diff options
| author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-11 22:41:58 +0200 |
|---|---|---|
| committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-11 22:41:58 +0200 |
| commit | 10833f641a33d340c03d01bf25551cd1d0d1ef63 (patch) | |
| tree | 8ef348356b79f0240aad224cdb4732fbe627f1cb /source4/setup | |
| parent | 5ad756fad3f10863c5257726b119a7082cb84968 (diff) | |
| download | samba-10833f641a33d340c03d01bf25551cd1d0d1ef63.tar.gz samba-10833f641a33d340c03d01bf25551cd1d0d1ef63.tar.bz2 samba-10833f641a33d340c03d01bf25551cd1d0d1ef63.zip | |
s4:group policies - add the domain controller group policy
This patches fixes the last difference between s4 and Windows Server regarding
group policy objects: we hadn't the domain controller policy.
- Adds the domain controller policy as it is found in the "original" AD
- Adds also the right version number in the GPT.INI file for the domain group
policy (was missing)
Diffstat (limited to 'source4/setup')
| -rwxr-xr-x | source4/setup/provision | 7 | ||||
| -rw-r--r-- | source4/setup/provision.ldif | 1 | ||||
| -rw-r--r-- | source4/setup/provision_group_policy.ldif | 27 |
3 files changed, 32 insertions, 3 deletions
diff --git a/source4/setup/provision b/source4/setup/provision index 27a33122be..8bf08b9e39 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -53,7 +53,9 @@ parser.add_option("--domain-guid", type="string", metavar="GUID", parser.add_option("--domain-sid", type="string", metavar="SID", help="set domainsid (otherwise random)") parser.add_option("--policy-guid", type="string", metavar="GUID", - help="set policy guid") + help="set guid for domain policy") +parser.add_option("--policy-guid-dc", type="string", metavar="GUID", + help="set guid for domain controller policy") parser.add_option("--invocationid", type="string", metavar="GUID", help="set invocationid (otherwise random)") parser.add_option("--host-name", type="string", metavar="HOSTNAME", @@ -181,7 +183,8 @@ provision(setup_dir, message, session, creds, smbconf=smbconf, targetdir=opts.targetdir, samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, domainguid=opts.domain_guid, domainsid=opts.domain_sid, - policyguid=opts.policy_guid, hostname=opts.host_name, + policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc, + hostname=opts.host_name, hostip=opts.host_ip, hostip6=opts.host_ip6, invocationid=opts.invocationid, adminpass=opts.adminpass, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index bd224ee60d..b6ad528205 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -34,6 +34,7 @@ description: Default container for domain controllers systemFlags: -1946157056 isCriticalSystemObject: TRUE showInAdvancedViewOnly: FALSE +gPLink: [LDAP://CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN};0] # Joined DC located in "provision_self_join.ldif" diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif index 65ab1eaf5f..00f0bee4cc 100644 --- a/source4/setup/provision_group_policy.ldif +++ b/source4/setup/provision_group_policy.ldif @@ -5,7 +5,7 @@ objectClass: groupPolicyContainer displayName: Default Domain Policy gPCFunctionalityVersion: 2 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} -versionNumber: 65543 +versionNumber: 65544 flags: 0 gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 @@ -26,3 +26,28 @@ dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container systemFlags: -1946157056 + +dn: CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectClass: groupPolicyContainer +displayName: Default Domain Controllers Policy +gPCFunctionalityVersion: 2 +gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID_DC}} +versionNumber: 2 +flags: 0 +gPCMachineExtensionNames: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 + FB-11D0-A0D0-00A0C90F574B}] +nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +systemFlags: -1946157056 + +dn: CN=User,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +systemFlags: -1946157056 + +dn: CN=Machine,CN={${POLICYGUID_DC}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +systemFlags: -1946157056 + |