--- /dev/null
+[globals]
+ netbios name = promotedvdc
+ workgroup = SAMBA
+ realm = release-4-1-0rc3.samba.corp
+ server role = domain controller
+
+ private dir = @@PREFIX@@/private
+ lock dir = @@PREFIX@@/
+ posix:eadb = @@PREFIX@@/private/eadb.tdb
+
+[netlogon]
+ path = @@PREFIX@@/sysvol/release-4-1-0rc3.samba.corp/scripts
+ read only = no
+
+[sysvol]
+ path = @@PREFIX@@/sysvol
+ read only = no
--- /dev/null
+# this is a list of DNS entries which will be put into DNS using
+# dynamic DNS update. It is processed by the samba_dnsupdate script
+A ${DNSDOMAIN} $IP
+A ${HOSTNAME} $IP
+AAAA ${DNSDOMAIN} $IP
+AAAA ${HOSTNAME} $IP
+
+A gc._msdcs.${DNSFOREST} $IP
+AAAA gc._msdcs.${DNSFOREST} $IP
+
+CNAME ${NTDSGUID}._msdcs.${DNSFOREST} ${HOSTNAME}
+
+SRV _kpasswd._tcp.${DNSDOMAIN} ${HOSTNAME} 464
+SRV _kpasswd._udp.${DNSDOMAIN} ${HOSTNAME} 464
+
+SRV _kerberos._tcp.${DNSDOMAIN} ${HOSTNAME} 88
+SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88
+SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88
+SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 88
+SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88
+SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88
+
+SRV _kerberos._udp.${DNSDOMAIN} ${HOSTNAME} 88
+
+SRV _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} 389
+SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389
+SRV _ldap._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389
+SRV _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268
+SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389
+SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389
+SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 389
+SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389
+SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389
+SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268
+SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389
+
+
+SRV _gc._tcp.${DNSFOREST} ${HOSTNAME} 3268
+SRV _gc._tcp.${SITE}._sites.${DNSFOREST} ${HOSTNAME} 3268
--- /dev/null
+# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
+#
+# This file should be included in your main BIND configuration file
+#
+# For example with
+# include "/data/samba/git/samba/st/promoted_dc/private/named.conf";
+
+#
+# This configures dynamically loadable zones (DLZ) from AD schema
+# Uncomment only single database line, depending on your BIND version
+#
+dlz "AD DNS Zone" {
+ # For BIND 9.8.0
+ database "dlopen /data/samba/git/samba/bin/modules/bind9/dlz_bind9.so";
+
+ # For BIND 9.9.0
+ # database "dlopen /data/samba/git/samba/bin/modules/bind9/dlz_bind9_9.so";
+};
--- /dev/null
+/* this file is auto-generated - do not edit */
+update-policy {
+ grant RELEASE-4-1-0RC3.SAMBA.CORP ms-self * A AAAA;
+ grant Administrator@RELEASE-4-1-0RC3.SAMBA.CORP wildcard * A AAAA SRV CNAME;
+ grant PROMOTEDVDC$@release-4-1-0rc3.samba.corp wildcard * A AAAA SRV CNAME;
+ grant LOCALDC$@release-4-1-0rc3.samba.corp wildcard * A AAAA SRV CNAME;
+};
--- /dev/null
+# Additional informations for DNS setup using BIND
+
+# If you are running a capable version of BIND and you wish to support
+# secure GSS-TSIG updates, you must make the following configuration
+# changes:
+
+#
+# Steps for BIND 9.8.x and 9.9.x -----------------------------------------
+#
+
+# 1. Insert following lines into the options {} section of your named.conf
+# file:
+tkey-gssapi-keytab "/data/samba/git/samba/st/promoted_dc/private/dns.keytab";
+
+#
+# Common Steps for BIND 9.x.x --------------------------------------------
+#
+
+# 2. Set appropriate ownership and permissions on the dns.keytab file.
+# Note that the most distributions have BIND configured to run under a
+# non-root user account. For example, Fedora 9 runs BIND as the user
+# "named" once the daemon relinquishes its rights. Therefore, the file
+# dns.keytab must be readable by the user that BIND run as. If BIND
+# is running as a non-root user, the "dns.keytab" file must have its
+# permissions altered to allow the daemon to read it. Under Fedora 9,
+# execute the following commands:
+chgrp named /data/samba/git/samba/st/promoted_dc/private/dns.keytab
+chmod g+r /data/samba/git/samba/st/promoted_dc/private/dns.keytab
+
+# 3. Ensure the BIND zone file(s) that will be dynamically updated are in
+# a directory where the BIND daemon can write. When BIND performs
+# dynamic updates, it not only needs to update the zone file itself but
+# it must also create a journal (.jnl) file to track the dynamic updates
+# as they occur. Under Fedora 9, the /var/named directory can not be
+# written to by the "named" user. However, the directory /var/named/dynamic
+# directory does provide write access. Therefore the zone files were
+# placed under the /var/named/dynamic directory. The file directives in
+# both example zone statements at the beginning of this file were changed
+# by prepending the directory "dynamic/".
+
+# 4. If SELinux is enabled, ensure that all files have the appropriate
+# SELinux file contexts. The dns.keytab file must be accessible by the
+# BIND daemon and should have a SELinux type of named_conf_t. This can be
+# set with the following command:
+chcon -t named_conf_t /data/samba/git/samba/st/promoted_dc/private/dns.keytab
--- /dev/null
+# this is a list of servicePrincipalName entries
+# that we need to add on our account. It is processed by
+# the samba_spnupdate script
+
+HOST/${HOSTNAME}
+HOST/${HOSTNAME}/${WORKGROUP}
+ldap/${HOSTNAME}/${WORKGROUP}
+GC/${HOSTNAME}/${DNSFOREST}
+ldap/${HOSTNAME}
+HOST/${HOSTNAME}/${DNSDOMAIN}
+ldap/${HOSTNAME}/${DNSDOMAIN}
+HOST/${NETBIOSNAME}
+E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
+ldap/${NTDSGUID}._msdcs.${DNSFOREST}
+ldap/${NETBIOSNAME}
+RestrictedKrbHost/${NETBIOSNAME}
+RestrictedKrbHost/${HOSTNAME}
+ldap/${HOSTNAME}/DomainDnsZones.${DNSDOMAIN}
+ldap/${HOSTNAME}/ForestDnsZones.${DNSDOMAIN}
+
+# These are not supported yet:
+# NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/${HOSTNAME}
+# Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/${HOSTNAME}
+#
+# Only used in DNS mode: (This is added on dns-${HOSTNAME} account, should not be added here)
+# DNS/${HOSTNAME}
+#
+# Only used on Terminal Server mode:
+# TERMSRV/${HOSTNAME}
+# TERMSRV/${NETBIOSNAME}