diff options
| author | Stefan Metzmacher <metze@samba.org> | 2005-04-05 07:03:31 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:11:26 -0500 |
| commit | cf52d62ec998ae30f4460e75817b0503894aff5d (patch) | |
| tree | 6b22b0c3acfae28bc57bf45937a143a25e1aa0a5 /source4/setup | |
| parent | f9b3a8d3b9a0d83b47f2de6229db59221b4dd68d (diff) | |
| download | samba-cf52d62ec998ae30f4460e75817b0503894aff5d.tar.gz samba-cf52d62ec998ae30f4460e75817b0503894aff5d.tar.bz2 samba-cf52d62ec998ae30f4460e75817b0503894aff5d.zip | |
r6207: - clean up source topdir
- move provision stuff to setup/
- remove unused scripts
metze
(This used to be commit c35887ca649675f28ca986713a08082420418d74)
Diffstat (limited to 'source4/setup')
| -rwxr-xr-x | source4/setup/dcpromo.pl | 225 | ||||
| -rw-r--r-- | source4/setup/hklm.ldif | 32 | ||||
| -rwxr-xr-x | source4/setup/newuser.pl | 145 | ||||
| -rw-r--r-- | source4/setup/provision.ldif | 1246 | ||||
| -rwxr-xr-x | source4/setup/provision.pl | 443 | ||||
| -rw-r--r-- | source4/setup/provision.zone | 32 | ||||
| -rw-r--r-- | source4/setup/rootdse.ldif | 32 | ||||
| -rwxr-xr-x | source4/setup/rootdse.pl | 152 | ||||
| -rw-r--r-- | source4/setup/secrets.ldif | 30 |
9 files changed, 2337 insertions, 0 deletions
diff --git a/source4/setup/dcpromo.pl b/source4/setup/dcpromo.pl new file mode 100755 index 0000000000..56461ae825 --- /dev/null +++ b/source4/setup/dcpromo.pl @@ -0,0 +1,225 @@ +#!/usr/bin/perl -w + +################################################### +# package to generate samba ads configuration +# Copyright metze@samba.org 2004 + +# released under the GNU GPL + +use strict; +use Data::Dumper; + +sub print_options($$) { + my $ads = shift; + my $ctx = shift; + my @arr; + my $i; + my $len; + + print "options:\n"; + + @arr = @{$ctx}; + $len = $#arr; + for($i = 0; $i <= $len; $i++) { + my $val = $ctx->[$i]; + print "\t".$i.": ".$val->{TEXT}."\n"; + } + + print "choise []:"; +} + +sub read_option($$) { + my $ads = shift; + my $ctx = shift; + my $val; + + $val = <STDIN>; + + return $val; +} + +sub call_option($$$) { + my $ads = shift; + my $ctx = shift; + my $switch = shift; + my $val; + my $funcref; + + $val = $ctx->[$switch]; + + $funcref = $val->{ACTION}; + + &$funcref($ads); +} + +sub ask_option($$) { + my $ads = shift; + my $ctx = shift; + my $ret; + + print_options($ads, $ctx); + + $ret = read_option($ads, $ctx); + + call_option($ads, $ctx, $ret); +} + +sub create_ads_tree($) { + my $ads = shift; + + print "Create ADS Domain:\n"; + print Dumper($ads); +} + +sub do_new_domain_in_entire_structure($) { + my $ads; + my $domain_dns; + my $domain_netbios; + + $ads->{NEW_DOMAIN} = 1; + $ads->{NEW_FOREST} = 1; + + print "full dns name of the new domain []:"; + $domain_dns = <STDIN>; + chomp $domain_dns; + $ads->{FULL_DNS_NAME} = $domain_dns; + + print "netbios name of the new domain []:"; + $domain_netbios = <STDIN>; + chomp $domain_netbios; + $ads->{NETBIOS} = $domain_netbios; + + create_ads_tree($ads); +} + +sub do_sub_domain_in_existing_structure($) { + my $ads = shift; + my $user_name; + my $user_domain; + my $user_password; + my $top_dns; + my $domain_dns; + my $domain_netbios; + my $db_folder; + my $db_logs; + my $sysvol_folder; + my $admin_password1; + my $admin_password2; + + $ads->{NEW_DOMAIN} = 1; + $ads->{NEW_FOREST} = 0; + + print "User Name []:"; + $user_name = <STDIN>; + chomp $user_name; + $ads->{USER}{NAME} = $user_name; + + print "User Domain []:"; + $user_domain = <STDIN>; + chomp $user_domain; + $ads->{USER}{DOMAIN} = $user_domain; + + print "User Password []:"; + $user_password = <STDIN>; + chomp $user_password; + $ads->{USER}{PASSWORD} = $user_password; + + print "full dns name of the top domain []:"; + $top_dns = <STDIN>; + chomp $top_dns; + $ads->{TOP_DNS_NAME} = $top_dns; + + print "suffix of the new domain []:"; + $domain_dns = <STDIN>; + chomp $domain_dns; + $ads->{FULL_DNS_NAME} = $domain_dns.".".$top_dns; + + print "netbios name of the new domain []:"; + $domain_netbios = <STDIN>; + chomp $domain_netbios; + $ads->{NETBIOS} = $domain_netbios; + + print "folder for database files []:"; + $db_folder = <STDIN>; + chomp $db_folder; + $ads->{DB_FOLDER} = $db_folder; + + print "folder for database logs []:"; + $db_logs = <STDIN>; + chomp $db_logs; + $ads->{DB_LOGS} = $db_logs; + + print "folder for SYSVOL []:"; + $sysvol_folder = <STDIN>; + chomp $sysvol_folder; + $ads->{SYSVOL_FOLDER} = $sysvol_folder; + + # + # test DNS here + # + + # + # test mixed/native here + # + + print "Administrator password []:"; + $admin_password1 = <STDIN>; + chomp $admin_password1; + print "retype Administrator password []:"; + $admin_password2 = <STDIN>; + chomp $admin_password2; + if ($admin_password1 eq $admin_password2) { + $ads->{ADMIN_PASSWORD} = $admin_password1; + } else { + $ads->{ADMIN_PASSWORD} = ""; + } + + create_ads_tree($ads); +} + +sub do_sub_structure_in_global_structure($) { + print "go on with do_sub_structure_in_global_structure\n"; +} + +sub do_new_domain($) { + my $ads = shift; + my $ctx; + + $ctx->[0]{TEXT} = "new domain in entire structure"; + $ctx->[0]{ACTION} = \&do_new_domain_in_entire_structure; + + $ctx->[1]{TEXT} = "sub domain in existing structure"; + $ctx->[1]{ACTION} = \&do_sub_domain_in_existing_structure; + + $ctx->[2]{TEXT} = "sub structure in global structure"; + $ctx->[2]{ACTION} = \&do_sub_structure_in_global_structure; + + ask_option($ads ,$ctx); +} + +sub do_existing_domain($) { + print "go on with do existing domain\n"; +} + +sub ask_new_or_exist_domain($) { + my $ads = shift; + my $ctx; + + $ctx->[0]{TEXT} = "new domain"; + $ctx->[0]{ACTION} = \&do_new_domain; + + $ctx->[1]{TEXT} = "existing domain"; + $ctx->[1]{ACTION} = \&do_existing_domain; + + ask_option($ads, $ctx); +} + +sub main { + my $ads; + + $ads->{ADS_TREE} = 1; + + ask_new_or_exist_domain($ads); +} + +main(); diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif new file mode 100644 index 0000000000..a4ab32e233 --- /dev/null +++ b/source4/setup/hklm.ldif @@ -0,0 +1,32 @@ +dn: @INDEXLIST +@IDXATTR: key + +dn: key=control,key=currentcontrolset,key=system,hive= +key: control + +dn: key=services,key=control,key=currentcontrolset,key=system,hive= +key: services + +dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive= +value: ProductType +data: LanmanNT +type: 1 + +dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive= +key: productoptions + +dn: key=system,hive= +key: system + +dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive= +key: netlogon + +dn: key=services,key=currentcontrolset,key=system,hive= +key: services + +dn: key=print,key=control,key=currentcontrolset,key=system,hive= +key: print + +dn: key=currentcontrolset,key=system,hive= +key: currentcontrolset + diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl new file mode 100755 index 0000000000..6ddda5028e --- /dev/null +++ b/source4/setup/newuser.pl @@ -0,0 +1,145 @@ +#!/usr/bin/perl -w +# simple hack script to add a new user for Samba4 + + +use strict; +use Socket; +use Getopt::Long; + +my $opt_password; +my $opt_username; +my $opt_unixname; +my $opt_samdb = "/usr/local/samba/private/sam.ldb"; + + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +sub search($$) +{ + my $expr = shift; + my $attrib = shift; + my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; + chomp $res; + return $res; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 newuser + +newuser.pl [options] + --username USERNAME choose new username + --password PASSWORD set password + --samdb DBPATH path to sam.ldb + +You must provide at least a username + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'username=s' => \$opt_username, + 'unixname=s' => \$opt_unixname, + 'password=s' => \$opt_password, + 'samdb=s' => \$opt_samdb + ); + +if ($opt_help || !$opt_username) { + ShowHelp(); +} + +if (!$opt_password) { + $opt_password = randpass(); + print "chose random password '$opt_password'\n"; +} + +if (!$opt_unixname) { + $opt_unixname = $opt_username; +} + +my $res = ""; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + +$ENV{"LDB_URL"} = $opt_samdb; + +my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); +my $domain_dn = search("(objectClass=domainDNS)", "dn"); + +my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; +chomp $ldif; + +my $sid; + +# crude way of working out a rid +for (my $i=1001;$i<1100;$i++) { + if (search("objectSid=$domain_sid-$i","objectSid") eq "") { + $sid = "$domain_sid-$i"; + last; + } +} + +print "Chose new SID $sid\n"; + +my $dom_users = search("name=Domain Users", "dn"); + + +$ldif .= "sAMAccountName: $opt_username\n"; +$ldif .= "name: $opt_username\n"; +$ldif .= "objectSid: $sid\n"; +$ldif .= "objectGUID: " . randguid() . "\n"; +$ldif .= "memberOf: $dom_users\n"; +$ldif .= "userAccountControl: 0x10200\n"; +$ldif .= "sAMAccountType: 0x30000000\n"; +$ldif .= "objectClass: user\n"; +$ldif .= "unicodePwd: $opt_password\n"; +$ldif .= "unixName: $opt_unixname\n"; + +my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; + +open FILE, ">newuser.ldif"; +print FILE "dn: $user_dn"; +print FILE "$ldif\n"; +close FILE; + +open FILE, ">modgroup.ldif"; +print FILE " +dn: CN=Domain Users,CN=Users,$domain_dn +changetype: modify +add: member +member: $user_dn +"; +close FILE; + +system("ldbadd newuser.ldif"); +system("ldbmodify modgroup.ldif"); diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif new file mode 100644 index 0000000000..f6cce3e285 --- /dev/null +++ b/source4/setup/provision.ldif @@ -0,0 +1,1246 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectClass +@IDXATTR: member +@IDXATTR: unixID +@IDXATTR: unixName +@IDXATTR: privilege + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +userPrincipalName: CASE_INSENSITIVE +servicePrincipalName: CASE_INSENSITIVE +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE WILDCARD +dn: CASE_INSENSITIVE WILDCARD +sAMAccountName: CASE_INSENSITIVE WILDCARD +objectClass: CASE_INSENSITIVE +unicodePwd: HIDDEN +ntPwdHash: HIDDEN +ntPwdHistory: HIDDEN +lmPwdHash: HIDDEN +lmPwdHistory: HIDDEN +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN + +dn: @SUBCLASSES +top: domain +top: person +top: group +domain: domainDNS +domain: builtinDomain +person: organizationalPerson +organizationalPerson: user +user: computer +template: userTemplate +template: groupTemplate + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: samldb,timestamps + +############################### +# Domain Naming Context +############################### +dn: ${BASEDN} +objectClass: top +objectClass: domain +objectClass: domainDNS +name: ${DOMAIN} +realm: ${REALM} +dnsDomain: ${DNSDOMAIN} +dc: ${DOMAIN} +objectGUID: ${DOMAINGUID} +creationTime: ${NTTIME} +forceLogoff: 0x8000000000000000 +lockoutDuration: -18000000000 +lockOutObservationWindow: -18000000000 +lockoutThreshold: 0 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +maxPwdAge: -37108517437440 +minPwdAge: 0 +minPwdLength: 7 +modifiedCountAtLastProm: 0 +nextRid: 1001 +pwdProperties: 1 +pwdHistoryLength: 24 +objectSid: ${DOMAINSID} +serverState: 1 +nTMixedDomain: 1 +msDS-Behavior-Version: 0 +ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} +uASCompat: 1 +modifiedCount: 1 +objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +subRefs: CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Users,${BASEDN} +objectClass: top +objectClass: container +cn: Users +description: Default container for upgraded user accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Users +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Computers,${BASEDN} +objectClass: top +objectClass: container +cn: Computers +description: Default container for upgraded computer accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Computers +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: organizationalUnit +ou: Domain Controllers +description: Default container for domain controllers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Domain Controllers +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=ForeignSecurityPrincipals,${BASEDN} +objectClass: top +objectClass: container +cn: ForeignSecurityPrincipals +description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: ForeignSecurityPrincipals +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: System +description: Builtin system settings +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: System +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=RID Manager$,CN=System,${BASEDN} +objectclass: top +objectclass: rIDManager +cn: RID Manager$ +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: RID Manager$ +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +rIDAvailablePool: 4611686014132423217 + +dn: CN=DomainUpdates,CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: DomainUpdates +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: DomainUpdates +objectGUID: ${NEWGUID} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: Windows2003Update +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Windows2003Update +objectGUID: ${NEWGUID} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +revision: 8 + +dn: CN=Infrastructure,${BASEDN} +objectclass: top +objectclass: infrastructureUpdate +cn: Infrastructure +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Infrastructure +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Builtin,${BASEDN} +objectClass: top +objectClass: builtinDomain +cn: Builtin +instanceType: 4 +showInAdvancedViewOnly: FALSE +name: Builtin +forceLogoff: 0x8000000000000000 +lockoutDuration: -18000000000 +lockOutObservationWindow: -18000000000 +lockoutThreshold: 0 +maxPwdAge: -37108517437440 +minPwdAge: 0 +minPwdLength: 0 +modifiedCountAtLastProm: 0 +nextRid: 1000 +pwdProperties: 0 +pwdHistoryLength: 0 +objectSid: S-1-5-32 +serverState: 1 +uASCompat: 1 +modifiedCount: 1 +objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Administrator,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Administrator +description: Built-in account for administering the computer/domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +memberOf: CN=Domain Admins,CN=Users,${BASEDN} +memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} +memberOf: CN=Schema Admins,CN=Users,${BASEDN} +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Administrator +objectGUID: ${NEWGUID} +userAccountControl: 0x10200 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +objectSid: ${DOMAINSID}-500 +adminCount: 1 +accountExpires: -1 +logonCount: 0 +sAMAccountName: Administrator +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${ADMINPASS} +unixName: root + +dn: CN=Guest,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Guest +description: Built-in account for guest access to the computer/domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Guest +objectGUID: ${NEWGUID} +userAccountControl: 0x10222 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 514 +objectSid: ${DOMAINSID}-501 +accountExpires: -1 +logonCount: 0 +sAMAccountName: Guest +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Administrators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Administrators +description: Administrators have complete and unrestricted access to the computer/domain +member: CN=Domain Admins,CN=Users,${BASEDN} +member: CN=Enterprise Admins,CN=Users,${BASEDN} +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Administrators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-544 +adminCount: 1 +sAMAccountName: Administrators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + + +dn: CN=Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Users +description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications +member: CN=Domain Users,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-545 +sAMAccountName: Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Guests,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Guests +description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted +member: CN=Domain Guests,CN=Users,${BASEDN} +member: CN=Guest,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Guests +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-546 +sAMAccountName: Guests +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${NOGROUP} + +dn: CN=Print Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Print Operators +description: Members can administer domain printers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Print Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-550 +adminCount: 1 +sAMAccountName: Print Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Backup Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Backup Operators +description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Backup Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-551 +adminCount: 1 +sAMAccountName: Backup Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Replicator,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Replicator +description: Supports file replication in a domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Replicator +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-552 +adminCount: 1 +sAMAccountName: Replicator +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Remote Desktop Users +description: Members in this group are granted the right to logon remotely +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Remote Desktop Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-555 +sAMAccountName: Remote Desktop Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Network Configuration Operators +description: Members in this group can have some administrative privileges to manage configuration of networking features +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Network Configuration Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-556 +sAMAccountName: Network Configuration Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Monitor Users +description: Members of this group have remote access to monitor this computer +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Performance Monitor Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-558 +sAMAccountName: Performance Monitor Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Log Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Log Users +description: Members of this group have remote access to schedule logging of performance counters on this computer +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Performance Log Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-559 +sAMAccountName: Performance Log Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +objectClass: computer +cn: ${NETBIOSNAME} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: ${NETBIOSNAME} +objectGUID: ${HOSTGUID} +userAccountControl: 532480 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 127273269057298624 +localPolicyFlags: 0 +pwdLastSet: 127258826171655328 +primaryGroupID: 516 +objectSid: ${DOMAINSID}-1000 +accountExpires: 9223372036854775807 +logonCount: 30 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${JOINPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: CIFS/${DNSNAME} +servicePrincipalName: CIFS/${NETBIOSNAME} +servicePrincipalName: LDAP/${DNSNAME} +servicePrincipalName: LDAP/${NETBIOSNAME} + +dn: CN=krbtgt,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: krbtgt +objectGUID: ${NEWGUID} +userAccountControl: 514 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 127258826179466560 +primaryGroupID: 513 +objectSid: ${DOMAINSID}-502 +adminCount: 1 +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: krbtgt +sAMAccountType: 805306368 +servicePrincipalName: kadmin/changepw +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${RANDPASS} + +dn: CN=Domain Computers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Domain Computers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-515 +sAMAccountName: Domain Computers +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Controllers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Domain Controllers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-516 +adminCount: 1 +sAMAccountName: Domain Controllers +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Schema Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Schema Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-518 +adminCount: 1 +sAMAccountName: Schema Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Enterprise Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Enterprise Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Cert Publishers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to the Active Directory +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Cert Publishers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-517 +sAMAccountName: Cert Publishers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-512 +adminCount: 1 +sAMAccountName: Domain Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Domain Users,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Users,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Users +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${USERS} + +dn: CN=Domain Guests,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Guests +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Group Policy Creator Owners +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of users +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: RAS and IAS Servers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Server Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Server Operators +description: Members can administer domain servers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Server Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Account Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Account Operators +description: Members can administer domain user and group accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Account Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight + +dn: CN=Templates,${BASEDN} +objectClass: top +objectClass: container +cn: Templates +description: Container for SAM account templates +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Templates +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +### +# note! the template users must not match normal searches. Be careful +# with what classes you put them in +### + +dn: CN=TemplateUser,CN=Templates,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: Template +objectClass: userTemplate +cn: TemplateUser +name: TemplateUser +instanceType: 4 +userAccountControl: 0x202 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000000 + +dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateMemberServer +name: TemplateMemberServer +instanceType: 4 +userAccountControl: 0x1002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 + +dn: CN=TemplateDomainController,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateDomainController +name: TemplateDomainController +instanceType: 4 +userAccountControl: 0x2002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 + +dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateTrustingDomain +name: TemplateTrustingDomain +instanceType: 4 +userAccountControl: 0x820 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000002 + +dn: CN=TemplateGroup,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: groupTemplate +cn: TemplateGroup +name: TemplateGroup +instanceType: 4 +groupType: 0x80000002 +sAMAccountType: 0x10000000 + +dn: CN=TemplateAlias,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: aliasTemplate +cn: TemplateAlias +name: TemplateAlias +instanceType: 4 +groupType: 0x80000004 +sAMAccountType: 0x10000000 + +dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: foreignSecurityPrincipalTemplate +cn: TemplateForeignSecurityPrincipal +name: TemplateForeignSecurityPrincipal + +dn: CN=TemplateSecret,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: secretTemplate +cn: TemplateSecret +name: TemplateSecret +instanceType: 4 + +dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: trustedDomainTemplate +cn: TemplateTrustedDomain +name: TemplateTrustedDomain +instanceType: 4 + +############################### +# Configuration Naming Context +############################### +dn: CN=Configuration,${BASEDN} +objectClass: top +objectClass: configuration +cn: Configuration +instanceType: 13 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Configuration +objectGUID: ${NEWGUID} +objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRefContainer +cn: Partitions +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Partitions +objectGUID: ${NEWGUID} +systemFlags: 0x80000000 +objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +msDS-Behavior-Version: 0 +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Configuration +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Enterprise Configuration +objectGUID: ${NEWGUID} +systemFlags: 0x00000001 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Schema +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Enterprise Schema +objectGUID: ${NEWGUID} +systemFlags: 0x00000001 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Schema,CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: ${DOMAIN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: ${DOMAIN} +objectGUID: ${NEWGUID} +systemFlags: 0x00000003 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: ${BASEDN} +nETBIOSName: ${DOMAIN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: sitesContainer +cn: Sites +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Sites +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: site +cn: Sites +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Sites +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: serversContainer +cn: Servers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Servers +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: server +cn: ${NETBIOSNAME} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: ${NETBIOSNAME} +objectGUID: ${NEWGUID} +systemFlags: 0x52000000 +objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +dNSHostName: ${DNSNAME} +serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} + +dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: applicationSettings +objectClass: nTDSDSA +cn: NTDS Settings +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: NTDS Settings +systemFlags: 0x02000000 +objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +dMDLocation: CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} +invocationId: ${INVOCATIONID} +msDS-Behavior-Version: 2 + +############################### +# Schema Naming Context +############################### +dn: CN=Schema,CN=Configuration,${BASEDN} +objectClass: top +objectClass: dMD +cn: Schema +instanceType: 13 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Schema +objectGUID: ${NEWGUID} +objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectVersion: 30 diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl new file mode 100755 index 0000000000..4000ac3bde --- /dev/null +++ b/source4/setup/provision.pl @@ -0,0 +1,443 @@ +#!/usr/bin/perl -w + +use strict; +use Socket; +use Getopt::Long; + +my $opt_hostname = `hostname`; +chomp $opt_hostname; +my $opt_hostip; +my $opt_realm; +my $opt_domain; +my $opt_adminpass; +my $opt_nobody; +my $opt_nogroup; +my $opt_wheel; +my $opt_users; +my $dnsdomain; +my $netbiosname; +my $dnsname; +my $basedn; +my $defaultsite = "Default-First-Site-Name"; +my $usn = 1; + +# return the current NTTIME as an integer +sub nttime() +{ + my $t = time(); + $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); + $t *= 1.0e7; + return sprintf("%lld", $t); +} + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +my $opt_domainguid = randguid(); +my $opt_hostguid = randguid(); +my $opt_invocationid = randguid(); + +sub randsid() +{ + return sprintf("S-1-5-21-%d-%d-%d", + int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); +} + +my $opt_domainsid = randsid(); + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +my $joinpass = randpass(); + +sub ldaptime() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u.0Z", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + +####################### +# substitute a single variable +sub substitute($) +{ + my $var = shift; + + if ($var eq "BASEDN") { + return $basedn; + } + + if ($var eq "DOMAINSID") { + return $opt_domainsid; + } + + if ($var eq "DOMAIN") { + return $opt_domain; + } + + if ($var eq "REALM") { + return $opt_realm; + } + + if ($var eq "DNSDOMAIN") { + return $dnsdomain; + } + + if ($var eq "HOSTNAME") { + return $opt_hostname; + } + + if ($var eq "NETBIOSNAME") { + return $netbiosname; + } + + if ($var eq "DNSNAME") { + return $dnsname; + } + + if ($var eq "HOSTIP") { + return $opt_hostip; + } + + if ($var eq "LDAPTIME") { + return ldaptime(); + } + + if ($var eq "NEWGUID") { + return randguid(); + } + + if ($var eq "NEWSCHEMAGUID") { + return randguid(); + } + + if ($var eq "DOMAINGUID") { + return $opt_domainguid; + } + + if ($var eq "HOSTGUID") { + return $opt_hostguid; + } + + if ($var eq "INVOCATIONID") { + return $opt_invocationid; + } + + if ($var eq "DEFAULTSITE") { + return $defaultsite; + } + + if ($var eq "ADMINPASS") { + return $opt_adminpass; + } + + if ($var eq "RANDPASS") { + return randpass(); + } + + if ($var eq "JOINPASS") { + return $joinpass; + } + + if ($var eq "NTTIME") { + return "" . nttime(); + } + + if ($var eq "WHEEL") { + return $opt_wheel; + } + + if ($var eq "NOBODY") { + return $opt_nobody; + } + + if ($var eq "NOGROUP") { + return $opt_nogroup; + } + + if ($var eq "USERS") { + return $opt_users; + } + + if ($var eq "USN") { + my $ret = $usn; + $usn = $ret + 1; + return $ret; + } + + die "ERROR: Uknown substitution variable $var\n"; +} + + +#################################################################### +# substitute all variables in a string +sub apply_substitutions($) +{ + my $data = shift; + my $res = ""; + while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= "$1$sub"; + $data = $3; + } + $res .= $data; + return $res; +} + + +##################################################################### +# write a string into a file +sub FileSave($$) +{ + my($filename) = shift; + my($v) = shift; + local(*FILE); + open(FILE, ">$filename") || die "can't open $filename"; + print FILE $v; + close(FILE); +} + +##################################################################### +# read a file into a string +sub FileLoad($) +{ + my($filename) = shift; + local(*INPUTFILE); + open(INPUTFILE, $filename) || return undef; + my($saved_delim) = $/; + undef $/; + my($data) = <INPUTFILE>; + close(INPUTFILE); + $/ = $saved_delim; + return $data; +} + +####################################################################### +# add a foreign security principle +sub add_foreign($$$) +{ + my $sid = shift; + my $desc = shift; + my $unixname = shift; + return " +dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: $sid +description: $desc +instanceType: 4 +whenCreated: \${LDAPTIME} +whenChanged: \${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: $sid +objectGUID: \${NEWGUID} +objectSid: $sid +objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN} +unixName: $unixname + +"; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 provisioning + +provision.