Changeset 740 for vendor/current/source4/setup
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- Location:
- vendor/current/source4/setup
- Files:
-
- 20 added
- 11 deleted
- 38 edited
-
DB_CONFIG (modified) (1 diff)
-
ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt (added)
-
ad-schema/MS-AD_Schema_2K8_R2_Classes.txt (added)
-
aggregate_schema.ldif (modified) (1 diff)
-
dns_update_list (added)
-
domainlevel (deleted)
-
enableaccount (deleted)
-
fedorads-dna.ldif (added)
-
fedorads-index.ldif (added)
-
fedorads-linked-attributes.ldif (added)
-
fedorads-pam.ldif (added)
-
fedorads-refint-add.ldif (added)
-
fedorads-refint-delete.ldif (added)
-
fedorads-samba.ldif (modified) (1 diff)
-
fedorads-sasl.ldif (modified) (1 diff)
-
fedorads.inf (modified) (1 diff)
-
idmap_init.ldif (modified) (1 diff)
-
krb5.conf (modified) (1 diff)
-
ldap_backend_startup.sh (deleted)
-
named.conf (modified) (2 diffs)
-
named.conf.update (added)
-
newuser (deleted)
-
provision (modified) (12 diffs)
-
provision.ldif (modified) (9 diffs)
-
provision.reg (modified) (3 diffs)
-
provision.smb.conf.dc (modified) (1 diff)
-
provision.smb.conf.member (modified) (1 diff)
-
provision.smb.conf.standalone (modified) (1 diff)
-
provision.zone (modified) (3 diffs)
-
provision_basedn.ldif (modified) (1 diff)
-
provision_basedn_modify.ldif (modified) (5 diffs)
-
provision_basedn_references.ldif (added)
-
provision_configuration.ldif (modified) (13 diffs)
-
provision_configuration_basedn.ldif (modified) (1 diff)
-
provision_configuration_basedn_modify.ldif (deleted)
-
provision_configuration_references.ldif (added)
-
provision_dns_add.ldif (added)
-
provision_group_policy.ldif (modified) (3 diffs)
-
provision_init.ldif (modified) (1 diff)
-
provision_options.ldif (deleted)
-
provision_partitions.ldif (modified) (1 diff)
-
provision_privilege.ldif (added)
-
provision_rootdse_add.ldif (modified) (1 diff)
-
provision_schema_basedn.ldif (modified) (1 diff)
-
provision_schema_basedn_modify.ldif (modified) (1 diff)
-
provision_self_join.ldif (modified) (2 diffs)
-
provision_self_join_modify.ldif (modified) (1 diff)
-
provision_users.ldif (modified) (22 diffs)
-
pwsettings (deleted)
-
schema-map-fedora-ds-1.0 (modified) (2 diffs)
-
schema-map-openldap-2.3 (modified) (2 diffs)
-
schema_samba4.ldif (modified) (6 diffs)
-
secrets_dns.ldif (modified) (2 diffs)
-
secrets_init.ldif (modified) (2 diffs)
-
secrets_self_join.ldif (deleted)
-
setexpiry (deleted)
-
setpassword (deleted)
-
slapd.conf (modified) (4 diffs)
-
spn_update_list (added)
-
tests/blackbox_group.sh (added)
-
tests/blackbox_newuser.sh (modified) (1 diff)
-
tests/blackbox_provision-backend.sh (modified) (1 diff)
-
tests/blackbox_provision.sh (modified) (1 diff)
-
tests/blackbox_setpassword.sh (modified) (1 diff)
-
tests/blackbox_spn.sh (added)
-
tests/blackbox_upgradeprovision.sh (added)
-
upgrade (deleted)
-
upgrade_from_s3 (added)
-
wscript_build (added)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source4/setup/DB_CONFIG
r414 r740 1 set_cachesize 0 524288 0 2 set_lg_regionmax 104857 3 set_lg_max 1048576 4 set_lg_bsize 209715 1 # set 32MiB, single-segment cache 2 set_cachesize 0 33554432 1 3 4 # set transaction log autoremoval; disable if you use them for backups 5 set_flags DB_LOG_AUTOREMOVE 6 7 # these should be left at default for most installs 8 set_lg_max 10485760 9 set_lg_bsize 2097152 10 5 11 set_lg_dir ${LDAPDBDIR}/bdb-logs 6 set_tmp_dir ${LDAPDBDIR}/tmp 12 13 # tmp_dir stuff is not used by OpenLDAP 14 #set_tmp_dir ${LDAPDBDIR}/tmp -
vendor/current/source4/setup/aggregate_schema.ldif
r414 r740 2 2 objectClass: top 3 3 objectClass: subSchema 4 showInAdvancedViewOnly: FALSE 5 systemFlags: 134217728 -
vendor/current/source4/setup/fedorads-samba.ldif
r414 r740 8 8 objectClass: person 9 9 cn: samba-admin 10 sn: samba-admin 10 11 userPassword: {CLEAR}${LDAPADMINPASS} 12 13 dn: ou=Ranges,${SAMBADN} 14 objectClass: top 15 objectClass: organizationalUnit 16 ou: Ranges 17 18 dn: cn=Samba SIDs,ou=Ranges,${SAMBADN} 19 objectClass: top 20 objectClass: nsContainer 21 cn: Samba SIDs -
vendor/current/source4/setup/fedorads-sasl.ldif
r414 r740 8 8 nsSaslMapFilterTemplate: (objectclass=*) 9 9 10 dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config 11 changetype: delete 12 13 dn: cn=rfc 2829 dn syntax,cn=mapping,cn=sasl,cn=config 14 changetype: delete 15 16 dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config 17 changetype: delete 18 19 dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config 20 changetype: delete -
vendor/current/source4/setup/fedorads.inf
r414 r740 9 9 RootDN= ${LDAPMANAGERDN} 10 10 RootDNPwd= ${LDAPMANAGERPASS} 11 ServerIdentifier= samba411 ServerIdentifier= ${LDAP_INSTANCE} 12 12 ${SERVERPORT} 13 13 14 inst_dir= ${LDAPDIR}/slapd- samba415 config_dir= ${LDAPDIR}/slapd- samba416 schema_dir= ${LDAPDIR}/slapd- samba4/schema17 lock_dir= ${LDAPDIR}/slapd- samba4/lock18 log_dir= ${LDAPDIR}/slapd- samba4/logs19 run_dir= ${LDAPDIR}/slapd- samba4/logs20 db_dir= ${LDAPDIR}/slapd- samba4/db21 bak_dir= ${LDAPDIR}/slapd- samba4/bak22 tmp_dir= ${LDAPDIR}/slapd- samba4/tmp23 ldif_dir= ${LDAPDIR}/slapd- samba4/ldif24 cert_dir= ${LDAPDIR}/slapd- samba414 inst_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE} 15 config_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE} 16 schema_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/schema 17 lock_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/lock 18 log_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/logs 19 run_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/logs 20 db_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/db 21 bak_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/bak 22 tmp_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/tmp 23 ldif_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE}/ldif 24 cert_dir= ${LDAPDIR}/slapd-${LDAP_INSTANCE} 25 25 26 26 start_server= 0 27 27 install_full_schema= 0 28 InstallLdifFile= none 28 29 SchemaFile=${LDAPDIR}/99_ad.ldif 29 30 ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif 30 31 ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif 32 ConfigFile = ${LDAPDIR}/fedorads-dna.ldif 33 ConfigFile = ${LDAPDIR}/fedorads-pam.ldif 34 ConfigFile = ${LDAPDIR}/fedorads-refint.ldif 35 ConfigFile = ${LDAPDIR}/fedorads-linked-attributes.ldif 36 ConfigFile = ${LDAPDIR}/fedorads-index.ldif -
vendor/current/source4/setup/idmap_init.ldif
r414 r740 3 3 lowerBound: 3000000 4 4 upperBound: 4000000 5 6 dn: @INDEXLIST 7 @IDXATTR: xidNumber 8 @IDXATTR: objectSid -
vendor/current/source4/setup/krb5.conf
r414 r740 2 2 default_realm = ${REALM} 3 3 dns_lookup_realm = false 4 dns_lookup_kdc = false 5 ticket_lifetime = 24h 6 forwardable = yes 7 8 [realms] 9 ${REALM} = { 10 kdc = ${HOSTNAME}.${DNSDOMAIN}:88 11 admin_server = ${HOSTNAME}.${DNSDOMAIN}:749 12 default_domain = ${DNSDOMAIN} 13 } 14 15 [domain_realm] 16 .${DNSDOMAIN} = ${REALM} 17 ${DNSDOMAIN} = ${REALM} 4 dns_lookup_kdc = true -
vendor/current/source4/setup/named.conf
r414 r740 2 2 # 3 3 # For example with 4 # include "${ PRIVATE_DIR}/named.conf";4 # include "${NAMED_CONF}"; 5 5 6 6 zone "${DNSDOMAIN}." IN { 7 7 type master; 8 file "${ PRIVATE_DIR}/${DNSDOMAIN}.zone";8 file "${ZONE_FILE}"; 9 9 /* 10 * Attention: Not all BIND versions support "ms-self". The instead use 11 * of allow-update { any; }; is another, but less secure possibility. 10 * the list of principals and what they can change is created 11 * dynamically by Samba, based on the membership of the domain controllers 12 * group. The provision just creates this file as an empty file. 12 13 */ 13 update-policy { 14 /* 15 * A rather long description here, as the "ms-self" option does 16 * not appear in any docs yet (it can only be found in the 17 * source code). 18 * 19 * The short of it is that each host is allowed to update its 20 * own A and AAAA records, when the update request is properly 21 * signed by the host itself. 22 * 23 * The long description is (look at the 24 * dst_gssapi_identitymatchesrealmms() call in lib/dns/ssu.c and 25 * its definition in lib/dns/gssapictx.c for details): 26 * 27 * A GSS-TSIG update request will be signed by a given signer 28 * (e.g. machine-name$@${REALM}). The signer name is split into 29 * the machine component (e.g. "machine-name") and the realm 30 * component (e.g. "${REALM}"). The update is allowed if the 31 * following conditions are met: 32 * 33 * 1) The machine component of the signer name matches the first 34 * (host) component of the FQDN that is being updated. 35 * 36 * 2) The realm component of the signer name matches the realm 37 * in the grant statement below (${REALM}). 38 * 39 * 3) The domain component of the FQDN that is being updated 40 * matches the realm in the grant statement below. 41 * 42 * If the 3 conditions above are satisfied, the update succeeds. 43 */ 44 grant ${REALM} ms-self * A AAAA; 45 }; 14 include "${NAMED_CONF_UPDATE}"; 15 16 /* we need to use check-names ignore so _msdcs A records can be created */ 17 check-names ignore; 46 18 }; 47 19 … … 61 33 # Note that the reverse zone file is not created during the provision process. 62 34 63 # The most recent BIND versions (9. 5.0a5or later) support secure GSS-TSIG35 # The most recent BIND versions (9.7.2 or later) support secure GSS-TSIG 64 36 # updates. If you are running an earlier version of BIND, or if you do not wish 65 37 # to use secure GSS-TSIG updates, you may remove the update-policy sections in -
vendor/current/source4/setup/provision
r414 r740 1 #!/usr/bin/ python1 #!/usr/bin/env python 2 2 # 3 3 # Unix SMB/CIFS implementation. … … 23 23 # 24 24 25 import logging 25 26 import optparse 26 27 import sys 28 import tempfile 27 29 28 30 # Find right directory when running from source tree … … 30 32 31 33 import samba 34 import samba.ntacls 32 35 from samba.credentials import DONT_USE_KERBEROS 33 36 from samba.auth import system_session 34 37 import samba.getopt as options 35 from samba.provision import provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS, find_setup_dir 38 from samba.provision import provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS, ProvisioningError 39 from samba.dsdb import ( 40 DS_DOMAIN_FUNCTION_2000, 41 DS_DOMAIN_FUNCTION_2003, 42 DS_DOMAIN_FUNCTION_2008, 43 DS_DOMAIN_FUNCTION_2008_R2, 44 ) 36 45 37 46 # how do we make this case insensitive?? … … 44 53 parser.add_option_group(credopts) 45 54 parser.add_option("--interactive", help="Ask for names", action="store_true") 46 parser.add_option("--setupdir", type="string", metavar="DIR",47 help="directory with setup files")48 parser.add_option("--realm", type="string", metavar="REALM", help="set realm")49 55 parser.add_option("--domain", type="string", metavar="DOMAIN", 50 56 help="set domain") … … 53 59 parser.add_option("--domain-sid", type="string", metavar="SID", 54 60 help="set domainsid (otherwise random)") 55 parser.add_option("--policy-guid", type="string", metavar="GUID", 56 help="set guid for domain policy") 57 parser.add_option("--policy-guid-dc", type="string", metavar="GUID", 58 help="set guid for domain controller policy") 61 parser.add_option("--ntds-guid", type="string", metavar="GUID", 62 help="set NTDS object GUID (otherwise random)") 59 63 parser.add_option("--invocationid", type="string", metavar="GUID", 60 64 help="set invocationid (otherwise random)") … … 88 92 parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT", 89 93 help="Additional TCP port for LDAP backend server (to use for replication)") 94 parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI", 95 help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic") 90 96 parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", 91 97 help="LDAP backend type (fedora-ds or openldap)", … … 94 100 parser.add_option("--server-role", type="choice", metavar="ROLE", 95 101 choices=["domain controller", "dc", "member server", "member", "standalone"], 96 help="Set server role to provision for (default standalone)") 102 help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.") 