1 # NOTE: This account is SAMBA4 specific!
2 # we have it to avoid the need for the bind daemon to
3 # have access to the whole secrets.keytab for the domain,
4 # otherwise bind could impersonate any user
5 dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
8 objectClass: organizationalPerson
10 description: DNS Service Account for ${HOSTNAME}
11 userAccountControl: 512
12 accountExpires: 9223372036854775807
13 sAMAccountName: dns-${HOSTNAME}
14 servicePrincipalName: DNS/${DNSNAME}
15 clearTextPassword:: ${DNSPASS_B64}
16 isCriticalSystemObject: TRUE