python:samba: Use 'binddns dir' in samba-tool and samba_upgradedns

This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 91d2105929c246c0f2000307a1c9582f92fb9eb7..f820f6ab67535e8f745160d018bcf0750e8d637c 100644 (file)
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -27,6 +27,7 @@
 __docformat__ = "restructuredText"
 
 from base64 import b64encode
+import errno
 import os
 import re
 import pwd
@@ -145,6 +146,7 @@ class ProvisionPaths(object):
         self.dns = None
         self.winsdb = None
         self.private_dir = None
+        self.binddns_dir = None
         self.state_dir = None
 
 
@@ -531,6 +533,7 @@ def provision_paths_from_lp(lp, dnsdomain):
     """
     paths = ProvisionPaths()
     paths.private_dir = lp.get("private dir")
+    paths.binddns_dir = lp.get("binddns dir")
     paths.state_dir = lp.get("state directory")
 
     # This is stored without path prefix for the "privateKeytab" attribute in
@@ -543,16 +546,18 @@ def provision_paths_from_lp(lp, dnsdomain):
     paths.idmapdb = os.path.join(paths.private_dir, "idmap.ldb")
     paths.secrets = os.path.join(paths.private_dir, "secrets.ldb")
     paths.privilege = os.path.join(paths.private_dir, "privilege.ldb")
-    paths.dns = os.path.join(paths.private_dir, "dns", dnsdomain + ".zone")
     paths.dns_update_list = os.path.join(paths.private_dir, "dns_update_list")
     paths.spn_update_list = os.path.join(paths.private_dir, "spn_update_list")
-    paths.namedconf = os.path.join(paths.private_dir, "named.conf")
-    paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update")
-    paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
     paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
     paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf")
     paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
     paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
+
+    paths.dns = os.path.join(paths.binddns_dir, "dns", dnsdomain + ".zone")
+    paths.namedconf = os.path.join(paths.binddns_dir, "named.conf")
+    paths.namedconf_update = os.path.join(paths.binddns_dir, "named.conf.update")
+    paths.namedtxt = os.path.join(paths.binddns_dir, "named.txt")
+
     paths.hklm = "hklm.ldb"
     paths.hkcr = "hkcr.ldb"
     paths.hkcu = "hkcu.ldb"
@@ -945,6 +950,10 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp):
     if os.path.exists(keytab_path):
         os.unlink(keytab_path)
 
+    bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+    if os.path.exists(bind_dns_keytab_path):
+        os.unlink(bind_dns_keytab_path)
+
     dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
     if os.path.exists(dns_keytab_path):
         os.unlink(dns_keytab_path)
@@ -1928,6 +1937,15 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
     else:
         samdb.transaction_commit()
 
+def directory_create_or_exists(path, mode=0o755):
+    if not os.path.exists(path):
+        try:
+            os.mkdir(path, mode)
+        except OSError as e:
+            if e.errno in [errno.EEXIST]:
+                pass
+            else:
+                raise ProvisioningError("Failed to create directory %s: %s" % (path, e.strerror))
 
 def provision(logger, session_info, smbconf=None,
         targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
@@ -2064,12 +2082,10 @@ def provision(logger, session_info, smbconf=None,
     if serverrole is None:
         serverrole = lp.get("server role")
 
-    if not os.path.exists(paths.private_dir):
-        os.mkdir(paths.private_dir, 0o700)
-    if not os.path.exists(os.path.join(paths.private_dir, "tls")):
-        os.makedirs(os.path.join(paths.private_dir, "tls"), 0700)
-    if not os.path.exists(paths.state_dir):
-        os.mkdir(paths.state_dir)
+    directory_create_or_exists(paths.private_dir, 0o700)
+    directory_create_or_exists(paths.binddns_dir, 0o770)
+    directory_create_or_exists(os.path.join(paths.private_dir, "tls"))
+    directory_create_or_exists(paths.state_dir)
 
     if paths.sysvol and not os.path.exists(paths.sysvol):
         os.makedirs(paths.sysvol, 0775)
@@ -2198,16 +2214,34 @@ def provision(logger, session_info, smbconf=None,
     # Now commit the secrets.ldb to disk
     secrets_ldb.transaction_commit()
 
