summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-02-28 08:43:10 +1100
committerAndrew Bartlett <abartlet@samba.org>2008-02-28 08:43:10 +1100
commit446fb38765c8b3d0e8cf3f74442029cabca3a41b (patch)
treeef530f691fa7f3ca82b921604d4eca6f4da4ba62 /source4/setup
parent9b7baec42bc00985697be895e5d21aae50322f4d (diff)
downloadsamba-446fb38765c8b3d0e8cf3f74442029cabca3a41b.tar.gz
samba-446fb38765c8b3d0e8cf3f74442029cabca3a41b.tar.bz2
samba-446fb38765c8b3d0e8cf3f74442029cabca3a41b.zip
Users and computers now share the same template.
Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4)
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/provision_self_join.ldif2
-rw-r--r--source4/setup/provision_templates.ldif26
-rw-r--r--source4/setup/provision_users.ldif20
3 files changed, 1 insertions, 47 deletions
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 58669660f4..503656a9bf 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -8,7 +8,6 @@ localPolicyFlags: 0
primaryGroupID: 516
accountExpires: 9223372036854775807
sAMAccountName: ${NETBIOSNAME}$
-sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0
dNSHostName: ${DNSNAME}
@@ -33,7 +32,6 @@ description: DNS Service Account
userAccountControl: 514
accountExpires: 9223372036854775807
sAMAccountName: dns
-sAMAccountType: 805306368
servicePrincipalName: DNS/${DNSDOMAIN}
isCriticalSystemObject: TRUE
sambaPassword:: ${DNSPASS_B64}
diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif
index fafedc6966..cc0ab212cd 100644
--- a/source4/setup/provision_templates.ldif
+++ b/source4/setup/provision_templates.ldif
@@ -18,7 +18,7 @@ objectClass: container
description: Container for SAM account templates
dn: CN=TemplateUser,CN=Templates
-userAccountControl: 514
+userAccountControl: 546
badPwdCount: 0
codePage: 0
countryCode: 0
@@ -29,21 +29,6 @@ pwdLastSet: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 805306368
-
-dn: CN=TemplateComputer,CN=Templates
-userAccountControl: 4098
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 805306369
dn: CN=TemplateTrustingDomain,CN=Templates
userAccountControl: 2080
@@ -56,18 +41,9 @@ lastLogon: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 805306370
dn: CN=TemplateGroup,CN=Templates
groupType: -2147483646
-sAMAccountType: 268435456
-
-# Currently this isn't used, we don't have a way to detect it different from an incoming alias
-#
-# dn: CN=TemplateAlias,CN=Templates
-# cn: TemplateAlias
-# groupType: -2147483644
-# sAMAccountType: 268435456
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 05fde15974..4b053d9166 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -44,7 +44,6 @@ objectSid: ${DOMAINSID}-502
adminCount: 1
accountExpires: 9223372036854775807
sAMAccountName: krbtgt
-sAMAccountType: 805306368
servicePrincipalName: kadmin/changepw
isCriticalSystemObject: TRUE
sambaPassword:: ${KRBTGTPASS_B64}
@@ -85,7 +84,6 @@ objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to the Active Directory
groupType: 2147483652
-sAMAccountType: 536870912
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
isCriticalSystemObject: TRUE
@@ -136,7 +134,6 @@ cn: RAS and IAS Servers
description: Servers in this group can access remote access properties of users
objectSid: ${DOMAINSID}-553
sAMAccountName: RAS and IAS Servers
-sAMAccountType: 536870912
groupType: 2147483652
isCriticalSystemObject: TRUE
@@ -151,7 +148,6 @@ member: CN=Administrator,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -188,7 +184,6 @@ description: Users are prevented from making accidental or intentional system-wi
member: CN=Domain Users,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-545
sAMAccountName: Users
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -202,7 +197,6 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN}
member: CN=Guest,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-546
sAMAccountName: Guests
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -215,7 +209,6 @@ description: Members can administer domain printers
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountName: Print Operators
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -231,7 +224,6 @@ description: Backup Operators can override security restrictions for the sole pu
objectSid: S-1-5-32-551
adminCount: 1
sAMAccountName: Backup Operators
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -248,7 +240,6 @@ description: Supports file replication in a domain
objectSid: S-1-5-32-552
adminCount: 1
sAMAccountName: Replicator
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -260,7 +251,6 @@ cn: Remote Desktop Users
description: Members in this group are granted the right to logon remotely
objectSid: S-1-5-32-555
sAMAccountName: Remote Desktop Users
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -272,7 +262,6 @@ cn: Network Configuration Operators
description: Members in this group can have some administrative privileges to manage configuration of networking features
objectSid: S-1-5-32-556
sAMAccountName: Network Configuration Operators
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -284,7 +273,6 @@ cn: Performance Monitor Users
description: Members of this group have remote access to monitor this computer
objectSid: S-1-5-32-558
sAMAccountName: Performance Monitor Users
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -296,7 +284,6 @@ cn: Performance Log Users
description: Members of this group have remote access to schedule logging of performance counters on this computer
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -309,7 +296,6 @@ description: Members can administer domain servers
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -328,7 +314,6 @@ description: Members can administer domain user and group accounts
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -341,7 +326,6 @@ cn: Pre-Windows 2000 Compatible Access
description: A backward compatibility group which allows read access on all users and groups in the domain
objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -355,7 +339,6 @@ cn: Incoming Forest Trust Builders
description: Members of this group can create incoming, one-way trusts to this forest
objectSid: S-1-5-32-557
sAMAccountName: Incoming Forest Trust Builders
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -367,7 +350,6 @@ cn: Windows Authorization Access Group
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
objectSid: S-1-5-32-560
sAMAccountName: Windows Authorization Access Group
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -379,7 +361,6 @@ cn: Terminal Server License Servers
description: Terminal Server License Servers
objectSid: S-1-5-32-561
sAMAccountName: Terminal Server License Servers
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE
@@ -391,7 +372,6 @@ cn: Distributed COM Users
description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
objectSid: S-1-5-32-562
sAMAccountName: Distributed COM Users
-sAMAccountType: 536870912
systemFlags: 2348810240
groupType: 2147483653
isCriticalSystemObject: TRUE