1 dn: flatname
=$
{DOMAIN
},CN=Primary Domains
3 objectClass: primaryDomain
4 objectClass: kerberosSecret
7 secret
:: $
{MACHINEPASS_B64
}
9 sAMAccountName
: $
{NETBIOSNAME
}$
10 msDS
-KeyVersionNumber
: 1
11 objectSid
: $
{DOMAINSID
}
12 privateKeytab
: $
{SECRETS_KEYTAB
}
14 # A hook from our credentials system into HDB, as we must be on a KDC,
15 # we can look directly into the database.
16 dn: samAccountName
=krbtgt
,flatname
=$
{DOMAIN
},CN=Principals
19 objectClass: kerberosSecret
22 sAMAccountName
: krbtgt
23 objectSid
: $
{DOMAINSID
}
24 servicePrincipalName
: kadmin
/changepw
25 krb5Keytab
: HDB
:samba4
:$
{SAM_LDB
}:
26 #The trailing : here is a HACK, but it matches the Heimdal format.
28 # A hook from our credentials system into HDB, as we must be on a KDC,
29 # we can look directly into the database.
30 dn: servicePrincipalName
=DNS
/$
{DNSDOMAIN
},CN=Principals
33 objectClass: kerberosSecret
35 servicePrincipalName
: DNS
/$
{DNSDOMAIN
}
36 msDS
-KeyVersionNumber
: 1
37 privateKeytab
: $
{DNS_KEYTAB
}
38 secret
:: $
{DNSPASS_B64
}