-    # the commit creates the dns.keytab, now chown it
-    dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
-    if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+    # the commit creates the dns.keytab in the private directory
+    private_dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+    bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+
+    if os.path.isfile(private_dns_keytab_path):
+        if os.path.isfile(bind_dns_keytab_path):
+            try:
+                os.unlink(bind_dns_keytab_path)
+            except OSError as e:
+                logger.error("Failed to remove %s: %s" %
+                             (bind_dns_keytab_path, e.strerror))
+
+        # link the dns.keytab to the bind-dns directory
         try:
-            os.chmod(dns_keytab_path, 0640)
-            os.chown(dns_keytab_path, -1, paths.bind_gid)
-        except OSError:
-            if not os.environ.has_key('SAMBA_SELFTEST'):
-                logger.info("Failed to chown %s to bind gid %u",
-                            dns_keytab_path, paths.bind_gid)
+            os.link(private_dns_keytab_path, bind_dns_keytab_path)
+        except OSError as e:
+            logger.error("Failed to create link %s -> %s: %s" %
+                         (private_dns_keytab_path, bind_dns_keytab_path, e.strerror))
+
+        # chown the dns.keytab in the bind-dns directory
+        if paths.bind_gid is not None:
+            try:
+                os.chmod(bind_dns_keytab_path, 0640)
+                os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
+            except OSError:
+                if not os.environ.has_key('SAMBA_SELFTEST'):
+                    logger.info("Failed to chown %s to bind gid %u",
+                                bind_dns_keytab_path, paths.bind_gid)
 
     result = ProvisionResult()
     result.server_role = serverrole

diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index dcb19c7053ce5366d103b49cefcf20cf6fbf2e70..d4cb93a89ea85de9ab98f25b80646d08bd974fda 100644 (file)
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -649,7 +649,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
             fqdn_hostname)
 
 
-def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
+def secretsdb_setup_dns(secretsdb, names, private_dir, binddns_dir, realm,
                         dnsdomain, dns_keytab_path, dnspass, key_version_number):
     """Add DNS specific bits to a secrets database.
 
@@ -659,12 +659,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
     """
     try:
         os.unlink(os.path.join(private_dir, dns_keytab_path))
+        os.unlink(os.path.join(binddns_dir, dns_keytab_path))
     except OSError:
         pass
 
     if key_version_number is None:
         key_version_number = 1
 
+    # This will create the dns.keytab file in the private_dir when it is
+    # commited!
     setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
             "REALM": realm,
             "DNSDOMAIN": dnsdomain,
@@ -954,7 +957,7 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
                     })
 
 
-def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
+def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
     keytab_name):
     """Write out a file containing zone statements suitable for inclusion in a
     named.conf file (including GSS-TSIG configuration).
@@ -962,7 +965,7 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
     :param path: Path of the new named.conf file.
     :param realm: Realm name
     :param dnsdomain: DNS Domain name
-    :param private_dir: Path to private directory
+    :param binddns_dir: Path to bind dns directory
     :param keytab_name: File name of DNS keytab file
     """
     setup_file(setup_path("named.txt"), path, {
@@ -970,8 +973,8 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
             "DNSNAME" : dnsname,
             "REALM": realm,
             "DNS_KEYTAB": keytab_name,
-            "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
-            "PRIVATE_DIR": private_dir
+            "DNS_KEYTAB_ABS": os.path.join(binddns_dir, keytab_name),
+            "PRIVATE_DIR": binddns_dir
         })
 
