summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-01-06 09:26:17 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-08 13:03:00 +1100
commit53d10d139e569f9132193e8f8c268638eab30a0b (patch)
tree72423a88f4a19086a4fcd52853bc92c55d3eeaac
parent1053ce529d2ed833edd9343c36f28b4ba788db96 (diff)
downloadsamba-53d10d139e569f9132193e8f8c268638eab30a0b.tar.gz
samba-53d10d139e569f9132193e8f8c268638eab30a0b.tar.bz2
samba-53d10d139e569f9132193e8f8c268638eab30a0b.zip
s4-provision: don't hard wire the creation of the RID Set object
We now create it automatically in the samldb module when the first user is created. The creation of the dns user also had to move to the _modify.ldif as it now relies on the fSMO role being setup for the RID Manager Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/scripting/python/samba/provision.py4
-rw-r--r--source4/setup/provision.ldif3
-rw-r--r--source4/setup/provision_self_join.ldif26
-rw-r--r--source4/setup/provision_self_join_modify.ldif14
4 files changed, 18 insertions, 29 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 62ca9282d1..bb47d2bd5c 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -793,7 +793,6 @@ def setup_self_join(samdb, names,
"DEFAULTSITE": names.sitename,
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
"MACHINEPASS_B64": b64encode(machinepass),
- "DNSPASS_B64": b64encode(dnspass),
"REALM": names.realm,
"DOMAIN": names.domain,
"DOMAINSID": str(domainsid),
@@ -825,7 +824,8 @@ def setup_self_join(samdb, names,
"DEFAULTSITE": names.sitename,
"SERVERDN": names.serverdn,
"NETBIOSNAME": names.netbiosname,
- "NTDSGUID": names.ntdsguid
+ "NTDSGUID": names.ntdsguid,
+ "DNSPASS_B64": b64encode(dnspass),
})
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index db29d3a108..eb7bd02db6 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -431,8 +431,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectClass: top
objectClass: rIDManager
systemFlags: -1946157056
-# we have granted up to 1499 to ourselves in a RID Set
-rIDAvailablePool: 1500-1073741823
+rIDAvailablePool: 1000-1073741823
isCriticalSystemObject: TRUE
dn: CN=RpcServices,CN=System,${DOMAINDN}
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 0ad1b90fdb..48f7157679 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -15,7 +15,6 @@ localPolicyFlags: 0
operatingSystem: Samba
operatingSystemVersion: ${SAMBA_VERSION_STRING}
primaryGroupID: 516
-rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
sAMAccountName: ${NETBIOSNAME}$
# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
@@ -33,16 +32,7 @@ servicePrincipalName: ldap/${DNSNAME}
servicePrincipalName: ldap/${DNSNAME}/${REALM}
userAccountControl: 532480
userPassword:: ${MACHINEPASS_B64}
-objectSID: ${DOMAINSID}-1001
-
-dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
-objectClass: top
-objectClass: rIDSet
-rIDAllocationPool: 1000-1499
-rIDPreviousAllocationPool: 1000-1499
-rIDUsedPool: 0
-rIDNextRID: 1001
-
+objectSID: ${DOMAINSID}-1000
# Here are missing the objects for the NTFRS subscription and the RID set since
# we don't support those techniques (FRS, distributed RIDs) yet.
@@ -78,17 +68,3 @@ msDS-hasMasterNCs: ${DOMAINDN}
options: 1
systemFlags: 33554432
${NTDSGUID}
-
-# Provides an account for DNS keytab export
-dn: CN=dns,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account
-userAccountControl: 514
-accountExpires: 9223372036854775807
-sAMAccountName: dns
-servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index dfcca728f2..394398a9b9 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -33,3 +33,17 @@ changetype: modify
add: servicePrincipalName
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
+
+dn: CN=dns,CN=Users,${DOMAINDN}
+changetype: add
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+servicePrincipalName: DNS/${DNSDOMAIN}
+userPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE