summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/provision.ldif14
-rwxr-xr-xsource4/script/provision.pl75
2 files changed, 76 insertions, 13 deletions
diff --git a/source4/provision.ldif b/source4/provision.ldif
index 3d21fd8b6e..460549db1d 100644
--- a/source4/provision.ldif
+++ b/source4/provision.ldif
@@ -249,7 +249,7 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: root
+unixName: ${WHEEL}
dn: CN=Users,CN=Builtin,${BASEDN}
objectClass: top
@@ -293,7 +293,7 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: nogroup
+unixName: ${NOGROUP}
dn: CN=Print Operators,CN=Builtin,${BASEDN}
objectClass: top
@@ -566,7 +566,7 @@ sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: root
+unixName: ${WHEEL}
dn: CN=Enterprise Admins,CN=Users,${BASEDN}
objectClass: top
@@ -589,7 +589,7 @@ sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: root
+unixName: ${WHEEL}
dn: CN=Cert Publishers,CN=Users,${BASEDN}
objectClass: top
@@ -631,7 +631,7 @@ sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: root
+unixName: ${WHEEL}
dn: CN=Domain Users,CN=Users,${BASEDN}
objectClass: top
@@ -652,7 +652,7 @@ sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: users
+unixName: ${USERS}
dn: CN=Domain Guests,CN=Users,${BASEDN}
objectClass: top
@@ -693,7 +693,7 @@ sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-unixName: root
+unixName: ${WHEEL}
dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
objectClass: top
diff --git a/source4/script/provision.pl b/source4/script/provision.pl
index cc08c94bfb..b1070d2013 100755
--- a/source4/script/provision.pl
+++ b/source4/script/provision.pl
@@ -8,6 +8,10 @@ chomp $opt_hostname;
my $opt_realm;
my $opt_domain;
my $opt_adminpass;
+my $opt_nobody;
+my $opt_nogroup;
+my $opt_wheel;
+my $opt_users;
my $dnsname;
my $basedn;
@@ -107,6 +111,22 @@ sub substitute($)
return "" . nttime();
}
+ if ($var eq "WHEEL") {
+ return $opt_wheel;
+ }
+
+ if ($var eq "NOBODY") {
+ return $opt_nobody;
+ }
+
+ if ($var eq "NOGROUP") {
+ return $opt_nogroup;
+ }
+
+ if ($var eq "USERS") {
+ return $opt_users;
+ }
+
die "ERROR: Uknown substitution variable $var\n";
}
@@ -174,10 +194,14 @@ sub ShowHelp()
Samba4 provisioning
provision.pl [options]
- --realm REALM set realm
- --domain DOMAIN set domain
- --hostname HOSTNAME set hostname
- --adminpass PASSWORD choose admin password (otherwise random)
+ --realm REALM set realm
+ --domain DOMAIN set domain
+ --hostname HOSTNAME set hostname
+ --adminpass PASSWORD choose admin password (otherwise random)
+ --nobody USERNAME choose 'nobody' user
+ --nogroup GROUPNAME choose 'nogroup' group
+ --wheel GROUPNAME choose 'wheel' privileged group
+ --users GROUPNAME choose 'users' group
You must provide at least a realm and domain
@@ -193,6 +217,10 @@ GetOptions(
'domain=s' => \$opt_domain,
'hostname=s' => \$opt_hostname,
'adminpass=s' => \$opt_adminpass,
+ 'nobody=s' => \$opt_nobody,
+ 'nogroup=s' => \$opt_nogroup,
+ 'wheel=s' => \$opt_wheel,
+ 'users=s' => \$opt_users,
);
if ($opt_help ||
@@ -204,6 +232,41 @@ if ($opt_help ||
print "Provisioning host '$opt_hostname' for domain '$opt_domain' in realm '$opt_realm'\n";
+if (!$opt_nobody) {
+ if (defined getpwnam("nobody")) {
+ $opt_nobody = "nobody";
+ }
+}
+
+if (!$opt_nogroup) {
+ if (defined getgrnam("nogroup")) {
+ $opt_nogroup = "nogroup";
+ } elsif (defined getgrnam("nobody")) {
+ $opt_nogroup = "nobody";
+ }
+}
+
+if (!$opt_wheel) {
+ if (defined getgrnam("wheel")) {
+ $opt_wheel = "wheel";
+ } elsif (defined getgrnam("root")) {
+ $opt_wheel = "root";
+ }
+}
+
+if (!$opt_users) {
+ if (defined getgrnam("users")) {
+ $opt_users = "users";
+ }
+}
+
+$opt_nobody || die "Unable to determine a user for 'nobody'\n";
+$opt_nogroup || die "Unable to determine a group for 'nogroup'\n";
+$opt_users || die "Unable to determine a group for 'user'\n";
+$opt_wheel || die "Unable to determine a group for 'wheel'\n";
+
+print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n";
+
print "generating ldif ...\n";
$dnsname = "$opt_hostname.$opt_realm";
@@ -211,9 +274,9 @@ $basedn = "DC=" . join(",DC=", split(/\./, $opt_realm));
my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n";
-$data .= add_foreign("S-1-5-7", "Anonymous", "nobody");
+$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}");
$data .= add_foreign("S-1-5-18", "System", "root");
-$data .= add_foreign("S-1-5-11", "Authenticated Users", "users");
+$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}");
if (!$opt_adminpass) {
$opt_adminpass = randpass();