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --domain-guid GUID set domainguid (otherwise random) + --domain-sid SID set domainsid (otherwise random) + --host-name HOSTNAME set hostname + --host-ip IPADDRESS set ipaddress + --host-guid GUID set hostguid (otherwise random) + --invocationid GUID set invocationid (otherwise random) + --adminpass PASSWORD choose admin password (otherwise random) + --nobody USERNAME choose 'nobody' user + --nogroup GROUPNAME choose 'nogroup' group + --wheel GROUPNAME choose 'wheel' privileged group + --users GROUPNAME choose 'users' group + +You must provide at least a realm and domain + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'realm=s' => \$opt_realm, + 'domain=s' => \$opt_domain, + 'domain-guid=s' => \$opt_domainguid, + 'domain-sid=s' => \$opt_domainsid, + 'host-name=s' => \$opt_hostname, + 'host-ip=s' => \$opt_hostip, + 'host-guid=s' => \$opt_hostguid, + 'invocationid=s' => \$opt_invocationid, + 'adminpass=s' => \$opt_adminpass, + 'nobody=s' => \$opt_nobody, + 'nogroup=s' => \$opt_nogroup, + 'wheel=s' => \$opt_wheel, + 'users=s' => \$opt_users, + ); + +if ($opt_help || + !$opt_realm || + !$opt_domain || + !$opt_hostname) { + ShowHelp(); +} + +$opt_realm=uc($opt_realm); +$opt_domain=uc($opt_domain); +$opt_hostname=lc($opt_hostname); +$netbiosname=uc($opt_hostname); + +if (!$opt_hostip) { + my $hip = gethostbyname($opt_hostname); + if (defined $hip) { + $opt_hostip = inet_ntoa($hip); + } else { + $opt_hostip = "<0.0.0.0>"; + } +} + +print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; + +if (!$opt_nobody) { + if (defined getpwnam("nobody")) { + $opt_nobody = "nobody"; + } +} + +if (!$opt_nogroup) { + if (defined getgrnam("nogroup")) { + $opt_nogroup = "nogroup"; + } elsif (defined getgrnam("nobody")) { + $opt_nogroup = "nobody"; + } +} + +if (!$opt_wheel) { + if (defined getgrnam("wheel")) { + $opt_wheel = "wheel"; + } elsif (defined getgrnam("root")) { + $opt_wheel = "root"; + } +} + +if (!$opt_users) { + if (defined getgrnam("users")) { + $opt_users = "users"; + } +} + +$opt_nobody || die "Unable to determine a user for 'nobody'\n"; +$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; +$opt_users || die "Unable to determine a group for 'users'\n"; +$opt_wheel || die "Unable to determine a group for 'wheel'\n"; + +print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; + +print "generating ldif ...\n"; + +$dnsdomain = lc($opt_realm); +$dnsname = lc($opt_hostname).".".$dnsdomain; +$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); + +my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n"; + +$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); +$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); +$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); +$data .= add_foreign("S-1-5-18", "System", "root"); +$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); + +if (!$opt_adminpass) { + $opt_adminpass = randpass(); + print "chose random Administrator password '$opt_adminpass'\n"; +} + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + + +my $res = apply_substitutions($data); + +my $newdb = "newdb." . int(rand(1000)); + +print "Putting new database files in $newdb\n"; + +mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; + +FileSave("$newdb/sam.ldif", $res); + +print "creating $newdb/sam.ldb ...\n"; + +system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; + +$data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; + +$res = apply_substitutions($data); + +FileSave("$newdb/rootdse.ldif", $res); + +print "creating $newdb/rootdse.ldb ...\n"; + +system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; + +$data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n"; + +$res = apply_substitutions($data); + +FileSave("$newdb/secrets.ldif", $res); + +print "creating $newdb/secrets.ldb ...\n"; + +system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; + +$data = FileLoad("provision.zone") || die "Unable to load provision.zone\n"; + +$res = apply_substitutions($data); + +print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; + +FileSave("$newdb/$dnsdomain.zone", $res); + +print "creating $newdb/hklm.ldb ... \n"; + +system("ldbadd -H $newdb/hklm.ldb hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; + +print " + +Installation: +- Please move $newdb/*.ldb to the private/ directory of your + Samba4 installation +- Please use $newdb/$dnsdomain.zone in BIND on your dns server +"; + + diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone new file mode 100644 index 0000000000..c0b941c822 --- /dev/null +++ b/source4/setup/provision.zone @@ -0,0 +1,32 @@ +; generate by provision.pl +$ORIGIN ${DNSDOMAIN} +$TTL 1W +@ IN SOA @ hostmaster ( + 42 ; serial (d. adams) + 2D ; refresh + 4H ; retry + 6W ; expiry + 1W ) ; minimum + IN NS ${HOSTNAME} + IN A ${HOSTIP} +; +${HOSTNAME} IN A ${HOSTIP} +${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} +; +; global catalog servers +_gc._tcp IN SRV 0 100 