +++ b/source4/setup/secrets_dns.ldif @@ -5,7 +5,7 @@ objectClass: secret objectClass: kerberosSecret realm: ${REALM} servicePrincipalName: DNS/${DNSNAME} -msDS-KeyVersionNumber: 1 +msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER} privateKeytab: ${DNS_KEYTAB} secret:: ${DNSPASS_B64} samAccountName: dns-${HOSTNAME} -- cgit v1.2.3