r23859: Work to have Group Policy work 'out of the box' in Samba4.

This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.

This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).

Andrew Bartlett
(This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7)

4 files changed, 37 insertions, 28 deletions

diff --git a/source4/setup/provision b/source4/setup/provision
index 175ed8f161..ddb424477b 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -14,7 +14,9 @@ options = GetOptions(ARGV,
 		'realm=s',
 		'domain=s',
 		'domain-guid=s',
+		'domain-guid=s',
 		'domain-sid=s',
+		'policy-guid=s',
 		'host-name=s',
 		'host-ip=s',
 		'host-guid=s',
@@ -69,6 +71,7 @@ provision [options]
  --host-name	HOSTNAME	set hostname
  --host-ip	IPADDRESS	set ipaddress
  --host-guid	GUID		set hostguid (otherwise random)
+ --policy-guid  GUID            set group policy guid (otherwise random)
  --invocationid	GUID		set invocationid (otherwise random)
  --adminpass	PASSWORD	choose admin password (otherwise random)
  --krbtgtpass	PASSWORD	choose krbtgt password (otherwise random)
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index e44a4642b2..d531f831d6 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -99,31 +99,3 @@ dn: CN=Policies,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
 
-dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-objectClass: groupPolicyContainer
-displayName: Default Domain Policy
-objectCategory: CN=Group-Policy-Container,${SCHEMADN}
-gPCFunctionalityVersion: 2
-gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 1
-flags: 0
-gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
- 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
- FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2
- 488-11D1-A28C-00C04FB94F17}]
-gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
- 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
- 11D1-A7CC-0000F87571E3}]
-nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
-
-dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-objectCategory: CN=Container,${SCHEMADN}
-
-dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
-objectClass: top
-objectClass: container
-objectCategory: CN=Container,${SCHEMADN}
diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf
index 9d922c49c9..fe08d7e3be 100644
--- a/source4/setup/provision.smb.conf
+++ b/source4/setup/provision.smb.conf
@@ -4,4 +4,10 @@
 	realm		= ${REALM}
 	server role     = domain controller
 
+[netlogon]
+	path = ${NETLOGONPATH}
+	read only = no
 
+[sysvol]
+	path = ${SYSVOLPATH}
+	read only = no
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
new file mode 100644
index 0000000000..b5a2ef17e2
--- /dev/null
+++ b/source4/setup/provision_group_policy.ldif
@@ -0,0 +1,28 @@
+dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectClass: groupPolicyContainer
+displayName: Default Domain Policy
+objectCategory: CN=Group-Policy-Container,${SCHEMADN}
+gPCFunctionalityVersion: 2
+gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
+versionNumber: 1
+flags: 0
+gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
+ 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
+ FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2
+ 488-11D1-A28C-00C04FB94F17}]
+gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
+ 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
+ 11D1-A7CC-0000F87571E3}]
+nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+
+dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectCategory: CN=Container,${SCHEMADN}
+
+dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+objectCategory: CN=Container,${SCHEMADN}