103 parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL", 104 choices=["2000", "2003", "2008", "2008_R2"], 105 help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.") 106 parser.add_option("--next-rid", type="int", metavar="NEXTRID", default=1000, 107 help="The initial nextRid value (only needed for upgrades). Default is 1000.") 97 108 parser.add_option("--partitions-only", 98 109 help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") … … 100 111 help="Set target directory") 101 112 parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", 102 help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)")113 help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"") 103 114 parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH", 104 115 help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.") 105 116 parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH", 106 117 help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.") 107 parser.add_option("-- nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")118 parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto") 108 119 parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true") 109 120 110 121 opts = parser.parse_args()[0] 111 122 112 def message(text): 113 """print a message if quiet is not set.""" 114 if not opts.quiet: 115 print text 123 logger = logging.getLogger("provision") 124 logger.addHandler(logging.StreamHandler(sys.stdout)) 125 if opts.quiet: 126 logger.setLevel(logging.WARNING) 127 else: 128 logger.setLevel(logging.INFO) 116 129 117 130 if len(sys.argv) == 1: 118 131 opts.interactive = True 119 120 if not opts.interactive and (opts.realm is None or opts.domain is None):121 if opts.realm is None:122 print >>sys.stderr, "No realm set"123 if opts.domain is None:124 print >>sys.stderr, "No domain set"125 parser.print_usage()126 sys.exit(1)127 132 128 133 if opts.interactive: … … 136 141 return sys.stdin.readline().rstrip("\n") or default 137 142 try: 138 opts.realm = ask("Realm", socket.getfqdn().split(".", 1)[1].upper())143 default = socket.getfqdn().split(".", 1)[1].upper() 139 144 except IndexError: 140 print >>sys.stderr, "Cannot guess realm from %s" % ( socket.getfqdn()) 145 default = None 146 opts.realm = ask("Realm", default) 147 if opts.realm in (None, ""): 148 print >>sys.stderr, "No realm set!" 141 149 sys.exit(1) 142 150 143 151 try: 144 opts.domain = ask("Domain", opts.realm.split(".")[0])152 default = opts.realm.split(".")[0] 145 153 except IndexError: 146 print >>sys.stderr, "Cannot guess domain from %s" % ( opts.realm()) 154 default = None 155 opts.domain = ask("Domain", default) 156 if opts.domain is None: 157 print >> sys.stderr, "No domain set!" 147 158 sys.exit(1) 148 159 … … 154 165 else: 155 166 break 167 else: 168 if opts.realm in (None, ""): 169 opts.realm = sambaopts._lp.get('realm') 170 if opts.realm is None or opts.domain is None: 171 if opts.realm is None: 172 print >>sys.stderr, "No realm set!" 173 if opts.domain is None: 174 print >> sys.stderr, "No domain set!" 175 parser.print_usage() 176 sys.exit(1) 177 178 if not opts.adminpass: 179 logger.info("Administrator password will be set randomly!") 156 180 157 181 lp = sambaopts.get_loadparm() … … 165 189 server_role = opts.server_role 166 190 191 if opts.function_level is None: 192 dom_for_fun_level = None 193 elif opts.function_level == "2000": 194 dom_for_fun_level = DS_DOMAIN_FUNCTION_2000 195 elif opts.function_level == "2003": 196 dom_for_fun_level = DS_DOMAIN_FUNCTION_2003 197 elif opts.function_level == "2008": 198 dom_for_fun_level = DS_DOMAIN_FUNCTION_2008 199 elif opts.function_level == "2008_R2": 200 dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2 201 167 202 creds = credopts.get_credentials(lp) 168 203 169 204 creds.set_kerberos_state(DONT_USE_KERBEROS) 170 171 setup_dir = opts.setupdir172 if setup_dir is None:173 setup_dir = find_setup_dir()174 205 175 206 samdb_fill = FILL_FULL … … 179 210 samdb_fill = FILL_DRS 180 211 212 eadb = True 213 if opts.use_xattrs == "yes": 214 eadb = False 215 elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"): 216 file = tempfile.NamedTemporaryFile() 217 try: 218 samba.ntacls.setntacl(lp, file.name, 219 "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native") 220 eadb = False 221 except: 222 logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. " 223 "If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.") 224 file.close() 225 226 227 if opts.ldap_backend_type == "existing": 228 if opts.ldap_backend_forced_uri is not None: 229 logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri) 230 else: 231 logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location") 232 else: 233 if opts.ldap_backend_forced_uri is not None: 234 logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri) 235 181 236 session = system_session() 182 provision(setup_dir, message, 183 session, creds, smbconf=smbconf, targetdir=opts.targetdir, 184 samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, 185 domainguid=opts.domain_guid, domainsid=opts.domain_sid, 186 policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc, 187 hostname=opts.host_name, 188 hostip=opts.host_ip, hostip6=opts.host_ip6, 189 invocationid=opts.invocationid, adminpass=opts.adminpass, 190 krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, 191 dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, 192 wheel=opts.wheel, users=opts.users, 193 serverrole=server_role, 194 ldap_backend_extra_port=opts.ldap_backend_extra_port, 195 ldap_backend_type=opts.ldap_backend_type, 196 ldapadminpass=opts.ldapadminpass, 197 ol_mmr_urls=opts.ol_mmr_urls, 198 slapd_path=opts.slapd_path, 199 setup_ds_path=opts.setup_ds_path, 200 nosync=opts.nosync, 201 ldap_dryrun_mode=opts.ldap_dryrun_mode) 237 try: 238 provision(logger, 239 session, creds, smbconf=smbconf, targetdir=opts.targetdir, 240 samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, 241 domainguid=opts.domain_guid, domainsid=opts.domain_sid, 242 hostname=opts.host_name, 243 hostip=opts.host_ip, hostip6=opts.host_ip6, 244 ntdsguid=opts.ntds_guid, 245 invocationid=opts.invocationid, adminpass=opts.adminpass, 246 krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, 247 dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, 248 wheel=opts.wheel, users=opts.users, 249 serverrole=server_role, dom_for_fun_level=dom_for_fun_level, 250 ldap_backend_extra_port=opts.ldap_backend_extra_port, 251 ldap_backend_forced_uri=opts.ldap_backend_forced_uri, 252 backend_type=opts.ldap_backend_type, 253 ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, 254 slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path, 255 nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode, 256 useeadb=eadb, next_rid=opts.next_rid, lp=lp) 257 except ProvisioningError, e: 258 print str(e) 259 exit(1) -
vendor/current/source4/setup/provision.ldif
r414 r740 77 77 description: Quota specifications container 78 78 msDS-TombstoneQuotaFactor: 100 79 systemFlags: - 194615705679 systemFlags: -2147483648 80 80 isCriticalSystemObject: TRUE 81 81 … … 132 132 showInAdvancedViewOnly: FALSE 133 133 134 dn: CN=DFSR-GlobalSettings,CN=System,${DOMAINDN} 135 objectClass: top 136 objectClass: msDFSR-GlobalSettings 137 msDFSR-Flags: 48 138 139 dn: CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,${DOMAINDN} 140 objectClass: top 141 objectClass: msDFSR-ReplicationGroup 142 msDFSR-ReplicationGroupType: 1 143 144 dn: CN=Content,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,${DOMAINDN} 145 objectClass: top 146 objectClass: msDFSR-Content 147 148 dn: CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,${DOMAINDN} 149 objectClass: top 150 objectClass: msDFSR-Topology 151 152 # Here are missing the DFSR objects since we don't support this technique yet 153 134 154 # Domain updates 135 155 … … 138 158 objectClass: container 139 159 160 dn: CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,${DOMAINDN} 161 objectClass: top 162 objectClass: container 163 revision: 5 164 140 165 dn: CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 141 166 objectClass: top … … 358 383 objectClass: container 359 384 385 dn: CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 386 objectClass: top 387 objectClass: container 388 389 dn: CN=231fb90b-c92a-40c9-9379-bacfc313a3e3,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 390 objectClass: top 391 objectClass: container 392 393 dn: CN=2951353e-d102-4ea5-906c-54247eeec741,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 394 objectClass: top 395 objectClass: container 396 397 dn: CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 398 objectClass: top 399 objectClass: container 400 401 dn: CN=4c93ad42-178a-4275-8600-16811d28f3aa,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 402 objectClass: top 403 objectClass: container 404 405 dn: CN=57428d75-bef7-43e1-938b-2e749f5a8d56,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 406 objectClass: top 407 objectClass: container 408 409 dn: CN=61b34cb0-55ee-4be9-b595-97810b92b017,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 410 objectClass: top 411 objectClass: container 412 413 dn: CN=71482d49-8870-4cb3-a438-b6fc9ec35d70,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 414 objectClass: top 415 objectClass: container 416 417 dn: CN=9738c400-7795-4d6e-b19d-c16cd6486166,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 418 objectClass: top 419 objectClass: container 420 421 dn: CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 422 objectClass: top 423 objectClass: container 424 425 dn: CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 426 objectClass: top 427 objectClass: container 428 429 dn: CN=aed72870-bf16-4788-8ac7-22299c8207f1,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 430 objectClass: top 431 objectClass: container 432 433 dn: CN=b96ed344-545a-4172-aa0c-68118202f125,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 434 objectClass: top 435 objectClass: container 436 437 dn: CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 438 objectClass: top 439 objectClass: container 440 441 dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 442 objectClass: top 443 objectClass: container 444 445 dn: CN=de10d491-909f-4fb0-9abb-4b7865c0fe80,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 446 objectClass: top 447 objectClass: container 448 449 dn: CN=ebad865a-d649-416f-9922-456b53bbb5b8,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 450 objectClass: top 451 objectClass: container 452 453 dn: CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN} 454 objectClass: top 455 objectClass: container 456 360 457 dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} 361 458 objectClass: top 362 459 objectClass: container 363 revision: 8460 revision: 9 364 461 365 462 # End domain updates … … 372 469 isCriticalSystemObject: TRUE 373 470 374 # Here are missing the FRS objects since we don't support this technique yet375 376 471 dn: CN=FileLinks,CN=System,${DOMAINDN} 377 472 objectClass: top … … 394 489 isCriticalSystemObject: TRUE 395 490 491 # IP security objects 492 396 493 dn: CN=IP Security,CN=System,${DOMAINDN} 397 494 objectClass: top … … 399 496 isCriticalSystemObject: TRUE 400 497 498 dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 499 objectClass: top 500 objectClass: ipsecBase 501 objectClass: ipsecPolicy 502 description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request. 