 
@@ -1194,7 +1197,9 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
     domainguid = get_domainguid(samdb, domaindn)
 
     secretsdb_setup_dns(secretsdb, names,
-                        paths.private_dir, realm=names.realm,
+                        paths.private_dir,
+                        paths.binddns_dir,
+                        realm=names.realm,
                         dnsdomain=names.dnsdomain,
                         dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
                         key_version_number=key_version_number)
@@ -1218,7 +1223,7 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
     create_named_txt(paths.namedtxt,
                      realm=names.realm, dnsdomain=names.dnsdomain,
                      dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
-                     private_dir=paths.private_dir,
+                     binddns_dir=paths.binddns_dir,
                      keytab_name=paths.dns_keytab)
     logger.info("See %s for an example configuration include file for BIND",
                 paths.namedconf)

diff --git a/python/samba/tests/provision.py b/python/samba/tests/provision.py
index 11b0135f473991233d78de0ff2306e408562b32d..bada14f5936e44f47ce1c88be6fbdbefb13e9337 100644 (file)
--- a/python/samba/tests/provision.py
+++ b/python/samba/tests/provision.py
@@ -42,6 +42,7 @@ def create_dummy_secretsdb(path, lp=None):
     paths = ProvisionPaths()
     paths.secrets = path
     paths.private_dir = os.path.dirname(path)
+    paths.binddns_dir = os.path.dirname(path)
     paths.keytab = "no.keytab"
     paths.dns_keytab = "no.dns.keytab"
     secrets_ldb = setup_secretsdb(paths, None, None, lp=lp)
@@ -59,6 +60,7 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
         secrets_tdb_path = os.path.join(self.tempdir, "secrets.tdb")
         paths.secrets = path
         paths.private_dir = os.path.dirname(path)
+        paths.binddns_dir = os.path.dirname(path)
         paths.keytab = "no.keytab"
         paths.dns_keytab = "no.dns.keytab"
         ldb = setup_secretsdb(paths, None, None, lp=env_loadparm())

diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index d00b67daca1937b162df8e989f9e07459b867dfe..231e05fca9a28371cad0a7d52dbcbbb27614caec 100755 (executable)
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -446,7 +446,7 @@ if __name__ == '__main__':
                 dns_key_version_number = None
 
             secretsdb_setup_dns(ldbs.secrets, names,
-                                paths.private_dir, realm=names.realm,
+                                paths.private_dir, paths.binddns_dir, realm=names.realm,
                                 dnsdomain=names.dnsdomain,
                                 dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
                                 key_version_number=dns_key_version_number)
@@ -454,15 +454,34 @@ if __name__ == '__main__':
         else:
             logger.info("dns-%s account already exists" % hostname)
 
-        dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
-        if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+        private_dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+        bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+
+        if os.path.isfile(private_dns_keytab_path):
+            if os.path.isfile(bind_dns_keytab_path):
+                try:
+                    os.unlink(bind_dns_keytab_path)
+                except OSError as e:
+                    logger.error("Failed to remove %s: %s" %
+                                 (bind_dns_keytab_path, e.strerror))
+
+            # link the dns.keytab to the bind-dns directory
             try:
-                os.chmod(dns_keytab_path, 0640)
-                os.chown(dns_keytab_path, -1, paths.bind_gid)
-            except OSError:
-                if not os.environ.has_key('SAMBA_SELFTEST'):
-                    logger.info("Failed to chown %s to bind gid %u",
-                                dns_keytab_path, paths.bind_gid)
+                os.link(private_dns_keytab_path, bind_dns_keytab_path)
+            except OSError as e:
+                logger.error("Failed to create link %s -> %s: %s" %
+                             (private_dns_keytab_path, bind_dns_keytab_path, e.strerror))
+
+            # chown the dns.keytab in the bind-dns directory
+            if paths.bind_gid is not None:
+                try:
+                    os.chmod(bind_dns_keytab_path, 0640)
+                    os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
+                except OSError:
+                    if not os.environ.has_key('SAMBA_SELFTEST'):
+                        logger.info("Failed to chown %s to bind gid %u",
+                                    bind_dns_keytab_path, paths.bind_gid)
+
 
         # This forces a re-creation of dns directory and all the files within
         # It's an overkill, but it's easier to re-create a samdb copy, rather
@@ -476,7 +495,7 @@ if __name__ == '__main__':
         create_named_conf(paths, names.realm, dnsdomain, opts.dns_backend, logger)
 
         create_named_txt(paths.namedtxt, names.realm, dnsdomain, dnsname,
-                         paths.private_dir, paths.dns_keytab)
+                         paths.binddns_dir, paths.dns_keytab)
         logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
         logger.info("and %s for further documentation required for secure DNS "
                     "updates", paths.namedtxt)

diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index 99e97b7f28ff37428d00dcf11b4f5bdc6b61c15a..d11175314c6444b18e6b4cdcb9f5fd1d87cefed6 100755 (executable)
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -207,7 +207,7 @@ creds.set_kerberos_state(DONT_USE_KERBEROS)
 
 
 
-def check_for_DNS(refprivate, private, dns_backend):
+def check_for_DNS(refprivate, private, refbinddns_dir, binddns_dir, dns_backend):
     """Check if the provision has already the requirement for dynamic dns
 
     :param refprivate: The path to the private directory of the reference
@@ -229,17 +229,17 @@ def check_for_DNS(refprivate, private, dns_backend):
 
     namedfile = lp.get("dnsupdate:path")
     if not namedfile:
-       namedfile = "%s/named.conf.update" % private
+       namedfile = "%s/named.conf.update" % binddns_dir
     if not os.path.exists(namedfile):
-        destdir = "%s/new_dns" % private
-        dnsdir = "%s/dns" % private
+        destdir = "%s/new_dns" % binddns_dir
+        dnsdir = "%s/dns" % binddns_dir
 
         if not os.path.exists(destdir):
             os.mkdir(destdir)
         if not os.path.exists(dnsdir):
             os.mkdir(dnsdir)
-        shutil.copy("%s/named.conf" % refprivate, "%s/named.conf" % destdir)
-        shutil.copy("%s/named.txt" % refprivate, "%s/named.txt" % destdir)
+        shutil.copy("%s/named.conf" % refbinddns_dir, "%s/named.conf" % destdir)
+        shutil.copy("%s/named.txt" % refbinddns_dir, "%s/named.txt" % destdir)
         message(SIMPLE, "It seems that your provision did not integrate "
                 "new rules for dynamic dns update of domain related entries")
         message(SIMPLE, "A copy of the new bind configuration files and "
@@ -1793,7 +1793,9 @@ if __name__ == '__main__':
         # 20)
         updateOEMInfo(ldbs.sam, str(names.rootdn))
         # 21)
-        check_for_DNS(newpaths.private_dir, paths.private_dir, names.dns_backend)
+        check_for_DNS(newpaths.private_dir, paths.private_dir,
+                      newpaths.binddns_dir, paths.binddns_dir,
+                      names.dns_backend)
         # 22)
         update_provision_usn(ldbs.sam, minUSN, maxUSN, names.invocation)
         if opts.full and (names.policyid is None or names.policyid_dc is None):

diff --git a/source4/selftest/provisions/alpha13/etc/smb.conf.template b/source4/selftest/provisions/alpha13/etc/smb.conf.template
index ffdcc0414118069348b70a371dd03b6cadff2fc2..ed0ab9c5ff1324bfb4a18a6b582da0a0c319d000 100644 (file)
--- a/source4/selftest/provisions/alpha13/etc/smb.conf.template
+++ b/source4/selftest/provisions/alpha13/etc/smb.conf.template
@@ -5,6 +5,7 @@
        server role     = domain controller
 
        private dir = @@PREFIX@@/private
+       binddns dir = @@PREFIX@@/bind-dns
        lock dir = @@PREFIX@@/
        posix:eadb = @@PREFIX@@/private/eadb.tdb
 

