The branch, master has been updated via d26c42f5bfd212c18d53f439030fd830ecab2cf3 (commit) via fdb8758e698e6df602b14ad7abe1152a2551e706 (commit) via 294e7cd5665975e72142409cdf18ada3b46d266c (commit) from bb6fda8a9a4ca85d2b56ff0b0f1d43943495ed31 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d26c42f5bfd212c18d53f439030fd830ecab2cf3 Author: Andrew Tridgell <tri...@samba.org> Date: Fri Sep 11 13:39:31 2009 +1000 s4/provision: add the nTDSDSA GUID based DNS entries and SPNs The DNS entries and SPNs are needed for samba<->samba DRS replication. This patch adds them for a standalone DC configure. A separate patch will add them for the vampire configure commit fdb8758e698e6df602b14ad7abe1152a2551e706 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 10 23:03:07 2009 +1000 s4/drs: parentGUID needs to be specififcally asked for Right now parentGUID is a normal attribute in s4, but it should be generated, which means we need to ask for it in a search if we want to use it. commit 294e7cd5665975e72142409cdf18ada3b46d266c Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 10 23:01:49 2009 +1000 s4/libcli: when we get a DNS lookup failure show the name When tracking down complex connection problems its useful knowing what name lookups failed. ----------------------------------------------------------------------- Summary of changes: source4/libcli/resolve/dns_ex.c | 2 + source4/rpc_server/drsuapi/getncchanges.c | 3 +- source4/scripting/python/samba/provision.py | 28 +++++++++++++++++-------- source4/setup/provision.zone | 5 +-- source4/setup/provision_self_join_modify.ldif | 6 +++++ 5 files changed, 31 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c index 617b179..1b50372 100644 --- a/source4/libcli/resolve/dns_ex.c +++ b/source4/libcli/resolve/dns_ex.c @@ -371,6 +371,8 @@ static void pipe_handler(struct tevent_context *ev, struct tevent_fd *fde, } if (ret <= 0) { + DEBUG(3,("dns child failed to find name '%s' of type %s\n", + state->name.name, (state->flags & RESOLVE_NAME_FLAG_DNS_SRV)?"SRV":"A")); composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND); return; } diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 2d06970..3b908ff 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -169,6 +169,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ struct drsuapi_DsReplicaObjectListItemEx *currentObject; NTSTATUS status; DATA_BLOB session_key; + const char *attrs[] = { "*", "parentGUID", NULL }; /* * connect to the samdb. TODO: We need to check that the caller @@ -209,7 +210,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ /* Construct response. */ ncRoot_dn = ldb_dn_new(mem_ctx, sam_ctx, ncRoot->dn); ret = drsuapi_search_with_extended_dn(sam_ctx, mem_ctx, &site_res, - ncRoot_dn, LDB_SCOPE_SUBTREE, NULL, + ncRoot_dn, LDB_SCOPE_SUBTREE, attrs, "(&(uSNChanged>=%llu)(objectClass=*))", (unsigned long long)r->in.req->req8.highwatermark.highest_usn); if (ret != LDB_SUCCESS) { diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index cb485c3..2495299 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -791,14 +791,23 @@ def setup_self_join(samdb, names, "DNSDOMAIN": names.dnsdomain, "DOMAINSID": str(domainsid), "DOMAINDN": names.domaindn}) + + # add the NTDSGUID based SPNs + ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) + names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID", + expression="", scope=SCOPE_BASE) + assert isinstance(names.ntdsguid, str) # Setup fSMORoleOwner entries to point at the newly created DC entry setup_modify_ldif(samdb, setup_path("provision_self_join_modify.ldif"), { + "DOMAIN": names.domain, "DOMAINDN": names.domaindn, "CONFIGDN": names.configdn, "SCHEMADN": names.schemadn, "DEFAULTSITE": names.sitename, - "SERVERDN": names.serverdn + "SERVERDN": names.serverdn, + "NETBIOSNAME": names.netbiosname, + "NTDSGUID": names.ntdsguid }) @@ -980,6 +989,11 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, domainsid=domainsid, policyguid=policyguid, setup_path=setup_path, domainControllerFunctionality=domainControllerFunctionality) + # add the NTDSGUID based SPNs + ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn) + names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID", + expression="", scope=SCOPE_BASE) + assert isinstance(names.ntdsguid, str) except: samdb.transaction_cancel() @@ -1194,16 +1208,12 @@ def provision(setup_dir, message, session_info, domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID") assert isinstance(domainguid, str) - hostguid = samdb.searchone(basedn=domaindn, attribute="objectGUID", - expression="(&(objectClass=computer)(cn=%s))" % names.hostname, - scope=SCOPE_SUBTREE) - assert isinstance(hostguid, str) create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain, domaindn=names.domaindn, hostip=hostip, hostip6=hostip6, hostname=names.hostname, dnspass=dnspass, realm=names.realm, - domainguid=domainguid, hostguid=hostguid) + domainguid=domainguid, ntdsguid=names.ntdsguid) create_named_conf(paths.namedconf, setup_path, realm=names.realm, dnsdomain=names.dnsdomain, private_dir=paths.private_dir) @@ -1804,7 +1814,7 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri): def create_zone_file(path, setup_path, dnsdomain, domaindn, hostip, hostip6, hostname, dnspass, realm, domainguid, - hostguid): + ntdsguid): """Write out a DNS zone file, from the info in the current database. :param path: Path of the new zone file. @@ -1817,7 +1827,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn, :param dnspass: Password for DNS :param realm: Realm name :param domainguid: GUID of the domain. - :param hostguid: GUID of the host. + :param ntdsguid: GUID of the hosts nTDSDSA record. """ assert isinstance(domainguid, str) @@ -1845,7 +1855,7 @@ def create_zone_file(path, setup_path, dnsdomain, domaindn, "DOMAINGUID": domainguid, "DATESTRING": time.strftime("%Y%m%d%H"), "DEFAULTSITE": DEFAULTSITE, - "HOSTGUID": hostguid, + "NTDSGUID": ntdsguid, "HOSTIP6_BASE_LINE": hostip6_base_line, "HOSTIP6_HOST_LINE": hostip6_host_line, }) diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index e7d600d..9e312dc 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -15,10 +15,10 @@ ${HOSTIP_BASE_LINE} ${HOSTIP6_HOST_LINE} ${HOSTIP_HOST_LINE} gc._msdcs IN CNAME ${HOSTNAME} -${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} +${NTDSGUID}._msdcs IN CNAME ${HOSTNAME} ; ; global catalog servers -_gc._tcp IN SRV 0 100 3268 ${HOSTNAME} +_gc._tcp IN SRV 2 100 3268 ${HOSTNAME} _gc._tcp.${DEFAULTSITE}._sites IN SRV 0 100 3268 ${HOSTNAME} _ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} @@ -27,7 +27,6 @@ _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.${DOMAINGUID} IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif index 4ba291f..200fc6c 100644 --- a/source4/setup/provision_self_join_modify.ldif +++ b/source4/setup/provision_self_join_modify.ldif @@ -27,3 +27,9 @@ dn: CN=NTDS Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} changetype: modify replace: interSiteTopologyGenerator interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN} + +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} +changetype: modify +add: servicePrincipalName +servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DOMAIN} +servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DOMAIN} -- Samba Shared Repository