503 ipsecName: Server (Request Security) 504 ipsecID: {72385230-70FA-11D1-864C-14A300000000} 505 ipsecDataType: 598 506 ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA== 507 ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 508 ipsecNFAReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 509 ipsecNFAReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 510 ipsecNFAReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 511 isCriticalSystemObject: TRUE 512 513 dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 514 objectClass: top 515 objectClass: ipsecBase 516 objectClass: ipsecISAKMPPolicy 517 ipsecID: {72385231-70FA-11D1-864C-14A300000000} 518 ipsecDataType: 598 519 ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABo0hlRHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA= 520 ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 521 isCriticalSystemObject: TRUE 522 523 dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 524 objectClass: top 525 objectClass: ipsecBase 526 objectClass: ipsecNFA 527 description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request. 528 ipsecName: Request Security (Optional) Rule 529 ipsecID: {72385232-70FA-11D1-864C-14A300000000} 530 ipsecDataType: 598 531 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 532 ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 533 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 534 ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 535 isCriticalSystemObject: TRUE 536 537 dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 538 objectClass: top 539 objectClass: ipsecBase 540 objectClass: ipsecNFA 541 ipsecID: {59319BE2-5EE3-11D2-ACE8-0060B0ECCA17} 542 ipsecDataType: 598 543 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 544 ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 545 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 546 isCriticalSystemObject: TRUE 547 548 dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 549 objectClass: top 550 objectClass: ipsecBase 551 objectClass: ipsecNFA 552 description: Permit unsecure ICMP packets to pass through. 553 ipsecName: Permit unsecure ICMP packets to pass through. 554 ipsecID: {594272E2-071D-11D3-AD22-0060B0ECCA17} 555 ipsecDataType: 598 556 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 557 ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 558 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 559 ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 560 isCriticalSystemObject: TRUE 561 562 dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 563 objectClass: top 564 objectClass: ipsecBase 565 objectClass: ipsecNegotiationPolicy 566 description: Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request. 567 ipsecName: Request Security (Optional) 568 ipsecID: {72385233-70FA-11D1-864C-14A300000000} 569 ipsecDataType: 598 570 ipsecData:: uSDcgMgu0RGongCgJI0wIZQBAAAFAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAFwAUwBlAHIAdgBpAGMAZQBzAFwAUABvAGwAaQBjAHkAQQBnAGUAbgCEAwAAoIYBAAAAAAAAAAAAAQAAAAEAAAACAAAAAgAAAEAAAAAIAAAAAAAAAFX0sjdcAEwAbwBjABUADwABAAgAIAJlACACZQBYxHYF+M54BSwBAACghgEAAAAAAAAAAAABAAAAAgAAAAAAAAABAAAAQAAAAAgAAAAtADkAQQBDADEALQA0AEQANgBEAC0AQQAxAEIAMAAtADEANQA4ADcALAEAAKCGAQAAAAAAAAAAAAEAAAABAAAAAAAAAAEAAABAAAAACAAAAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcAFAAbwBsAGkAYwB5AEEAZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAgAAAEAAAAAIAAAANgBDAC0AMwBCADkANwAtADQANQA1ADIALQA4AEUANAA1AC0AOQA5AAA= 571 ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 572 isCriticalSystemObject: TRUE 573 iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000} 574 iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000} 575 576 dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 577 objectClass: top 578 objectClass: ipsecBase 579 objectClass: ipsecFilter 580 description: Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE). 581 ipsecName: All IP Traffic 582 ipsecID: {7238523A-70FA-11D1-864C-14A300000000} 583 ipsecDataType: 598 584 ipsecData:: tSDcgMgu0RGongCgJI0wIUoAAAABAAAAAgAAAAAAAgAAAAAAAgAAAAAA3ZsxWeNe0hGs6ABgsOzKFwEAAAAAAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= 585 ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 586 ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 587 isCriticalSystemObject: TRUE 588 589 dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 590 objectClass: top 591 objectClass: ipsecBase 592 objectClass: ipsecNegotiationPolicy 593 ipsecID: {59319BDF-5EE3-11D2-ACE8-0060B0ECCA17} 594 ipsecDataType: 598 595 ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 596 ipsecOwnersReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 597 isCriticalSystemObject: TRUE 598 iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000} 599 iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000} 600 601 dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 602 objectClass: top 603 objectClass: ipsecBase 604 objectClass: ipsecNegotiationPolicy 605 description: Permit unsecured IP packets to pass through. 606 ipsecName: Permit 607 ipsecID: {7238523B-70FA-11D1-864C-14A300000000} 608 ipsecDataType: 598 609 ipsecData:: uSDcgMgu0RGongCgJI0wIQQAAAAAAAAAAA== 610 ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 611 ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 612 isCriticalSystemObject: TRUE 613 iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000} 614 iPSECNegotiationPolicyAction: {8A171DD2-77E3-11D1-8659-A04F00000000} 615 616 dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 617 objectClass: top 618 objectClass: ipsecBase 619 objectClass: ipsecFilter 620 description: Matches all ICMP packets between this computer and any other computer. 621 ipsecName: All ICMP Traffic 622 ipsecID: {72385235-70FA-11D1-864C-14A300000000} 623 ipsecDataType: 598 624 ipsecData:: tSDcgMgu0RGongCgJI0wIVIAAAABAAAAAgAAAAAAAgAAAAAACgAAAEkAQwBNAFAAAABj0hlRHQfTEa0iAGCw7MoXAQAAAAAAAAD/////AAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAA== 625 ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 626 ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 627 isCriticalSystemObject: TRUE 628 629 dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 630 objectClass: top 631 objectClass: ipsecBase 632 objectClass: ipsecPolicy 633 description: Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured. 634 ipsecName: Client (Respond Only) 635 ipsecID: {72385236-70FA-11D1-864C-14A300000000} 636 ipsecDataType: 598 637 ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA== 638 ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 639 ipsecNFAReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 640 isCriticalSystemObject: TRUE 641 642 dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 643 objectClass: top 644 objectClass: ipsecBase 645 objectClass: ipsecISAKMPPolicy 646 ipsecID: {72385237-70FA-11D1-864C-14A300000000} 647 ipsecDataType: 598 648 ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABz7EFfHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA= 649 ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 650 isCriticalSystemObject: TRUE 651 652 dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 653 objectClass: top 654 objectClass: ipsecBase 655 objectClass: ipsecNFA 656 ipsecID: {59319C04-5EE3-11D2-ACE8-0060B0ECCA17} 657 ipsecDataType: 598 658 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 659 ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 660 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 661 isCriticalSystemObject: TRUE 662 663 dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 664 objectClass: top 665 objectClass: ipsecBase 666 objectClass: ipsecNegotiationPolicy 667 ipsecID: {59319C01-5EE3-11D2-ACE8-0060B0ECCA17} 668 ipsecDataType: 598 669 ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 670 ipsecOwnersReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 671 isCriticalSystemObject: TRUE 672 iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000} 673 iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000} 674 675 dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 676 objectClass: top 677 objectClass: ipsecBase 678 objectClass: ipsecPolicy 679 description: For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients. 680 ipsecName: Secure Server (Require Security) 681 ipsecID: {7238523C-70FA-11D1-864C-14A300000000} 682 ipsecDataType: 598 683 ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA== 684 ipsecISAKMPReference: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 685 ipsecNFAReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 686 ipsecNFAReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 687 ipsecNFAReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 688 isCriticalSystemObject: TRUE 689 690 dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 691 objectClass: top 692 objectClass: ipsecBase 693 objectClass: ipsecISAKMPPolicy 694 ipsecID: {7238523D-70FA-11D1-864C-14A300000000} 695 ipsecDataType: 598 696 ipsecData:: uCDcgMgu0RGongCgJI0wIUABAAD5ckJZHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA= 697 ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 698 isCriticalSystemObject: TRUE 699 700 dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 701 objectClass: top 702 objectClass: ipsecBase 703 objectClass: ipsecNFA 704 description: Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients. 705 ipsecName: Require Security 706 ipsecID: {7238523E-70FA-11D1-864C-14A300000000} 707 ipsecDataType: 598 708 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 709 ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 710 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 711 ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 712 isCriticalSystemObject: TRUE 713 714 dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 715 objectClass: top 716 objectClass: ipsecBase 717 objectClass: ipsecNFA 718 ipsecID: {59319BF3-5EE3-11D2-ACE8-0060B0ECCA17} 719 ipsecDataType: 598 720 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 721 ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 722 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 723 isCriticalSystemObject: TRUE 724 725 dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 726 objectClass: top 727 objectClass: ipsecBase 728 objectClass: ipsecNFA 729 description: Permit unsecure ICMP packets to pass through. 730 ipsecName: Permit unsecure ICMP packets to pass through. 731 ipsecID: {594272FD-071D-11D3-AD22-0060B0ECCA17} 732 ipsecDataType: 598 733 ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA 734 ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 735 ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 736 ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 737 isCriticalSystemObject: TRUE 738 739 dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 740 objectClass: top 741 objectClass: ipsecBase 742 objectClass: ipsecNegotiationPolicy 743 description: Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients. 744 ipsecName: Require Security 745 ipsecID: {7238523F-70FA-11D1-864C-14A300000000} 746 ipsecDataType: 598 747 ipsecData:: uSDcgMgu0RGongCgJI0wIUQBAAAEAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgCEAwAAoIYBAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAcABzAGUAYwBOAEYAQQB7ADcAMgAzADgANQAyADMARQAtADcAMABGAIQDAACghgEAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAABsAGkAYwB5AFwATABvAGMAYQBsAFwAaQBwAHMAZQBjAE4ARgBBAHsAhAMAAKCGAQAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAGUAYwBOAEYAQQB7AEIARgBDADcAQwAzADUAQQAtAEIANQA5ADIALQAA 748 ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN} 749 isCriticalSystemObject: TRUE 750 iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000} 751 iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000} 752 753 dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 754 objectClass: top 755 objectClass: ipsecBase 756 objectClass: ipsecNegotiationPolicy 757 ipsecID: {59319BF0-5EE3-11D2-ACE8-0060B0ECCA17} 758 ipsecDataType: 598 759 ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== 760 ipsecOwnersReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 761 isCriticalSystemObject: TRUE 762 iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000} 763 iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000} 764 765 dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN} 766 objectClass: top 767 objectClass: ipsecBase 768 objectClass: ipsecNFA 769 description: Version Information Object 770 ipsecName: Version Information Object 771 ipsecID: {6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17} 772 ipsecDataType: 598 773 ipsecData:: b1wfardy0hGs8ABgsOzKF1AAAAAAAAEApmamNhoAAABXAGkAbgBkAG8AdwBzACAAMgAwADAAMAAAABwAAABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAAAABgAAAA0ACgAAAACsuxGNSdERhjkAoCSNMCEqAAAAAQAAAAUAAAACAAAAAAD9////AgAAAAAAAAAAAAAAAAABAAAAAgAAAAAAAA== 774 isCriticalSystemObject: TRUE 775 776 # End IP security objects 777 401 778 dn: CN=Meetings,CN=System,${DOMAINDN} 402 779 objectClass: top … … 404 781 isCriticalSystemObject: TRUE 405 782 406 dn: CN=MicrosoftDNS,CN=System,${DOMAINDN} 407 objectClass: top 408 objectClass: container 409 displayName: DNS Servers 783 dn: CN=Password Settings Container,CN=System,${DOMAINDN} 784 objectClass: top 785 objectClass: msDS-PasswordSettingsContainer 786 systemFlags: -1946157056 787 showInAdvancedViewOnly: TRUE 410 788 411 789 dn: CN=Policies,CN=System,${DOMAINDN} … … 427 805 objectClass: rIDManager 428 806 systemFlags: -1946157056 429 rIDAvailablePool: 4611686014132423217807 rIDAvailablePool: ${RIDAVAILABLESTART}-1073741823 430 808 isCriticalSystemObject: TRUE 431 809 -