diff --git a/source4/selftest/provisions/alpha13/private/named.txt b/source4/selftest/provisions/alpha13/private/named.txt
index e44414776dfd67490de517d336bd50a789782185..c609bbab3ad118d54238e8342722e9617be7e76b 100644 (file)
--- a/source4/selftest/provisions/alpha13/private/named.txt
+++ b/source4/selftest/provisions/alpha13/private/named.txt
@@ -11,13 +11,13 @@ tkey-domain "ALPHA13.SAMBA.CORP";
 # - Modify BIND init scripts to pass the location of the generated keytab file.
 # Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named
 # for this purpose:
-KEYTAB_FILE="/home/mat/workspace/samba/alpha13/private/dns.keytab"
+KEYTAB_FILE="/home/mat/workspace/samba/alpha13/bind-dns/dns.keytab"
 # Note that the Fedora scripts translate KEYTAB_FILE behind the scenes into a
 # variable named KRB5_KTNAME, which is ultimately passed to the BIND daemon.  If
 # your distribution does not provide a variable like KEYTAB_FILE to pass a
 # keytab file to the BIND daemon, a workaround is to place the following line in
 # BIND's sysconfig file or in the init script for BIND:
-export KRB5_KTNAME="/home/mat/workspace/samba/alpha13/private/dns.keytab"
+export KRB5_KTNAME="/home/mat/workspace/samba/alpha13/bind-dns/dns.keytab"
 
 # - Set appropriate ownership and permissions on the dns.keytab file.  Note
 # that most distributions have BIND configured to run under a non-root user
@@ -26,8 +26,8 @@ export KRB5_KTNAME="/home/mat/workspace/samba/alpha13/private/dns.keytab"
 # by the user that BIND run as.  If BIND is running as a non-root user, the
 # "dns.keytab" file must have its permissions altered to allow the daemon to
 # read it.  Under Fedora 9, execute the following commands:
-chgrp named /home/mat/workspace/samba/alpha13/private/dns.keytab
-chmod g+r /home/mat/workspace/samba/alpha13/private/dns.keytab
+chgrp named /home/mat/workspace/samba/alpha13/bind-dns/dns.keytab
+chmod g+r /home/mat/workspace/samba/alpha13/bind-dns/dns.keytab
 
 # - Ensure the BIND zone file(s) that will be dynamically updated are in a
 # directory where the BIND daemon can write.  When BIND performs dynamic
@@ -43,4 +43,4 @@ chmod g+r /home/mat/workspace/samba/alpha13/private/dns.keytab
 # file contexts.  The dns.keytab file must be accessible by the BIND daemon
 # and should have a SELinux type of named_conf_t.  This can be set with the
 # following command:
-chcon -t named_conf_t /home/mat/workspace/samba/alpha13/private/dns.keytab
+chcon -t named_conf_t /home/mat/workspace/samba/alpha13/bind-dns/dns.keytab

diff --git a/source4/selftest/provisions/release-4-0-0/etc/smb.conf.template b/source4/selftest/provisions/release-4-0-0/etc/smb.conf.template
index 8c760f9a32fc7fcfcf4058722bf3d09fb8b0bfbd..a22317d1b41e35d51c15a4f70422e1d682fb075d 100644 (file)
--- a/source4/selftest/provisions/release-4-0-0/etc/smb.conf.template
+++ b/source4/selftest/provisions/release-4-0-0/etc/smb.conf.template
@@ -5,6 +5,7 @@
        server role     = domain controller
 
        private dir = @@PREFIX@@/private
+       binddns dir = @@PREFIX@@/bind-dns
        lock dir = @@PREFIX@@/
        posix:eadb = @@PREFIX@@/private/eadb.tdb
 

diff --git a/source4/selftest/provisions/release-4-1-0rc3/etc/smb.conf.template b/source4/selftest/provisions/release-4-1-0rc3/etc/smb.conf.template
index d67c3c916eb995be6e9739e6e0b5af772b790476..eb430bb58353e51d21097fbc647ba7ccc6acb921 100644 (file)
--- a/source4/selftest/provisions/release-4-1-0rc3/etc/smb.conf.template
+++ b/source4/selftest/provisions/release-4-1-0rc3/etc/smb.conf.template
@@ -5,6 +5,7 @@
        server role     = domain controller
 
        private dir = @@PREFIX@@/private
+       binddns dir = @@PREFIX@@/bind-dns
        lock dir = @@PREFIX@@/
        posix:eadb = @@PREFIX@@/private/eadb.tdb
 

diff --git a/source4/selftest/provisions/release-4-1-0rc3/private/named.txt b/source4/selftest/provisions/release-4-1-0rc3/private/named.txt
index aaa7473086b688de18c4cefd2a55cf4001da3597..0c7e387d88c682c6898951eca9e82311cd9f92cf 100644 (file)
--- a/source4/selftest/provisions/release-4-1-0rc3/private/named.txt
+++ b/source4/selftest/provisions/release-4-1-0rc3/private/named.txt
@@ -10,7 +10,7 @@
 
