s4:provision - Fix up the provision of "standalone" and "member" mode

Both modes weren't possible anymore since 1.) the secrets entry wasn't created,
2.) a lookup in winbindd was done using "lp_workgroup()" rather than
"lp_sam_name()" (since on the mentioned two configurations we use the netbios
name as domainname - and not the workgroup).

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 32286dceb3efb3073382f205114c3b947085505a..5bac6e64a5dd7cefdbd0a66e8cd00eae6fce574b 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1266,16 +1266,16 @@ def provision(setup_dir, message, session_info,
         message("Setting up sam.ldb rootDSE marking as synchronized")
         setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
 
-        # Only make a zone file on the first DC, it should be replicated with DNS replication
-        if serverrole == "domain controller":
-            secretsdb_self_join(secrets_ldb, domain=names.domain,
-                                realm=names.realm,
-                                dnsdomain=names.dnsdomain,
-                                netbiosname=names.netbiosname,
-                                domainsid=domainsid, 
-                                machinepass=machinepass,
-                                secure_channel_type=SEC_CHAN_BDC)
 
+        secretsdb_self_join(secrets_ldb, domain=names.domain,
+                             realm=names.realm,
+                             dnsdomain=names.dnsdomain,
+                             netbiosname=names.netbiosname,
+                             domainsid=domainsid, 
+                             machinepass=machinepass,
+                             secure_channel_type=SEC_CHAN_BDC)
+
+        if serverrole == "domain controller":
             secretsdb_setup_dns(secrets_ldb, setup_path, 
                                 realm=names.realm, dnsdomain=names.dnsdomain,
                                 dns_keytab_path=paths.dns_keytab,
@@ -1284,6 +1284,8 @@ def provision(setup_dir, message, session_info,
             domainguid = samdb.searchone(basedn=domaindn, attribute="objectGUID")
             assert isinstance(domainguid, str)
 
+            # Only make a zone file on the first DC, it should be replicated
+            # with DNS replication
             create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
                              hostip=hostip,
                              hostip6=hostip6, hostname=names.hostname,

diff --git a/source4/winbind/wb_setup_domains.c b/source4/winbind/wb_setup_domains.c
index 4791495e7f3ab302eb2cfe88b210b0ff668699d3..6b4fd891c5eac72cb6c38c2b24db9ce52e9fbb13 100644 (file)
--- a/source4/winbind/wb_setup_domains.c
+++ b/source4/winbind/wb_setup_domains.c
@@ -30,7 +30,7 @@ NTSTATUS wbsrv_setup_domains(struct wbsrv_service *service)
        primary_sid = secrets_get_domain_sid(service,
                                             service->task->event_ctx,
                                             service->task->lp_ctx,
-                                            lp_workgroup(service->task->lp_ctx));
+                                            lp_sam_name(service->task->lp_ctx));
        if (!primary_sid) {
                return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
        }