diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-01-06 09:26:17 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-01-08 13:03:00 +1100 |
commit | 53d10d139e569f9132193e8f8c268638eab30a0b (patch) | |
tree | 72423a88f4a19086a4fcd52853bc92c55d3eeaac | |
parent | 1053ce529d2ed833edd9343c36f28b4ba788db96 (diff) | |
download | samba-53d10d139e569f9132193e8f8c268638eab30a0b.tar.gz samba-53d10d139e569f9132193e8f8c268638eab30a0b.tar.bz2 samba-53d10d139e569f9132193e8f8c268638eab30a0b.zip |
s4-provision: don't hard wire the creation of the RID Set object
We now create it automatically in the samldb module when the first
user is created.
The creation of the dns user also had to move to the _modify.ldif as
it now relies on the fSMO role being setup for the RID Manager
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/scripting/python/samba/provision.py | 4 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 3 | ||||
-rw-r--r-- | source4/setup/provision_self_join.ldif | 26 | ||||
-rw-r--r-- | source4/setup/provision_self_join_modify.ldif | 14 |
4 files changed, 18 insertions, 29 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 62ca9282d1..bb47d2bd5c 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -793,7 +793,6 @@ def setup_self_join(samdb, names, "DEFAULTSITE": names.sitename, "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), "MACHINEPASS_B64": b64encode(machinepass), - "DNSPASS_B64": b64encode(dnspass), "REALM": names.realm, "DOMAIN": names.domain, "DOMAINSID": str(domainsid), @@ -825,7 +824,8 @@ def setup_self_join(samdb, names, "DEFAULTSITE": names.sitename, "SERVERDN": names.serverdn, "NETBIOSNAME": names.netbiosname, - "NTDSGUID": names.ntdsguid + "NTDSGUID": names.ntdsguid, + "DNSPASS_B64": b64encode(dnspass), }) diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index db29d3a108..eb7bd02db6 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -431,8 +431,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -# we have granted up to 1499 to ourselves in a RID Set -rIDAvailablePool: 1500-1073741823 +rIDAvailablePool: 1000-1073741823 isCriticalSystemObject: TRUE dn: CN=RpcServices,CN=System,${DOMAINDN} diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 0ad1b90fdb..48f7157679 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -15,7 +15,6 @@ localPolicyFlags: 0 operatingSystem: Samba operatingSystemVersion: ${SAMBA_VERSION_STRING} primaryGroupID: 516 -rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} sAMAccountName: ${NETBIOSNAME}$ # "servicePrincipalName" for FRS doesn't exit since we still miss FRS support # "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones", @@ -33,16 +32,7 @@ servicePrincipalName: ldap/${DNSNAME} servicePrincipalName: ldap/${DNSNAME}/${REALM} userAccountControl: 532480 userPassword:: ${MACHINEPASS_B64} -objectSID: ${DOMAINSID}-1001 - -dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} -objectClass: top -objectClass: rIDSet -rIDAllocationPool: 1000-1499 -rIDPreviousAllocationPool: 1000-1499 -rIDUsedPool: 0 -rIDNextRID: 1001 - +objectSID: ${DOMAINSID}-1000 # Here are missing the objects for the NTFRS subscription and the RID set since # we don't support those techniques (FRS, distributed RIDs) yet. @@ -78,17 +68,3 @@ msDS-hasMasterNCs: ${DOMAINDN} options: 1 systemFlags: 33554432 ${NTDSGUID} - -# Provides an account for DNS keytab export -dn: CN=dns,CN=Users,${DOMAINDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -description: DNS Service Account -userAccountControl: 514 -accountExpires: 9223372036854775807 -sAMAccountName: dns -servicePrincipalName: DNS/${DNSDOMAIN} -userPassword:: ${DNSPASS_B64} -isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif index dfcca728f2..394398a9b9 100644 --- a/source4/setup/provision_self_join_modify.ldif +++ b/source4/setup/provision_self_join_modify.ldif @@ -33,3 +33,17 @@ changetype: modify add: servicePrincipalName servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN} servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN} + +dn: CN=dns,CN=Users,${DOMAINDN} +changetype: add +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +description: DNS Service Account +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +servicePrincipalName: DNS/${DNSDOMAIN} +userPassword:: ${DNSPASS_B64} +isCriticalSystemObject: TRUE |