vendor/current/source4/setup/provision.reg
r414 r740 10 10 11 11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion] 12 CurrentVersion=5.2 12 "CurrentVersion"="6.1" 13 13 14 14 [HKEY_LOCAL_MACHINE\SYSTEM] … … 19 19 20 20 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions] 21 ProductType=LanmanNT 21 "ProductType"="LanmanNT" 22 22 23 23 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print] … … 34 34 35 35 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] 36 RefusePasswordChange=REG_DWORD:036 "RefusePasswordChange"=dword:00000000 37 37 38 38 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter] -
vendor/current/source4/setup/provision.smb.conf.dc
r414 r740 1 1 [globals] 2 netbios name = ${ HOSTNAME}2 netbios name = ${NETBIOS_NAME} 3 3 workgroup = ${DOMAIN} 4 4 realm = ${REALM} 5 5 server role = ${SERVERROLE} 6 ${SIDGENERATOR_LINE} 6 7 ${PRIVATEDIR_LINE} 7 8 ${LOCKDIR_LINE} -
vendor/current/source4/setup/provision.smb.conf.member
r414 r740 1 1 [globals] 2 netbios name = ${ HOSTNAME}2 netbios name = ${NETBIOS_NAME} 3 3 workgroup = ${DOMAIN} 4 4 realm = ${REALM} 5 5 server role = ${SERVERROLE} 6 ${SIDGENERATOR_LINE} 6 7 ${PRIVATEDIR_LINE} 7 8 ${LOCKDIR_LINE} -
vendor/current/source4/setup/provision.smb.conf.standalone
r414 r740 1 1 [globals] 2 netbios name = ${ HOSTNAME}2 netbios name = ${NETBIOS_NAME} 3 3 workgroup = ${DOMAIN} 4 4 realm = ${REALM} 5 5 server role = ${SERVERROLE} 6 ${SIDGENERATOR_LINE} 6 7 ${PRIVATEDIR_LINE} 7 8 ${LOCKDIR_LINE} -
vendor/current/source4/setup/provision.zone
r414 r740 3 3 $ORIGIN ${DNSDOMAIN}. 4 4 $TTL 1W 5 @ IN SOA @hostmaster (5 @ IN SOA ${HOSTNAME} hostmaster ( 6 6 ${DATESTRING} ; serial 7 7 2D ; refresh … … 15 15 ${HOSTIP6_HOST_LINE} 16 16 ${HOSTIP_HOST_LINE} 17 gc._msdcs IN CNAME ${HOSTNAME} 17 ${GC_MSDCS_IP_LINE} 18 ${GC_MSDCS_IP6_LINE} 18 19 ${NTDSGUID}._msdcs IN CNAME ${HOSTNAME} 19 20 ; … … 21 22 _gc._tcp IN SRV 0 100 3268 ${HOSTNAME} 22 23 _gc._tcp.${DEFAULTSITE}._sites IN SRV 0 100 3268 ${HOSTNAME} 23 _ldap._tcp.gc._msdcs IN SRV 0 100 3 89${HOSTNAME}24 _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 3 89${HOSTNAME}24 _ldap._tcp.gc._msdcs IN SRV 0 100 3268 ${HOSTNAME} 25 _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 3268 ${HOSTNAME} 25 26 ; 26 27 ; ldap servers -
vendor/current/source4/setup/provision_basedn.ldif
r414 r740 4 4 dn: ${DOMAINDN} 5 5 objectClass: top 6 objectClass: ${DOMAIN_OC} 7 6 objectClass: domaindns 7 instanceType: 5 8 objectSid: ${DOMAINSID} 9 nTSecurityDescriptor:: ${DESCRIPTOR} 10 ${DOMAINGUID} -
vendor/current/source4/setup/provision_basedn_modify.ldif
r414 r740 12 12 creationTime: ${CREATTIME} 13 13 - 14 # "dSCorePropagationDate" should contain the provision data 14 15 replace: forceLogoff 15 16 forceLogoff: -9223372036854775808 … … 33 34 # "masteredBy" filled in later 34 35 replace: maxPwdAge 35 maxPwdAge: -3 710851743744036 maxPwdAge: -36288000000000 36 37 - 37 # FIXME: This should be "-864000000000" when we fully comply with passwords pol.38 38 replace: minPwdAge 39 minPwdAge: 039 minPwdAge: -864000000000 40 40 - 41 41 replace: minPwdLength … … 58 58 - 59 59 # "msDs-masteredBy" filled in later 60 replace: msDS-NcType 61 msDS-NcType: 0 62 - 60 63 replace: msDS-PerUserTrustQuota 61 64 msDS-PerUserTrustQuota: 1 … … 65 68 - 66 69 replace: nextRid 67 nextRid: 100070 nextRid: ${NEXTRID} 68 71 - 69 72 replace: nTMixedDomain 70 73 nTMixedDomain: 0 71 74 - 72 replace: objectSid 73 objectSid: ${DOMAINSID} 74 - 75 # This exists only in SAMBA 75 # This does only exist in SAMBA 76 76 replace: oEMInformation 77 77 oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING} … … 98 98 uASCompat: 1 99 99 - 100 replace: wellKnownObjects 101 wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINDN} 102 wellKnownObjects: B:32:f4be92a4c777485e878e9421d53087db:CN=Microsoft,CN=Program Data,${DOMAINDN} 103 wellKnownObjects: B:32:09460c08ae1e4a4ea0f64aee7daa1e5a:CN=Program Data,${DOMAINDN} 104 wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN} 105 wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINDN} 106 wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN} 107 wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINDN} 108 wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN} 109 wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN} 110 wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN} 111 wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN} 112 - 113 ${DOMAINGUID_MOD} 100 -
vendor/current/source4/setup/provision_configuration.ldif
r414 r740 640 640 validAccesses: 256 641 641 642 dn: CN=DS-Replication-Get-Changes-In-Filtered-Set,CN=Extended-Rights,${CONFIGDN} 643 objectClass: top 644 objectClass: controlAccessRight 645 displayName: Replicating Directory Changes In Filtered Set 646 rightsGuid: 89e95b76-444d-4c62-991a-0facbeda640c 647 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 648 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 649 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 650 localizationDisplayId: 77 651 validAccesses: 256 652 653 dn: CN=MS-TS-GatewayAccess,CN=Extended-Rights,${CONFIGDN} 654 objectClass: top 655 objectClass: controlAccessRight 656 displayName: MS-TS-GatewayAccess 657 rightsGuid: ffa6f046-ca4b-4feb-b40d-04dfee722543 658 appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2 659 localizationDisplayId: 74 660 validAccesses: 48 661 662 dn: CN=Private-Information,CN=Extended-Rights,${CONFIGDN} 663 objectClass: top 664 objectClass: controlAccessRight 665 displayName: Private Information 666 rightsGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 667 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 668 appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28 669 localizationDisplayId: 72 670 validAccesses: 48 671 672 dn: CN=Read-Only-Replication-Secret-Synchronization,CN=Extended-Rights,${CONFIGDN} 673 objectClass: top 674 objectClass: controlAccessRight 675 displayName: Read Only Replication Secret Synchronization 676 rightsGuid: 1131f6ae-9c07-11d1-f79f-00c04fc2dcd2 677 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 678 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 679 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 680 localizationDisplayId: 73 681 validAccesses: 256 682 683 dn: CN=Reload-SSL-Certificate,CN=Extended-Rights,${CONFIGDN} 684 objectClass: top 685 objectClass: controlAccessRight 686 displayName: Reload SSL/TLS Certificate 687 rightsGuid: 1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8 688 appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed 689 localizationDisplayId: 76 690 validAccesses: 256 691 692 dn: CN=Terminal-Server-License-Server,CN=Extended-Rights,${CONFIGDN} 693 objectClass: top 694 objectClass: controlAccessRight 695 displayName: Terminal Server License Server 696 rightsGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e 697 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 698 appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28 699 localizationDisplayId: 75 700 validAccesses: 48 701 642 702 # End extended rights 643 703 … … 648 708 objectClass: container 649 709 710 dn: CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,${CONFIGDN} 711 objectClass: top 712 objectClass: container 713 revision: 5 714 715 dn: CN=ActiveDirectoryUpdate,CN=ForestUpdates,${CONFIGDN} 716 objectClass: top 717 objectClass: container 718 revision: 5 719 650 720 dn: CN=Operations,CN=ForestUpdates,${CONFIGDN} 651 721 objectClass: top … … 671 741 objectClass: top 672 742 objectClass: container 743 objectVersion: 3 673 744 674 745 dn: CN=1a3f6b15-55f2-4752-ba27-3d38a8232c4d,CN=Operations,CN=ForestUpdates,${CONFIGDN} … … 800 871 objectClass: container 801 872 873 dn: CN=002fb291-0d00-4b0c-8c00-fe7f50ce6f8d,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 874 objectClass: top 875 objectClass: container 876 877 dn: CN=07e57d28-ad40-44fc-8334-8a0dc119b3f4,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 878 objectClass: top 879 objectClass: container 880 881 dn: CN=0fc5a978-0059-4b0a-9dc2-9896e8e389a1,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 882 objectClass: top 883 objectClass: container 884 885 dn: CN=10338d31-2423-4dff-b4b5-ef025144b01f,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 886 objectClass: top 887 objectClass: container 888 889 dn: CN=2a858903-5696-4364-b4e5-4cac027ca7a6,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 890 objectClass: top 891 objectClass: container 892 893 dn: CN=2b9e0609-6d75-498a-9727-c9fcc93f0e42,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 894 objectClass: top 895 objectClass: container 896 897 dn: CN=3b3adbdb-4485-4559-aed8-9811c4bf90e4,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 898 objectClass: top 899 objectClass: container 900 901 dn: CN=429a6334-1a00-4515-bf48-676deb55954a,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 902 objectClass: top 903 objectClass: container 904 905 dn: CN=4c022fd1-adab-4d84-a7f1-9580f03da856,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 906 objectClass: top 907 objectClass: container 908 909 dn: CN=4c0672a2-437c-4944-b953-5db8f111d665,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 910 objectClass: top 911 objectClass: container 912 913 dn: CN=4d753a29-26ac-4d1a-bc80-311f947e4f0a,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 914 objectClass: top 915 objectClass: container 916 917 dn: CN=56040c71-fe93-4037-8fe9-1a4d1a283009,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 918 objectClass: top 919 objectClass: container 920 921 dn: CN=560cf82d-9572-48a3-9024-6f2b56f1f866,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 922 objectClass: top 923 objectClass: container 924 925 dn: CN=613bd063-e8e9-4a62-8f4c-cda566f7eb6f,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 926 objectClass: top 927 objectClass: container 928 929 dn: CN=6eb8eaf9-3403-4ba5-8b4b-ce349a4680ad,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 930 objectClass: top 931 objectClass: container 932 933 dn: CN=6fd48655-1698-497a-ac8d-8267ce01c80b,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 934 objectClass: top 935 objectClass: container 936 937 dn: CN=782370ce-3d38-438d-8b0c-464220a3039d,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 938 objectClass: top 939 objectClass: container 940 941 dn: CN=8f86b825-c322-4101-adc4-579f12d445db,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 