 # 1. Insert following lines into the options {} section of your named.conf
 #    file:
-tkey-gssapi-keytab "/data/samba/git/samba4.1/st/promoted_dc/private/dns.keytab";
+tkey-gssapi-keytab "/data/samba/git/samba4.1/st/promoted_dc/bind-dns/dns.keytab";
 
 #
 # Common Steps for BIND 9.x.x --------------------------------------------
@@ -24,8 +24,8 @@ tkey-gssapi-keytab "/data/samba/git/samba4.1/st/promoted_dc/private/dns.keytab";
 #    is running as a non-root user, the "dns.keytab" file must have its
 #    permissions altered to allow the daemon to read it.  Under Fedora 9,
 #    execute the following commands:
-chgrp named /data/samba/git/samba4.1/st/promoted_dc/private/dns.keytab
-chmod g+r /data/samba/git/samba4.1/st/promoted_dc/private/dns.keytab
+chgrp named /data/samba/git/samba4.1/st/promoted_dc/bind-dns/dns.keytab
+chmod g+r /data/samba/git/samba4.1/st/promoted_dc/bind-dns/dns.keytab
 
 # 3. Ensure the BIND zone file(s) that will be dynamically updated are in
 #    a directory where the BIND daemon can write.  When BIND performs
@@ -42,4 +42,4 @@ chmod g+r /data/samba/git/samba4.1/st/promoted_dc/private/dns.keytab
 #    SELinux file contexts.  The dns.keytab file must be accessible by the
 #    BIND daemon and should have a SELinux type of named_conf_t.  This can be
 #    set with the following command:
-chcon -t named_conf_t /data/samba/git/samba4.1/st/promoted_dc/private/dns.keytab
+chcon -t named_conf_t /data/samba/git/samba4.1/st/promoted_dc/bind-dns/dns.keytab

diff --git a/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
index 17b81fd8d54cf0bc70966c93d667ff83ce67388c..48cb11181d85fca425835f9b6b885fa4e008ed8a 100644 (file)
--- a/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
+++ b/source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
@@ -4,6 +4,7 @@
        workgroup = SAMBADOMAIN
        realm = SAMBA.EXAMPLE.COM
        private dir = @@PREFIX@@/private
+       binddns dir = @@PREFIX@@/bind-dns
        lock dir = @@PREFIX@@/
        posix:eadb = @@PREFIX@@/private/eadb.tdb
 

diff --git a/wintest/wintest.py b/wintest/wintest.py
index 3493df4e45751a00f1507296f20decbd606c8922..4fe35e3481ab0e03e6dac9a3d53db4e444d08fc2 100644 (file)
--- a/wintest/wintest.py
+++ b/wintest/wintest.py
@@ -341,15 +341,15 @@ nameserver %s
         elif self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
             if self.named_supports_gssapi_keytab():
                 self.setvar("NAMED_TKEY_OPTION",
-                         'tkey-gssapi-keytab "${PREFIX}/private/dns.keytab";')
+                         'tkey-gssapi-keytab "${PREFIX}/bind-dns/dns.keytab";')
             else:
                 self.info("LCREALM=${LCREALM}")
                 self.setvar("NAMED_TKEY_OPTION",
                          '''tkey-gssapi-credential "DNS/${LCREALM}";
                             tkey-domain "${LCREALM}";
                  ''')
-            self.putenv('KEYTAB_FILE', '${PREFIX}/private/dns.keytab')
-            self.putenv('KRB5_KTNAME', '${PREFIX}/private/dns.keytab')
+            self.putenv('KEYTAB_FILE', '${PREFIX}/bind-dns/dns.keytab')
+            self.putenv('KRB5_KTNAME', '${PREFIX}/bind-dns/dns.keytab')
         else:
             self.setvar("NAMED_TKEY_OPTION", "")