3268 ${HOSTNAME} +_ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} +; +; ldap servers +_ldap._tcp IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +; +; krb5 servers +_kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} +_kerberos._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} +_kerberos._udp IN SRV 0 100 88 ${HOSTNAME} diff --git a/source4/setup/rootdse.ldif b/source4/setup/rootdse.ldif new file mode 100644 index 0000000000..534249859a --- /dev/null +++ b/source4/setup/rootdse.ldif @@ -0,0 +1,32 @@ +dn: @INDEXLIST + +dn: @ATTRIBUTES +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN + +dn: @SUBCLASSES + +dn: @MODULES +@MODULE: timestamps + +dn: cn=rootDSE +currentTime: _DYNAMIC_ +subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} +namingContexts: ${BASEDN} +namingContexts: CN=Configuration,${BASEDN} +namingContexts: CN=Schema,CN=Configuration,${BASEDN} +defaultNamingContext: ${BASEDN} +rootDomainNamingContext: ${BASEDN} +configurationNamingContext: CN=Configuration,${BASEDN} +schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} +supportedLDAPVersion: 3 +highestCommittedUSN: _DYNAMIC_ +supportedSASLMechanisms: GSS-SPNEGO +dnsHostName: ${DNSNAME} +ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${DNSDOMAIN} +serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} +isSynchronized: _DYNAMIC_ +domainFunctionality: 0 +forestFunctionality: 0 +domainControllerFunctionality: 2 diff --git a/source4/setup/rootdse.pl b/source4/setup/rootdse.pl new file mode 100755 index 0000000000..799019fad8 --- /dev/null +++ b/source4/setup/rootdse.pl @@ -0,0 +1,152 @@ +#!/usr/bin/perl -w + +use strict; +use Getopt::Long; + +my $opt_hostname = `hostname`; +chomp $opt_hostname; +my $netbiosname; +my $opt_realm; +my $opt_domain; +my $dnsdomain; +my $dnsname; +my $basedn; + +sub ldaptime() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u.0Z", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + +####################### +# substitute a single variable +sub substitute($) +{ + my $var = shift; + + if ($var eq "BASEDN") { + return $basedn; + } + + if ($var eq "NETBIOSNAME") { + return $netbiosname; + } + + if ($var eq "DNSNAME") { + return $dnsname; + } + + if ($var eq "DNSDOMAIN") { + return $dnsdomain; + } + + die "ERROR: Uknown substitution variable $var\n"; +} + +##################################################################### +# write a string into a file +sub FileSave($$) +{ + my($filename) = shift; + my($v) = shift; + local(*FILE); + open(FILE, ">$filename") || die "can't open $filename"; + print FILE $v; + close(FILE); +} + +##################################################################### +# read a file into a string +sub FileLoad($) +{ + my($filename) = shift; + local(*INPUTFILE); + open(INPUTFILE, $filename) || return undef; + my($saved_delim) = $/; + undef $/; + my($data) = <INPUTFILE>; + close(INPUTFILE); + $/ = $saved_delim; + return $data; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 provisioning + +rootdse.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --hostname HOSTNAME set hostname + +You must provide at least a realm and domain + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'realm=s' => \$opt_realm, + 'domain=s' => \$opt_domain, + 'hostname=s' => \$opt_hostname, + ); + +if ($opt_help || + !$opt_realm || + !$opt_domain || + !$opt_hostname) { + ShowHelp(); +} + +$opt_realm=uc($opt_realm); +$opt_domain=uc($opt_domain); +$opt_hostname=lc($opt_hostname); +$netbiosname=uc($opt_hostname); + +print "Provisioning host '$opt_hostname' with netbios name '$netbiosname' for domain '$opt_domain' in realm '$opt_realm'\n"; + +print "generating ldif ...\n"; + +$dnsdomain = lc($opt_realm); +$dnsname = $opt_hostname.".".$dnsdomain; +$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); + +my $data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; + +my $res = ""; + +print "applying substitutions ...\n"; + +while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= "$1$sub"; + $data = $3; +} +$res .= $data; + +print "saving ldif to newrootdse.ldif ...\n"; + +FileSave("newrootdse.ldif", $res); + +unlink("newrootdse.ldb"); + +print "creating newrootdse.ldb ...\n"; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + +system("ldbadd -H newrootdse.ldb newrootdse.ldif"); + +print "done + +Please move newrootdse.ldb to rootdse.ldb in the private/ directory of your +Samba4 installation +"; + diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif new file mode 100644 index 0000000000..f44521a07b --- /dev/null +++ b/source4/setup/secrets.ldif @@ -0,0 +1,30 @@ +dn: @INDEXLIST +@IDXATTR: cn +@IDXATTR: flatname +@IDXATTR: realm + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +flatname: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE + +dn: CN=LSA Secrets +objectClass: top +objectClass: container +cn: LSA Secrets + +dn: CN=Primary Domains +objectClass: top +objectClass: container +cn: Primary Domains + +dn: flatname=${DOMAIN},CN=Primary Domains +objectClass: top +objectClass: primaryDomain +flatname: ${DOMAIN} +realm: ${REALM} +secret: ${JOINPASS} +sAMAccountName: ${NETBIOSNAME}$ +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} + |