942 objectClass: top 943 objectClass: container 944 945 dn: CN=96541a16-910a-4b66-acde-720a0dff03c7,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 946 objectClass: top 947 objectClass: container 948 949 dn: CN=9fea28ff-387f-4d57-866d-3893c50f373f,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 950 objectClass: top 951 objectClass: container 952 953 dn: CN=a96e2ed5-7a7c-4d5c-9d5d-965eca0051da,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 954 objectClass: top 955 objectClass: container 956 957 dn: CN=abd97102-88dd-4013-a009-0e2c2f967ff6,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 958 objectClass: top 959 objectClass: container 960 961 dn: CN=bd3413c0-9559-469b-9f3d-51d7faabd81a,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 962 objectClass: top 963 objectClass: container 964 965 dn: CN=c03b1f37-c240-4910-93c8-1544a452b4b5,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 966 objectClass: top 967 objectClass: container 968 969 dn: CN=caa2bfad-0cca-483b-8d00-347f943292a8,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 970 objectClass: top 971 objectClass: container 972 973 dn: CN=d668ad1f-cedd-4565-ab02-9385926ce4f5,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 974 objectClass: top 975 objectClass: container 976 977 dn: CN=dcb3c95d-deb7-4c51-ad13-43a7d5d06fc7,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 978 objectClass: top 979 objectClass: container 980 981 dn: CN=ea08c04c-f474-4212-b19e-5e754f9210d4,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 982 objectClass: top 983 objectClass: container 984 985 dn: CN=ef010a1e-bd88-48c8-a7af-2affd250d77d,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 986 objectClass: top 987 objectClass: container 988 989 dn: CN=f814097b-3e3d-49ba-8a3a-092c25085f06,CN=Operations,CN=ForestUpdates,CN=Configuration,${DOMAINDN} 990 objectClass: top 991 objectClass: container 992 802 993 dn: CN=Windows2003Update,CN=ForestUpdates,${CONFIGDN} 803 994 objectClass: top 804 995 objectClass: container 805 revision: 9996 revision: 10 806 997 807 998 # End forest updates … … 816 1007 objectClass: msDS-QuotaContainer 817 1008 description: Quota specifications container 1009 isCriticalSystemObject: TRUE 818 1010 msDS-TombstoneQuotaFactor: 100 819 1011 systemFlags: -2147483648 … … 825 1017 objectClass: crossRefContainer 826 1018 systemFlags: -2147483648 827 msDS-Behavior-Version: ${FOREST_FUNCTIONAL ALITY}1019 msDS-Behavior-Version: ${FOREST_FUNCTIONALITY} 828 1020 showInAdvancedViewOnly: TRUE 829 1021 … … 848 1040 objectClass: crossRef 849 1041 dnsRoot: ${DNSDOMAIN} 1042 msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY} 850 1043 nCName: ${DOMAINDN} 851 1044 nETBIOSName: ${DOMAIN} … … 961 1154 tombstoneLifetime: 180 962 1155 1156 dn: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} 1157 objectClass: top 1158 objectClass: container 1159 1160 dn: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} 1161 objectClass: top 1162 objectClass: msDS-OptionalFeature 1163 msDS-OptionalFeatureGUID: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a 1164 msDS-OptionalFeatureFlags: 1 1165 msDS-RequiredForestBehaviorVersion: 4 1166 systemFlags: -1946157056 1167 963 1168 dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} 964 1169 objectClass: top … … 990 1195 objectClass: sitesContainer 991 1196 systemFlags: -2113929216 1197 nTSecurityDescriptor:: ${SITES_DESCRIPTOR} 992 1198 993 1199 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} … … 995 1201 objectClass: site 996 1202 systemFlags: 1107296256 997 998 dn: CN=Licensing Site Settings,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}999 objectClass: top1000 objectClass: applicationSiteSettings1001 objectClass: licensingSiteSettings1002 1203 1003 1204 dn: CN=Inter-Site Transports,CN=Sites,${CONFIGDN} … … 1018 1219 cost: 100 1019 1220 replInterval: 180 1221 showInAdvancedViewOnly: TRUE 1020 1222 siteList: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} 1021 1223 systemFlags: 1073741824 … … 1032 1234 objectClass: applicationSiteSettings 1033 1235 objectClass: nTDSSiteSettings 1236 schedule:: vAAAAAAAAAABAAAAAAAAABQAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE= 1034 1237 1035 1238 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} … … 1041 1244 objectClass: top 1042 1245 objectClass: subnetContainer 1043 systemFlags: - 10737418241246 systemFlags: -2147483648 -
vendor/current/source4/setup/provision_configuration_basedn.ldif
r414 r740 5 5 objectClass: top 6 6 objectClass: configuration 7 cn: Configuration 7 msDS-NcType: 0 8 8 nTSecurityDescriptor:: ${DESCRIPTOR} 9 instanceType: 13 -
vendor/current/source4/setup/provision_group_policy.ldif
r414 r740 6 6 gPCFunctionalityVersion: 2 7 7 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} 8 versionNumber: 655438 versionNumber: 0 9 9 flags: 0 10 10 gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 … … 16 16 11D1-A7CC-0000F87571E3}] 17 17 isCriticalSystemObject: TRUE 18 nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)19 18 systemFlags: -1946157056 20 19 … … 38 37 gPCFunctionalityVersion: 2 39 38 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID_DC}} 40 versionNumber: 239 versionNumber: 0 41 40 flags: 0 42 41 gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 43 42 FB-11D0-A0D0-00A0C90F574B}] 44 43 isCriticalSystemObject: TRUE 45 nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)46 44 systemFlags: -1946157056 47 45 -
vendor/current/source4/setup/provision_init.ldif
r414 r740 18 18 passwordAttribute: initialAuthOutgoing 19 19 passwordAttribute: initialAuthIncoming 20 21 dn: @OPTIONS 22 checkBaseOnSearch: TRUE 23 24 dn: @SAMBA_DSDB 25 backendType: ${BACKEND_TYPE} 26 serverRole: ${SERVER_ROLE} 27 28 dn: @MODULES 29 @LIST: samba_dsdb -
vendor/current/source4/setup/provision_partitions.ldif
r414 r740 1 1 dn: @PARTITION 2 partition: ${SCHEMADN}:${SCHEMADN_LDB}3 partition: ${CONFIGDN}:${CONFIGDN_LDB}4 partition: ${DOMAINDN}:${DOMAINDN_LDB}5 2 replicateEntries: @ATTRIBUTES 6 3 replicateEntries: @INDEXLIST 7 4 replicateEntries: @OPTIONS 8 modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD} 9 modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD} 10 modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD} 5 ${LDAP_BACKEND_LINE} 11 6 12 dn: @MODULES13 @LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2} -
vendor/current/source4/setup/provision_rootdse_add.ldif
r414 r740 7 7 configurationNamingContext: ${CONFIGDN} 8 8 schemaNamingContext: ${SCHEMADN} 9 #supportedLDAPPolicies: MaxPoolThreads 10 #supportedLDAPPolicies: MaxDatagramRecv 11 #supportedLDAPPolicies: MaxReceiveBuffer 12 #supportedLDAPPolicies: InitRecvTimeout 13 #supportedLDAPPolicies: MaxConnections 14 #supportedLDAPPolicies: MaxConnIdleTime 15 #supportedLDAPPolicies: MaxPageSize 16 #supportedLDAPPolicies: MaxQueryDuration 17 #supportedLDAPPolicies: MaxTempTableSize 18 #supportedLDAPPolicies: MaxResultSetSize 19 #supportedLDAPPolicies: MaxNotificationPerConn 20 #supportedLDAPPolicies: MaxValRange 21 supportedLDAPVersion: 2 9 22 supportedLDAPVersion: 3 10 supportedLDAPVersion: 211 dnsHostName: ${DNSNAME}12 ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}13 serverName: ${SERVERDN}14 23 isSynchronized: FALSE 15 24 vendorName: Samba Team (http://samba.org) 16 25 supportedCapabilities: 1.2.840.113556.1.4.800 26 supportedCapabilities: 1.2.840.113556.1.4.1670 17 27 supportedCapabilities: 1.2.840.113556.1.4.1791 18 supportedCapabilities: 1.2.840.113556.1.4.1670 28 supportedCapabilities: 1.2.840.113556.1.4.1935 29 supportedCapabilities: 1.2.840.113556.1.4.2080 -
vendor/current/source4/setup/provision_schema_basedn.ldif
r414 r740 5 5 objectClass: top 6 6 objectClass: dMD 7 cn: Schema 7 msDS-NcType: 0 8 8 nTSecurityDescriptor:: ${DESCRIPTOR} 9 instanceType: 13 -
vendor/current/source4/setup/provision_schema_basedn_modify.ldif
r414 r740 7 7 # "masteredBy", "msDs-masteredBy" filled in later 8 8 replace: objectVersion 9 objectVersion: 309 objectVersion: 47 10 10 -
vendor/current/source4/setup/provision_self_join.ldif
r414 r740 10 10 accountExpires: 9223372036854775807 11 11 dNSHostName: ${DNSNAME} 12 # " frsComputerReferenceBL" doesn't exist since we still miss FRSsupport13 isCriticalSystemObject: TRUE 12 # "MSDFSR-ComputerReferenceBL" doesn't exist since we still miss DFSR support 13 # "isCritcalSystemObject" is now filled in by the samldb LDB module 14 14 localPolicyFlags: 0 15 15 operatingSystem: Samba 16 16 operatingSystemVersion: ${SAMBA_VERSION_STRING} 17 primaryGroupID: 51618 # "rIDSetReferences" doesn't exist since we still miss distributed RIDs19 17 sAMAccountName: ${NETBIOSNAME}$ 20 # "servicePrincipalName" for FRS doesn't exit since we still miss FRS support 21 # "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones", 22 # "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS 23 servicePrincipalName: GC/${DNSNAME}/${REALM} 24 servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} 25 servicePrincipalName: HOST/${NETBIOSNAME} 26 servicePrincipalName: HOST/${DNSNAME} 27 servicePrincipalName: HOST/${DNSNAME}/${REALM} 28 # "servicePrincipalName"s with GUIDs are located in 29 # "provision_self_join_modify.ldif" 30 servicePrincipalName: ldap/${DNSNAME}/${DOMAIN} 31 servicePrincipalName: ldap/${NETBIOSNAME} 32 servicePrincipalName: ldap/${DNSNAME} 33 servicePrincipalName: ldap/${DNSNAME}/${REALM} 18 # The "servicePrincipalName" updates are now handled by the "samba_spnupdate" 19 # script 34 20 userAccountControl: 532480 35 userPassword:: ${MACHINEPASS_B64} 21 clearTextPassword:: ${MACHINEPASS_B64} 22 objectSid: ${DOMAINSID}-${DCRID} 36 23 37 # Here are missing the objects for the NTFRS subscription and the RID set since38 # we don't support those techniques (FRS, distributed RIDs)yet.24 # Here are missing the objects for the NTFRS subscription since we don't 25 # support this technique yet. 39 26 40 27 # Objects under "Configuration/Sites/<Default sitename>/Servers" … … 68 55 options: 1 69 56 systemFlags: 33554432 70 71 # Provides an account for DNS keytab export 72 dn: CN=dns,CN=Users,${DOMAINDN} 73 objectClass: top 74 objectClass: person 75 objectClass: organizationalPerson 76 objectClass: user 77 description: DNS Service Account 78 userAccountControl: 514 79 accountExpires: 9223372036854775807 80 sAMAccountName: dns 81 servicePrincipalName: DNS/${DNSDOMAIN} 82 userPassword:: ${DNSPASS_B64} 83 isCriticalSystemObject: TRUE 57 ${NTDSGUID} -
vendor/current/source4/setup/provision_self_join_modify.ldif
r414 r740 29 29 interSiteTopologyGenerator: CN=NTDS Settings,${SERVERDN} 30 30 31 dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} 32 changetype: add 33 objectClass: rIDSet 34 rIDAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND} 35 rIDPreviousAllocationPool: ${RIDALLOCATIONSTART}-${RIDALLOCATIONEND} 36 rIDUsedPool: 0 37 rIDNextRID: ${RIDALLOCATIONSTART} 38 31 39 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} 32 40 changetype: modify 33 add: servicePrincipalName 34 servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN} 35 servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN} 41 add: rIDSetReferences 42 rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} -
vendor/current/source4/setup/provision_users.ldif
