diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-02-28 08:43:10 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-02-28 08:43:10 +1100 |
commit | 446fb38765c8b3d0e8cf3f74442029cabca3a41b (patch) | |
tree | ef530f691fa7f3ca82b921604d4eca6f4da4ba62 /source4/setup | |
parent | 9b7baec42bc00985697be895e5d21aae50322f4d (diff) | |
download | samba-446fb38765c8b3d0e8cf3f74442029cabca3a41b.tar.gz samba-446fb38765c8b3d0e8cf3f74442029cabca3a41b.tar.bz2 samba-446fb38765c8b3d0e8cf3f74442029cabca3a41b.zip |
Users and computers now share the same template.
Slowly work away at the samldb module again, it is clear that AD does
not use much of a templating system. samAccountType is managed, as
far as I can tell, when groupType or userAccountControl changes.
Andrew Bartlett
(This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
Diffstat (limited to 'source4/setup')
-rw-r--r-- | source4/setup/provision_self_join.ldif | 2 | ||||
-rw-r--r-- | source4/setup/provision_templates.ldif | 26 | ||||
-rw-r--r-- | source4/setup/provision_users.ldif | 20 |
3 files changed, 1 insertions, 47 deletions
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 58669660f4..503656a9bf 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -8,7 +8,6 @@ localPolicyFlags: 0 primaryGroupID: 516 accountExpires: 9223372036854775807 sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} @@ -33,7 +32,6 @@ description: DNS Service Account userAccountControl: 514 accountExpires: 9223372036854775807 sAMAccountName: dns -sAMAccountType: 805306368 servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE sambaPassword:: ${DNSPASS_B64} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index fafedc6966..cc0ab212cd 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -18,7 +18,7 @@ objectClass: container description: Container for SAM account templates dn: CN=TemplateUser,CN=Templates -userAccountControl: 514 +userAccountControl: 546 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -29,21 +29,6 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 805306368 - -dn: CN=TemplateComputer,CN=Templates -userAccountControl: 4098 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 805306369 dn: CN=TemplateTrustingDomain,CN=Templates userAccountControl: 2080 @@ -56,18 +41,9 @@ lastLogon: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 805306370 dn: CN=TemplateGroup,CN=Templates groupType: -2147483646 -sAMAccountType: 268435456 - -# Currently this isn't used, we don't have a way to detect it different from an incoming alias -# -# dn: CN=TemplateAlias,CN=Templates -# cn: TemplateAlias -# groupType: -2147483644 -# sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 05fde15974..4b053d9166 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -44,7 +44,6 @@ objectSid: ${DOMAINSID}-502 adminCount: 1 accountExpires: 9223372036854775807 sAMAccountName: krbtgt -sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE sambaPassword:: ${KRBTGTPASS_B64} @@ -85,7 +84,6 @@ objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory groupType: 2147483652 -sAMAccountType: 536870912 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers isCriticalSystemObject: TRUE @@ -136,7 +134,6 @@ cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers -sAMAccountType: 536870912 groupType: 2147483652 isCriticalSystemObject: TRUE @@ -151,7 +148,6 @@ member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -188,7 +184,6 @@ description: Users are prevented from making accidental or intentional system-wi member: CN=Domain Users,CN=Users,${DOMAINDN} objectSid: S-1-5-32-545 sAMAccountName: Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -202,7 +197,6 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN} member: CN=Guest,CN=Users,${DOMAINDN} objectSid: S-1-5-32-546 sAMAccountName: Guests -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -215,7 +209,6 @@ description: Members can administer domain printers objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -231,7 +224,6 @@ description: Backup Operators can override security restrictions for the sole pu objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -248,7 +240,6 @@ description: Supports file replication in a domain objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -260,7 +251,6 @@ cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -272,7 +262,6 @@ cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -284,7 +273,6 @@ cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -296,7 +284,6 @@ cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -309,7 +296,6 @@ description: Members can administer domain servers objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -328,7 +314,6 @@ description: Members can administer domain user and group accounts objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -341,7 +326,6 @@ cn: Pre-Windows 2000 Compatible Access description: A backward compatibility group which allows read access on all users and groups in the domain objectSid: S-1-5-32-554 sAMAccountName: Pre-Windows 2000 Compatible Access -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -355,7 +339,6 @@ cn: Incoming Forest Trust Builders description: Members of this group can create incoming, one-way trusts to this forest objectSid: S-1-5-32-557 sAMAccountName: Incoming Forest Trust Builders -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -367,7 +350,6 @@ cn: Windows Authorization Access Group description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects objectSid: S-1-5-32-560 sAMAccountName: Windows Authorization Access Group -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -379,7 +361,6 @@ cn: Terminal Server License Servers description: Terminal Server License Servers objectSid: S-1-5-32-561 sAMAccountName: Terminal Server License Servers -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -391,7 +372,6 @@ cn: Distributed COM Users description: Members are allowed to launch, activate and use Distributed COM objects on this machine. objectSid: S-1-5-32-562 sAMAccountName: Distributed COM Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE |