provision: add a default root key

author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Wed, 28 Feb 2024 02:28:22 +0000 (15:28 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 1 Mar 2024 00:19:45 +0000 (00:19 +0000)
author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Wed, 28 Feb 2024 02:28:22 +0000 (15:28 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 1 Mar 2024 00:19:45 +0000 (00:19 +0000)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py

index 56ca74964078861bda8573547717525a3a7c51ef..c8731c4962f59ad4d561d57f21037cd12c7b1121 100644 (file)
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -2401,6 +2401,10 @@ def provision(logger, session_info, smbconf=None,
                  if updates_allowed_overridden:
                      lp.set("dsdb:schema update allowed", "no")
  
+                gkdi_root_key_dn = samdb.new_gkdi_root_key()
+                logger.info("gkdi/gmsa root key added with guid "
+                            f"{gkdi_root_key_dn.get_rdn_value()}")
+
          if not is_heimdal_built():
              create_kdc_conf(paths.kdcconf, realm, domain, os.path.dirname(lp.get("log file")))
              logger.info("The Kerberos KDC configuration for Samba AD is "
diff --git a/selftest/knownfail.d/gkdi-root-key-at-provision b/selftest/knownfail.d/gkdi-root-key-at-provision

deleted file mode 100644 (file)

index 9ef4f22..0000000
--- a/selftest/knownfail.d/gkdi-root-key-at-provision
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dsdb_quiet_provision_tests.+test_dsdb_dn_gkdi_gmsa_root_keys_exist
-\ No newline at end of file
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Wed, 28 Feb 2024 02:28:22 +0000 (15:28 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 1 Mar 2024 00:19:45 +0000 (00:19 +0000)
python/samba/provision/__init__.py		patch \| blob \| blame \| history
selftest/knownfail.d/gkdi-root-key-at-provision	[deleted file]	patch \| blob \| blame \| history