r414 r740 1 # Add default primary groups (domain users, domain guests) - needed for 2 # the users to find valid primary groups (samldb module) 1 # Add default primary groups (domain users, domain guests, domain computers & 2 # domain controllers) - needed for the users to find valid primary groups 3 # (samldb module) 3 4 4 5 dn: CN=Domain Users,CN=Users,${DOMAINDN} … … 18 19 isCriticalSystemObject: TRUE 19 20 21 dn: CN=Domain Computers,CN=Users,${DOMAINDN} 22 objectClass: top 23 objectClass: group 24 description: All workstations and servers joined to the domain 25 objectSid: ${DOMAINSID}-515 26 sAMAccountName: Domain Computers 27 isCriticalSystemObject: TRUE 28 29 dn: CN=Domain Controllers,CN=Users,${DOMAINDN} 30 objectClass: top 31 objectClass: group 32 description: All domain controllers in the domain 33 objectSid: ${DOMAINSID}-516 34 adminCount: 1 35 sAMAccountName: Domain Controllers 36 isCriticalSystemObject: TRUE 37 20 38 # Add users 21 39 … … 23 41 objectClass: user 24 42 description: Built-in account for administering the computer/domain 25 userAccountControl: 6604843 userAccountControl: 512 26 44 objectSid: ${DOMAINSID}-500 27 45 adminCount: 1 28 46 accountExpires: 9223372036854775807 29 47 sAMAccountName: Administrator 30 userPassword:: ${ADMINPASS_B64}48 clearTextPassword:: ${ADMINPASS_B64} 31 49 isCriticalSystemObject: TRUE 32 50 … … 53 71 sAMAccountName: krbtgt 54 72 servicePrincipalName: kadmin/changepw 55 userPassword:: ${KRBTGTPASS_B64}73 clearTextPassword:: ${KRBTGTPASS_B64} 56 74 isCriticalSystemObject: TRUE 57 75 58 76 # Add other groups 77 78 dn: CN=Enterprise Read-only Domain Controllers,CN=Users,${DOMAINDN} 79 objectClass: top 80 objectClass: group 81 description: Members of this group are Read-Only Domain Controllers in the enterprise 82 objectSid: ${DOMAINSID}-498 83 sAMAccountName: Enterprise Read-Only Domain Controllers 84 groupType: -2147483640 85 isCriticalSystemObject: TRUE 86 87 dn: CN=Domain Admins,CN=Users,${DOMAINDN} 88 objectClass: top 89 objectClass: group 90 description: Designated administrators of the domain 91 member: CN=Administrator,CN=Users,${DOMAINDN} 92 objectSid: ${DOMAINSID}-512 93 adminCount: 1 94 sAMAccountName: Domain Admins 95 isCriticalSystemObject: TRUE 96 97 dn: CN=Cert Publishers,CN=Users,${DOMAINDN} 98 objectClass: top 99 objectClass: group 100 description: Members of this group are permitted to publish certificates to the directory 101 objectSid: ${DOMAINSID}-517 102 sAMAccountName: Cert Publishers 103 groupType: -2147483644 104 isCriticalSystemObject: TRUE 105 106 dn: CN=Schema Admins,CN=Users,${DOMAINDN} 107 objectClass: top 108 objectClass: group 109 description: Designated administrators of the schema 110 member: CN=Administrator,CN=Users,${DOMAINDN} 111 objectSid: ${DOMAINSID}-518 112 adminCount: 1 113 sAMAccountName: Schema Admins 114 groupType: -2147483640 115 isCriticalSystemObject: TRUE 59 116 60 117 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} … … 66 123 adminCount: 1 67 124 sAMAccountName: Enterprise Admins 68 isCriticalSystemObject: TRUE 69 70 dn: CN=Domain Computers,CN=Users,${DOMAINDN} 71 objectClass: top 72 objectClass: group 73 description: All workstations and servers joined to the domain 74 objectSid: ${DOMAINSID}-515 75 sAMAccountName: Domain Computers 76 isCriticalSystemObject: TRUE 77 78 dn: CN=Domain Controllers,CN=Users,${DOMAINDN} 79 objectClass: top 80 objectClass: group 81 description: All domain controllers in the domain 82 objectSid: ${DOMAINSID}-516 83 adminCount: 1 84 sAMAccountName: Domain Controllers 85 isCriticalSystemObject: TRUE 86 87 dn: CN=Schema Admins,CN=Users,${DOMAINDN} 88 objectClass: top 89 objectClass: group 90 description: Designated administrators of the schema 91 member: CN=Administrator,CN=Users,${DOMAINDN} 92 objectSid: ${DOMAINSID}-518 93 adminCount: 1 94 sAMAccountName: Schema Admins 95 isCriticalSystemObject: TRUE 96 97 dn: CN=Cert Publishers,CN=Users,${DOMAINDN} 98 objectClass: top 99 objectClass: group 100 description: Members of this group are permitted to publish certificates to the Active Directory 101 groupType: -2147483644 102 objectSid: ${DOMAINSID}-517 103 sAMAccountName: Cert Publishers 104 isCriticalSystemObject: TRUE 105 106 dn: CN=Domain Admins,CN=Users,${DOMAINDN} 107 objectClass: top 108 objectClass: group 109 description: Designated administrators of the domain 110 member: CN=Administrator,CN=Users,${DOMAINDN} 111 objectSid: ${DOMAINSID}-512 112 adminCount: 1 113 sAMAccountName: Domain Admins 125 groupType: -2147483640 114 126 isCriticalSystemObject: TRUE 115 127 … … 123 135 isCriticalSystemObject: TRUE 124 136 137 dn: CN=Read-only Domain Controllers,CN=Users,${DOMAINDN} 138 objectClass: top 139 objectClass: group 140 description: Members of this group are Read-Only Domain Controllers in the domain 141 objectSid: ${DOMAINSID}-521 142 adminCount: 1 143 sAMAccountName: Read-Only Domain Controllers 144 isCriticalSystemObject: TRUE 145 125 146 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} 126 147 objectClass: top … … 132 153 isCriticalSystemObject: TRUE 133 154 134 dn: CN= Read-Only Domain Controllers,CN=Users,${DOMAINDN}135 objectClass: top 136 objectClass: group 137 description: read-only domain controllers138 objectSid: ${DOMAINSID}-5 21139 sAMAccountName: Read-Only Domain Controllers155 dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN} 156 objectClass: top 157 objectClass: group 158 description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain 159 objectSid: ${DOMAINSID}-571 160 sAMAccountName: Allowed RODC Password Replication Group 140 161 groupType: -2147483644 141 162 isCriticalSystemObject: TRUE 142 163 143 dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} 144 objectClass: top 145 objectClass: group 146 description: enterprise read-only domain controllers 147 objectSid: ${DOMAINSID}-498 148 sAMAccountName: Enterprise Read-Only Domain Controllers 164 dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN} 165 objectClass: top 166 objectClass: group 167 description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain 168 member: CN=Read-only Domain Controllers,CN=Users,${DOMAINDN} 169 member: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} 170 member: CN=Domain Admins,CN=Users,${DOMAINDN} 171 member: CN=Cert Publishers,CN=Users,${DOMAINDN} 172 member: CN=Enterprise Admins,CN=Users,${DOMAINDN} 173 member: CN=Schema Admins,CN=Users,${DOMAINDN} 174 member: CN=Domain Controllers,CN=Users,${DOMAINDN} 175 member: CN=krbtgt,CN=Users,${DOMAINDN} 176 objectSid: ${DOMAINSID}-572 177 sAMAccountName: Denied RODC Password Replication Group 149 178 groupType: -2147483644 150 179 isCriticalSystemObject: TRUE 151 180 152 dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} 153 objectClass: top 154 objectClass: group 155 description: Certificate Service DCOM Access 156 objectSid: ${DOMAINSID}-574 157 sAMAccountName: Certificate Service DCOM Access 158 groupType: -2147483644 159 isCriticalSystemObject: TRUE 160 161 dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} 162 objectClass: top 163 objectClass: group 164 description: Cryptographic Operators 165 objectSid: ${DOMAINSID}-569 166 sAMAccountName: Cryptographic Operators 167 groupType: -2147483644 168 isCriticalSystemObject: TRUE 169 170 dn: CN=Event Log Readers,CN=Users,${DOMAINDN} 171 objectClass: top 172 objectClass: group 173 description: Event Log Readers 174 objectSid: ${DOMAINSID}-573 175 sAMAccountName: Event Log Readers 176 groupType: -2147483644 177 isCriticalSystemObject: TRUE 181 # NOTICE: Some other users and groups which rely on automatic SIDs are located 182 # in "provision_self_join_modify.ldif" 178 183 179 184 # Add foreign security principals … … 194 199 objectSid: S-1-5-11 195 200 196 dn: CN=S-1-5- 20,CN=ForeignSecurityPrincipals,${DOMAINDN}197 objectClass: top 198 objectClass: foreignSecurityPrincipal 199 objectSid: S-1-5- 20201 dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} 202 objectClass: top 203 objectClass: foreignSecurityPrincipal 204 objectSid: S-1-5-17 200 205 201 206 # Add builtin objects … … 213 218 systemFlags: -1946157056 214 219 groupType: -2147483643 215 privilege: SeSecurityPrivilege216 privilege: SeBackupPrivilege217 privilege: SeRestorePrivilege218 privilege: SeSystemtimePrivilege219 privilege: SeShutdownPrivilege220 privilege: SeRemoteShutdownPrivilege221 privilege: SeTakeOwnershipPrivilege222 privilege: SeDebugPrivilege223 privilege: SeSystemEnvironmentPrivilege224 privilege: SeSystemProfilePrivilege225 privilege: SeProfileSingleProcessPrivilege226 privilege: SeIncreaseBasePriorityPrivilege227 privilege: SeLoadDriverPrivilege228 privilege: SeCreatePagefilePrivilege229 privilege: SeIncreaseQuotaPrivilege230 privilege: SeChangeNotifyPrivilege231 privilege: SeUndockPrivilege232 privilege: SeManageVolumePrivilege233 privilege: SeImpersonatePrivilege234 privilege: SeCreateGlobalPrivilege235 privilege: SeEnableDelegationPrivilege236 privilege: SeInteractiveLogonRight237 privilege: SeNetworkLogonRight238 privilege: SeRemoteInteractiveLogonRight239 220 isCriticalSystemObject: TRUE 240 221 … … 242 223 objectClass: top 243 224 objectClass: group 244 description: Users are prevented from making accidental or intentional system-wide changes . Thus, Users can run certified applications, but not most legacyapplications225 description: Users are prevented from making accidental or intentional system-wide changes and can run most applications 245 226 member: CN=Domain Users,CN=Users,${DOMAINDN} 246 227 member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN} … … 264 245 isCriticalSystemObject: TRUE 265 246 247 dn: CN=Account Operators,CN=Builtin,${DOMAINDN} 248 objectClass: top 249 objectClass: group 250 description: Members can administer domain user and group accounts 251 objectSid: S-1-5-32-548 252 adminCount: 1 253 sAMAccountName: Account Operators 254 systemFlags: -1946157056 255 groupType: -2147483643 256 isCriticalSystemObject: TRUE 257 258 dn: CN=Server Operators,CN=Builtin,${DOMAINDN} 259 objectClass: top 260 objectClass: group 261 description: Members can administer domain servers 262 objectSid: S-1-5-32-549 263 adminCount: 1 264 sAMAccountName: Server Operators 265 systemFlags: -1946157056 266 groupType: -2147483643 267 isCriticalSystemObject: TRUE 268 266 269 dn: CN=Print Operators,CN=Builtin,${DOMAINDN} 267 270 objectClass: top … … 273 276 systemFlags: -1946157056 274 277 groupType: -2147483643 275 privilege: SeLoadDriverPrivilege276 privilege: SeShutdownPrivilege277 privilege: SeInteractiveLogonRight278 278 isCriticalSystemObject: TRUE 279 279 … … 287 287 systemFlags: -1946157056 288 288 groupType: -2147483643 289 privilege: SeBackupPrivilege290 privilege: SeRestorePrivilege291 privilege: SeShutdownPrivilege292 privilege: SeInteractiveLogonRight293 289 isCriticalSystemObject: TRUE 294 290 … … 302 298 systemFlags: -1946157056 303 299 groupType: -2147483643 304 isCriticalSystemObject: TRUE305 306 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}307 objectClass: top308 objectClass: group309 description: Members in this group are granted the right to logon remotely310 objectSid: S-1-5-32-555311 sAMAccountName: Remote Desktop Users312 systemFlags: -1946157056313 groupType: -2147483643314 isCriticalSystemObject: TRUE315 316 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}317 objectClass: top318 objectClass: group319 description: Members in this group can have some administrative privileges to manage configuration of networking features320 objectSid: S-1-5-32-556321 sAMAccountName: Network Configuration Operators322 systemFlags: -1946157056323 groupType: -2147483643324 isCriticalSystemObject: TRUE325 326 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}327 objectClass: top328 objectClass: group329 description: Members of this group have remote access to monitor this computer330 objectSid: S-1-5-32-558331 sAMAccountName: Performance Monitor Users332 systemFlags: -1946157056333 groupType: -2147483643334 isCriticalSystemObject: TRUE335 336 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}337 objectClass: top338 objectClass: group339 description: Members of this group have remote access to schedule logging of performance counters on this computer340 member: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}341 objectSid: S-1-5-32-559342 sAMAccountName: Performance Log Users343 systemFlags: -1946157056344 groupType: -2147483643345 isCriticalSystemObject: TRUE346 347 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}348 objectClass: top349 objectClass: group350 description: Members can administer domain servers351 objectSid: S-1-5-32-549352 adminCount: 1353 sAMAccountName: Server Operators354 systemFlags: -1946157056355 groupType: -2147483643356 privilege: SeBackupPrivilege357 privilege: SeSystemtimePrivilege358 privilege: SeRemoteShutdownPrivilege359 privilege: SeRestorePrivilege360 privilege: SeShutdownPrivilege361 privilege: SeInteractiveLogonRight362 isCriticalSystemObject: TRUE363 364 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}365 objectClass: top366 objectClass: group367 description: Members can administer domain user and group accounts368 objectSid: S-1-5-32-548369 adminCount: 1370 sAMAccountName: Account Operators371 systemFlags: -1946157056372 groupType: -2147483643373 privilege: SeInteractiveLogonRight374 300 isCriticalSystemObject: TRUE 375 301 … … 383 309 systemFlags: -1946157056 384 310 groupType: -2147483643 385 privilege: SeRemoteInteractiveLogonRight 386 privilege: SeChangeNotifyPrivilege 311 isCriticalSystemObject: TRUE 312 313 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} 314 objectClass: top 315 objectClass: group 316 description: Members in this group are granted the right to logon remotely 317 objectSid: S-1-5-32-555 318 sAMAccountName: Remote Desktop Users 319 systemFlags: -1946157056 320 groupType: -2147483643 321 isCriticalSystemObject: TRUE 322 323 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN} 324 objectClass: top 325 objectClass: group 326 description: Members in this group can have some administrative privileges to manage configuration of networking features 327 objectSid: S-1-5-32-556 328 sAMAccountName: Network Configuration Operators 329 systemFlags: -1946157056 330 groupType: -2147483643 387 331 isCriticalSystemObject: TRUE 388 332 … … 393 337 objectSid: S-1-5-32-557 394 338 sAMAccountName: Incoming Forest Trust Builders 339 systemFlags: -1946157056 340 groupType: -2147483643 341 isCriticalSystemObject: TRUE 342 343 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} 344 objectClass: top 345 objectClass: group 346 description: Members of this group can access performance counter data locally and remotely 347 objectSid: S-1-5-32-558 348 sAMAccountName: Performance Monitor Users 349 systemFlags: -1946157056 350 groupType: -2147483643 351 isCriticalSystemObject: TRUE 352 353 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} 354 objectClass: top 355 objectClass: group 356 description: Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer 357 objectSid: S-1-5-32-559 358 sAMAccountName: Performance Log Users 395 359 systemFlags: -1946157056 396 360 groupType: -2147483643 … … 411 375 objectClass: top 412 376 objectClass: group 413 description: Terminal Server License Servers377 description: Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage 414 378 objectSid: S-1-5-32-561 415 379 sAMAccountName: Terminal Server License Servers … … 428 392 isCriticalSystemObject: TRUE 429 393 394 dn: CN=IIS_IUSRS,CN=Builtin,${DOMAINDN} 395 objectClass: top 396 objectClass: group 397 description: Built-in group used by Internet Information Services. 398 member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} 399 objectSid: S-1-5-32-568 400 sAMAccountName: IIS_IUSRS 401 systemFlags: -1946157056 402 groupType: -2147483643 403 isCriticalSystemObject: TRUE 404 405 dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN} 406 objectClass: top 407 objectClass: group 408 description: Members are authorized to perform cryptographic operations. 409 objectSid: S-1-5-32-569 410 sAMAccountName: Cryptographic Operators 411 systemFlags: -1946157056 412 groupType: -2147483643 413 isCriticalSystemObject: TRUE 414 415 dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN} 416 objectClass: top 417 objectClass: group 418 description: Members of this group can read event logs from local machine 419 objectSid: S-1-5-32-573 420 sAMAccountName: Event Log Readers 421 systemFlags: -1946157056 422 groupType: -2147483643 423 isCriticalSystemObject: TRUE 424 425 dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN} 426 objectClass: top 427 objectClass: group 428 description: Members of this group are allowed to connect to Certification Authorities in the enterprise 429 objectSid: S-1-5-32-574 430 sAMAccountName: Certificate Service DCOM Access 431 systemFlags: -1946157056 432 groupType: -2147483643 433 isCriticalSystemObject: TRUE 434 430 435 # Add well known security principals 431 436 … … 485 490 objectSid: S-1-5-4 486 491 492 dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN} 493 objectClass: top 494 objectClass: foreignSecurityPrincipal 495 objectSid: S-1-5-17 496 487 497 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} 488 498 objectClass: top … … 510 520 objectSid: S-1-5-1000 511 521 522 dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN} 523 objectClass: top 524 objectClass: foreignSecurityPrincipal 525 objectSid: S-1-3-4 526 512 527 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} 513 528 objectClass: top … … 540 555 objectSid: S-1-5-6 541 556 557 dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN} 558 objectClass: top 559 objectClass: foreignSecurityPrincipal 560 objectSid: S-1-5-18 561 542 562 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} 543 563 objectClass: top … … 549 569 objectClass: foreignSecurityPrincipal 550 570 objectSid: S-1-5-15 551 552 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}553 objectClass: top554 objectClass: foreignSecurityPrincipal555 objectSid: S-1-5-18 -
vendor/current/source4/setup/schema-map-fedora-ds-1.0
r414 r740 1 #Standard OpenLDAPattributes1 #Standard Fedora DS attributes 2 2 name 3 3 objectClasses … … 13 13 dITContentRules 14 14 top 15 15 16 #This should be provided by the LDAP server, only in our schema to permit provision 16 17 aci 18 17 19 #Skip ObjectClasses 20 sambaSamAccount 21 sambaGroupMapping 22 sambaTrustPassword 23 sambaTrustedDomainPassword 24 sambaDomain 25 sambaUnixIdPool 26 sambaIdmapEntry 27 sambaSidEntry 28 sambaConfig 29 sambaShare 30 sambaConfigOption 31 18 32 #MiddleName has a conflicting OID 19 33 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 20 34 #defaultGroup has a conflicting OID 21 35 1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2 36 #thumbnailPhoto has a conflicting OID 37 2.16.840.1.113730.3.1.35:1.3.6.1.4.1.7165.4.255.10 38 #thumbnailLogo has a conflicting OID 39 2.16.840.1.113730.3.1.36:1.3.6.1.4.1.7165.4.255.11 40 22 41 #This large integer format is unimplemented in OpenLDAP 2.3 23 42 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 24 43 #This case insensitive string isn't available 25 1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1. 1544 1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.44 26 45 #Treat Security Descriptors as binary 27 46 1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 28 #NumbericString is not supported in Fedora DS 1.0, map to a directory string29 1.3.6.1.4.1.1466.115.121.1.36:1.3.6.1.4.1.1466.115.121.1.1530 47 #Treat Object(DN-Binary) as a binary blob 31 48 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.40 32 #Printable String as IA5 String33 1.3.6.1.4.1.1466.115.121.1.44:1.3.6.1.4.1.1466.115.121.1.2634 49 #UTC Time as Generalized Time 35 50 1.3.6.1.4.1.1466.115.121.1.53:1.3.6.1.4.1.1466.115.121.1.24 36 51 #DN with String as Directory String 37 1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.15 52 1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.40 53 #attribute names, declared at OIDs fail 54 1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44 38 55 #Presentation Address as Directory String 39 56 1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15 57 58 #Remap into existing schema 59 pwdLastSet 60 pwdLastSet:sambaPwdLastSet 61 lastLogon 62 lastLogon:sambaLogonTime 63 lastLogoff 64 lastLogoff:sambaLogoffTime 65 badPwdCount 66 badPwdCount:sambaBadPasswordCount 67 logonHours 68 logonHours:sambaLogonHours 69 homeDrive 70 homeDrive:sambaHomeDrive 71 scriptPath 72 scriptPath:sambaLogonScript 73 profilePath 74 profilePath:sambaProfilePath 75 userWorkstations 76 userWorkstations:sambaUserWorkstations 77 homeDirectory 78 homeDirectory:sambaHomePath 79 groupType 80 groupType:sambaGroupType 81 nextRid 82 nextRid:sambaNextRid 83 privilegeDisplayName 84 privilegeDisplayName:sambaPrivName 85 objectSid 86 objectSid:sambaSID -
vendor/current/source4/setup/schema-map-openldap-2.3
r414 r740 16 16 #The memberOf plugin provides this attribute 17 17 memberOf 18 #'name' is the RDN in AD, but 'name' means something else in 19 #OpenLDAP. We use rdnValue for the mapping, but this is provided by 20 #the rdnval overlay. 21 name 18 22 #These conflict with OpenLDAP builtins 19 23 attributeTypes:samba4AttributeTypes … … 25 29 subSchema:samba4SubSchema 26 30 2.5.20.1:1.3.6.1.4.1.7165.4.255.4 27 #'name' is the RDN in AD, but something else in OpenLDAP28 name:samba4RDN29 31 #Remap these so that we don't put operational attributes in a schema MAY 30 32 modifyTimeStamp:samba4ModifyTimestamp -
vendor/current/source4/setup/schema_samba4.ldif
r414 r740 122 122 #oMSyntax: 20 123 123 124 dn: cn=privilege,${SCHEMADN} 125 objectClass: top 126 objectClass: attributeSchema 127 cn: privilege 128 lDAPDisplayName: privilege 129 isSingleValued: FALSE 130 systemFlags: 17 131 systemOnly: TRUE 132 schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 133 adminDisplayName: Privilege 134 attributeID: 1.3.6.1.4.1.7165.4.1.7 135 attributeSyntax: 2.5.5.4 136 oMSyntax: 20 124 # not used anymore 125 #dn: cn=privilege,${SCHEMADN} 126 #objectClass: top 127 #objectClass: attributeSchema 128 #cn: privilege 129 #lDAPDisplayName: privilege 130 #isSingleValued: FALSE 131 #systemFlags: 17 132 #systemOnly: TRUE 133 #schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 134 #adminDisplayName: Privilege 135 #attributeID: 1.3.6.1.4.1.7165.4.1.7 136 #attributeSyntax: 2.5.5.4 137 #oMSyntax: 20 137 138 138 139 # … … 172 173 #oMSyntax: 4 173 174 175 # Controls 1.3.6.1.4.1.7165.4.3.x 174 176 #Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 175 176 177 #Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2 177 178 178 #Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3 179 179 #Allocated: DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4 180 #Allocated: LDB_CONTROL_RECALCULATE_SD_OID 1.3.6.1.4.1.7165.4.3.5 181 #Allocated: LDB_CONTROL_REVEAL_INTERNALS 1.3.6.1.4.1.7165.4.3.6 182 #Allocated: LDB_CONTROL_AS_SYSTEM_OID 1.3.6.1.4.1.7165.4.3.7 183 #Allocated: DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID 1.3.6.1.4.1.7165.4.3.8 184 #Allocated: DSDB_CONTROL_PASSWORD_HASH_VALUES_OID 1.3.6.1.4.1.7165.4.3.9 185 #Allocated: DSDB_CONTROL_PASSWORD_CHANGE_OID 1.3.6.1.4.1.7165.4.3.10 186 #Allocated: DSDB_CONTROL_APPLY_LINKS 1.3.6.1.4.1.7165.4.3.11 187 #Allocated: DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 1.3.6.1.4.1.7165.4.3.12 188 #Allocated: LDB_CONTROL_BYPASS_OPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13 189 #Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_OID 1.3.6.1.4.1.7165.4.3.14 190 #Allocated: (not used anymore) DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15 191 #Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16 192 193 # Extended 1.3.6.1.4.1.7165.4.4.x 180 194 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 181 195 #Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2 182 196 #Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3 197 #Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4 198 #Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5 183 199 184 200 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 … … 194 210 #Allocated: (entryTTL) samba4EntryTTL: 1.3.6.1.4.1.7165.4.255.9 195 211 212 #Allocated: (thumbnailPhoto) attributeID: 1.3.6.1.4.1.7165.4.255.10 213 #Allocated: (thumbnailLogo) attributeID: 1.3.6.1.4.1.7165.4.255.11 214 196 215 # 197 216 # Based on domainDNS, but without the DNS bits. 198 217 # 199 218 200 dn: CN=Samba4-Local-Domain,${SCHEMADN} 201 objectClass: top 202 objectClass: classSchema 203 cn: Samba4-Local-Domain 204 subClassOf: top 205 governsID: 1.3.6.1.4.1.7165.4.2.2 206 rDNAttID: cn 207 adminDisplayName: Samba4-Local-Domain 208 adminDescription: Samba4-Local-Domain 209 systemMayContain: msDS-Behavior-Version 210 systemMayContain: managedBy 211 objectClassCategory: 1 212 lDAPDisplayName: samba4LocalDomain 213 schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293 214 systemOnly: FALSE 215 systemAuxiliaryClass: samDomain 216 defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 217 systemFlags: 16 218 defaultHidingValue: TRUE 219 defaultObjectCategory: CN=Samba4-Local-Domain,${SCHEMADN} 219 # 220 # Not used anymore 221 # 222 #dn: CN=Samba4-Local-Domain,${SCHEMADN} 223 #objectClass: top 224 #objectClass: classSchema 225 #cn: Samba4-Local-Domain 226 #subClassOf: top 227 #governsID: 1.3.6.1.4.1.7165.4.2.2 228 #rDNAttID: cn 229 #adminDisplayName: Samba4-Local-Domain 230 #adminDescription: Samba4-Local-Domain 231 #systemMayContain: msDS-Behavior-Version 232 #systemMayContain: managedBy 233 #objectClassCategory: 1 234 #lDAPDisplayName: samba4LocalDomain 235 #schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293 236 #systemOnly: FALSE 237 #systemAuxiliaryClass: samDomain 238 #defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 239 #systemFlags: 16 240 #defaultHidingValue: TRUE 241 #defaultObjectCategory: CN=Samba4-Local-Domain,${SCHEMADN} 220 242 221 243 … … 269 291 systemMayContain: msDS-ReplValueMetaData 270 292 systemMayContain: msDS-ReplAttributeMetaData 293 systemMayContain: msDS-NcType 271 294 systemMayContain: msDS-NonMembersBL 272 295 systemMayContain: msDS-NCReplOutboundNeighbors … … 314 337 systemMustContain: nTSecurityDescriptor 315 338 systemMustContain: instanceType 316 systemAuxiliaryClass: samba4TopExtra317 339 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) 318 340 systemFlags: 16 … … 321 343 defaultObjectCategory: CN=Samba4Top,${SCHEMADN} 322 344 323 324 dn: CN=Samba4TopExtra,${SCHEMADN}325 objectClass: top326 objectClass: classSchema327 cn: Samba4TopExtra328 subClassOf: top329 governsID: 1.3.6.1.4.1.7165.4.2.3330 rDNAttID: cn331 adminDisplayName: Samba4TopExtra332 adminDescription: Attributes used in top in Samba4 that OpenLDAP does not333 objectClassCategory: 2334 lDAPDisplayName: samba4TopExtra335 schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e336 systemOnly: TRUE337 mayContain: privilege338 systemPossSuperiors: lostAndFound339 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)340 systemFlags: 16341 defaultHidingValue: TRUE342 objectCategory: CN=Class-Schema,${SCHEMADN}343 defaultObjectCategory: CN=Samba4TopExtra,${SCHEMADN}344 -
vendor/current/source4/setup/secrets_dns.ldif
r414 r740 1 1 #Update a keytab for the external DNS server to use 2 dn: s ervicePrincipalName=DNS/${DNSDOMAIN},CN=Principals2 dn: samAccountName=dns-${HOSTNAME},CN=Principals 3 3 objectClass: top 4 4 objectClass: secret … … 6 6 realm: ${REALM} 7 7 servicePrincipalName: DNS/${DNSDOMAIN} 8 servicePrincipalName: DNS/${DNSNAME} 8 9 msDS-KeyVersionNumber: 1 9 10 privateKeytab: ${DNS_KEYTAB} 10 11 secret:: ${DNSPASS_B64} 11 12 samAccountName: dns-${HOSTNAME} -
vendor/current/source4/setup/secrets_init.ldif
r414 r740 5 5 6 6 dn: @ATTRIBUTES 7 cn: CASE_INSENSITIVE 7 8 realm: CASE_INSENSITIVE 8 9 flatname: CASE_INSENSITIVE … … 12 13 #beware often order is important 13 14 dn: @MODULES 14 @LIST: update_keytab,operational,objectguid,rdn_name15 @LIST: samba_secrets 15 16 -
vendor/current/source4/setup/slapd.conf
r414 r740 49 49 rootdn cn=Manager 50 50 51 moduleload rdnval 52 53 moduleload deref 51 54 overlay deref 52 55 56 moduleload refint 53 57 ${REFINT_CONFIG} 54 58 59 moduleload memberof 55 60 ${MEMBEROF_CONFIG} 61 62 moduleload syncprov 56 63 57 64 database ldif … … 88 95 syncprov-checkpoint 100 10 89 96 97 overlay rdnval 90 98 91 99 ### Multimaster-Replication of cn=schema Subcontext ### … … 108 116 syncprov-checkpoint 100 10 109 117 118 overlay rdnval 119 110 120 ### Multimaster-Replication of cn=config Subcontext ### 111 121 ${MMR_SYNCREPL_CONFIG_CONFIG} … … 127 137 syncprov-checkpoint 100 10 128 138 139 overlay rdnval 140 129 141 ### Multimaster-Replication of cn=user/base-dn context ### 130 142 ${MMR_SYNCREPL_USER_CONFIG} -
vendor/current/source4/setup/tests/blackbox_newuser.sh
r414 r740 14 14 15 15 16 testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc 16 rm -rf $PREFIX/simple-dc 17 testit "simple-dc" $PYTHON $SRCDIR/source4/setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc 18 samba_tool="./bin/samba-tool" 17 19 18 20 CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf" 19 21 20 testit "newuser" $PYTHON ./setup/newuser $CONFIG testuser testpass 22 #two test for creating new user 23 #newuser account is created with cn=Given Name Initials. Surname 24 #newuser1 account is created using cn=username 25 testit "newuser" $samba_tool newuser $CONFIG --given-name="User" --surname="Tester" --initials="T" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="http://samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" NewUser testp@ssw0Rd 26 testit "newuser" $samba_tool newuser $CONFIG --use-username-as-cn --given-name="User1" --surname="Tester1" --initials="UT1" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="http://samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" NewUser1 testp@ssw0Rd 21 27 22 28 # check the enable account script 23 testit "enableaccount" $PYTHON ./setup/enableaccount $CONFIG testuser 29 testit "enableaccount" $samba_tool enableaccount $CONFIG NewUser 30 testit "enableaccount" $samba_tool enableaccount $CONFIG NewUser1 24 31 25 32 # check the enable account script 26 testit "setpassword" $PYTHON ./setup/setpassword $CONFIG testuser --newpassword=testpass2 33 testit "setpassword" $samba_tool setpassword $CONFIG NewUser --newpassword=testp@ssw0Rd2 34 testit "setpassword" $samba_tool setpassword $CONFIG NewUser1 --newpassword=testp@ssw0Rd2 27 35 28 36 # check the setexpiry script 29 testit "noexpiry" $PYTHON ./setup/setexpiry $CONFIG testuser --noexpiry 30 testit "expiry" $PYTHON ./setup/setexpiry $CONFIG testuser --days=7 37 testit "noexpiry" $samba_tool setexpiry $CONFIG NewUser --noexpiry 38 testit "noexpiry" $samba_tool setexpiry $CONFIG NewUser1 --noexpiry 39 testit "expiry" $samba_tool setexpiry $CONFIG NewUser --days=7 40 testit "expiry" $samba_tool setexpiry $CONFIG NewUser1 --days=7 31 41 32 42 exit $failed -
vendor/current/source4/setup/tests/blackbox_provision-backend.sh
r414 r740 13 13 . `dirname $0`/../../../testprogs/blackbox/subunit.sh 14 14 15 testit "openldap-backend" $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null16 testit "openldap-mmr-backend" $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls='ldap://localdc1:9000,ldap://localdc2:9000,ldap://localdc3:9000' --ldap-dryrun-mode --slapd-path=/dev/null17 testit "fedora-ds-backend" $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null15 testit "openldap-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null 16 testit "openldap-mmr-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --ldap-dryrun-mode --slapd-path=/dev/null --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux 17 testit "fedora-ds-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null 18 18 19 19 reprovision() { 20 $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null21 $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null20 $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null 21 $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null 22 22 } 23 23 -
vendor/current/source4/setup/tests/blackbox_provision.sh
r414 r740 13 13 . `dirname $0`/../../../testprogs/blackbox/subunit.sh 14 14 15 testit "simple-default" $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-default 16 testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc 17 testit "simple-member" $PYTHON ./setup/provision --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member 18 testit "simple-standalone" $PYTHON ./setup/provision --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone 19 testit "blank-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank 20 testit "partitions-only-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/partitions-only-dc --partitions-only 15 #Prepare an empty smb.conf to ensure it is overwritten 16 rm -rf $PREFIX/simple-default 17 mkdir -p $PREFIX/simple-default/etc 18 touch $PREFIX/simple-default/etc/smb.conf 19 testit "simple-default" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-default 20 #And try with just whitespace 21 rm -rf $PREFIX/simple-dc 22 mkdir -p $PREFIX/simple-dc/etc 23 echo " " > $PREFIX/simple-dc/etc/smb.conf 24 testit "simple-dc" $PYTHON $SRCDIR/source4/setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc 25 #The rest of these tests are with no smb.conf file present 26 27 rm -rf $PREFIX/simple-dc 28 testit "simple-dc-guids" $PYTHON $SRCDIR/source4/setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --domain-guid=6054d36d-2bfd-44f1-a9cd-32cfbb06480b --ntds-guid=b838f255-c8aa-4fe8-9402-b7d61ca3bd1b --invocationid=6d4cff9a-2bbf-4b4c-98a2-36242ddb0bd6 --targetdir=$PREFIX/simple-dc 29 rm -rf $PREFIX/simple-member 30 testit "simple-member" $PYTHON $SRCDIR/source4/setup/provision --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member 31 rm -rf $PREFIX/simple-standalone 32 testit "simple-standalone" $PYTHON $SRCDIR/source4/setup/provision --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone 33 rm -rf $PREFIX/blank-dc 34 testit "blank-dc" $PYTHON $SRCDIR/source4/setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank 35 rm -rf $PREFIX/partitions-only-dc 36 testit "partitions-only-dc" $PYTHON $SRCDIR/source4/setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/partitions-only-dc --partitions-only 21 37 22 38 reprovision() { 23 $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" 24 $PYTHON ./setup/provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" 39 rm -rf $PREFIX/reprovision 40 $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" 41 $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" 25 42 } 26 43 27 44 testit "reprovision" reprovision 45 rm -rf $PREFIX/simple-default 46 rm -rf $PREFIX/simple-dc 47 rm -rf $PREFIX/blank-dc 48 rm -rf $PREFIX/simple-member 49 rm -rf $PREFIX/simple-standalone 50 rm -rf $PREFIX/partitions-only-dc 51 rm -rf $PREFIX/reprovision 28 52 29 53 exit $failed -
vendor/current/source4/setup/tests/blackbox_setpassword.sh
r414 r740 13 13 . `dirname $0`/../../../testprogs/blackbox/subunit.sh 14 14 15 testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc 15 samba_tool="./bin/samba-tool" 16 16 17 testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass 17 rm -rf $PREFIX/simple-dc 18 testit "simple-dc" $PYTHON $SRCDIR/source4/setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc 18 19 19 testit " setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass20 testit "newuser" $samba_tool newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testp@ssw0Rd 20 21 21 testit "setpassword" $ PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass --must-change-at-next-login22 testit "setpassword" $samba_tool setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp@ssw0Rd 22 23 23 testit "pwsettings" $PYTHON ./setup/pwsettings --quiet set --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default 24 testit "setpassword" $samba_tool setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp@ssw0Rd --must-change-at-next-login 25 26 testit "pwsettings" $samba_tool pwsettings --quiet set --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default --store-plaintext=on 24 27 25 28 exit $failed
Note:
See TracChangeset
for help on using the changeset viewer.
