summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup')
-rwxr-xr-xsource4/setup/domainlevel187
-rwxr-xr-xsource4/setup/enableaccount72
-rwxr-xr-xsource4/setup/newuser10
-rw-r--r--source4/setup/provision.ldif15
-rw-r--r--source4/setup/provision_configuration.ldif263
-rw-r--r--source4/setup/provision_self_join.ldif82
-rwxr-xr-xsource4/setup/pwsettings47
-rwxr-xr-xsource4/setup/setexpiry50
-rwxr-xr-xsource4/setup/setpassword14
9 files changed, 602 insertions, 138 deletions
diff --git a/source4/setup/domainlevel b/source4/setup/domainlevel
new file mode 100755
index 0000000000..811e29cb2d
--- /dev/null
+++ b/source4/setup/domainlevel
@@ -0,0 +1,187 @@
+#!/usr/bin/python
+#
+# Raises domain and forest function levels
+#
+# Copyright Matthias Dieter Wallnoefer 2009
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+import optparse
+import ldb
+
+from samba.auth import system_session
+from samba.samdb import SamDB
+from samba import DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2003
+from samba import DS_DOMAIN_FUNCTION_2008, DS_DOMAIN_FUNCTION_2008_R2
+
+parser = optparse.OptionParser("domainlevel (show | raise <options>)")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--quiet", help="Be quiet", action="store_true")
+parser.add_option("--forest",
+ help="The forest function level (2000 | 2003 | 2008 | 2008_R2). We don't support mixed/interim (NT4 DC support) levels.", type=str)
+parser.add_option("--domain",
+ help="The domain function level (2000 | 2003 | 2008 | 2008_R2). We don't support mixed/interim (NT4 DC support) levels.", type=str)
+opts, args = parser.parse_args()
+
+#
+# print a message if quiet is not set
+#
+def message(text):
+ if not opts.quiet:
+ print text
+
+if len(args) == 0:
+ parser.print_usage()
+ sys.exit(1)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
+
+domain_dn = SamDB.domain_dn(samdb)
+
+res_forest = samdb.search("CN=Partitions,CN=Configuration," + domain_dn,
+ scope=ldb.SCOPE_BASE, attrs=["msDS-Behavior-Version"])
+assert(len(res_forest) == 1)
+
+res_domain = samdb.search(domain_dn, scope=ldb.SCOPE_BASE,
+ attrs=["msDS-Behavior-Version"])
+assert(len(res_domain) == 1)
+
+try:
+ level_forest = int(res_forest[0]["msDS-Behavior-Version"][0])
+ level_domain = int(res_domain[0]["msDS-Behavior-Version"][0])
+
+ if level_forest < 0 or level_forest == 1 or level_forest > 4 or level_domain < 0 or level_domain == 1 or level_domain > 4:
+ print "ERROR: Domain and/or forest functional level(s) is/are invalid. Correct them or reprovision!"
+ sys.exit(1)
+ if level_forest > level_domain:
+ print "ERROR: Forest function level is higher than the domain level(s). That can't be. Correct this or reprovision!"
+ sys.exit(1)
+except:
+ print "ERROR: Could not retrieve the actual domain and forest level!"
+ if args[0] == "show":
+ print "So the levels can't be displayed!"
+ sys.exit(1)
+
+if args[0] == "show":
+ message("Domain and forest function level for domain '" + domain_dn + "'")
+ message("")
+
+ if level_forest == DS_DOMAIN_FUNCTION_2000:
+ outstr = "2000"
+ elif level_forest == DS_DOMAIN_FUNCTION_2003:
+ outstr = "2003"
+ elif level_forest == DS_DOMAIN_FUNCTION_2008:
+ outstr = "2008"
+ elif level_forest == DS_DOMAIN_FUNCTION_2008_R2:
+ outstr = "2008 R2"
+ message("Forest function level: (Windows) " + outstr)
+
+ if level_domain == DS_DOMAIN_FUNCTION_2000:
+ outstr = "2000"
+ elif level_domain == DS_DOMAIN_FUNCTION_2003:
+ outstr = "2003"
+ elif level_domain == DS_DOMAIN_FUNCTION_2008:
+ outstr = "2008"
+ elif level_domain == DS_DOMAIN_FUNCTION_2008_R2:
+ outstr = "2008 R2"
+ message("Domain function level: (Windows) " + outstr)
+
+elif args[0] == "raise":
+ msgs = []
+
+ if opts.domain is not None:
+ arg = opts.domain
+
+ if arg == "2000":
+ new_level_domain = DS_DOMAIN_FUNCTION_2000
+ elif arg == "2003":
+ new_level_domain = DS_DOMAIN_FUNCTION_2003
+ elif arg == "2008":
+ new_level_domain = DS_DOMAIN_FUNCTION_2008
+ elif arg == "2008_R2":
+ new_level_domain = DS_DOMAIN_FUNCTION_2008_R2
+ else:
+ print "ERROR: Wrong argument '" + arg + "'!"
+ sys.exit(1)
+
+ if new_level_domain <= level_domain:
+ print "ERROR: Domain function level can't be smaller equal to the actual one!"
+ sys.exit(1)
+
+ m = ldb.Message()
+ m.dn = ldb.Dn(samdb, domain_dn)
+ m["msDS-Behavior-Version"]= ldb.MessageElement(
+ str(new_level_domain), ldb.FLAG_MOD_REPLACE,
+ "msDS-Behavior-Version")
+ samdb.modify(m)
+
+ level_domain = new_level_domain
+
+ msgs.append("Domain function level changed!")
+
+ if opts.forest is not None:
+ arg = opts.forest
+
+ if arg == "2000":
+ new_level_forest = DS_DOMAIN_FUNCTION_2000
+ elif arg == "2003":
+ new_level_forest = DS_DOMAIN_FUNCTION_2003
+ elif arg == "2008":
+ new_level_forest = DS_DOMAIN_FUNCTION_2008
+ elif arg == "2008_R2":
+ new_level_forest = DS_DOMAIN_FUNCTION_2008_R2
+ else:
+ print "ERROR: Wrong argument '" + arg + "'!"
+ sys.exit(1)
+
+ if new_level_forest <= level_forest:
+ print "ERROR: Forest function level can't be smaller equal to the actual one!"
+ sys.exit(1)
+
+ if new_level_forest > level_domain:
+ print "ERROR: Forest function level can't be higher than the domain function level(s). Please raise it/them first!"
+ sys.exit(1)
+
+ m = ldb.Message()
+
+ m.dn = ldb.Dn(samdb, "CN=Partitions,CN=Configuration,"
+ + domain_dn)
+ m["msDS-Behavior-Version"]= ldb.MessageElement(
+ str(new_level_forest), ldb.FLAG_MOD_REPLACE,
+ "msDS-Behavior-Version")
+ samdb.modify(m)
+
+ msgs.append("Forest function level changed!")
+
+ msgs.append("All changes applied successfully!")
+
+ message("\n".join(msgs))
+else:
+ print "ERROR: Wrong argument '" + args[0] + "'!"
+ sys.exit(1)
diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount
index d4e954074b..0ca5b39faa 100755
--- a/source4/setup/enableaccount
+++ b/source4/setup/enableaccount
@@ -1,18 +1,31 @@
#!/usr/bin/python
#
-# Enables a disabled user account on a Samba4 server
-# Copyright Andrew Tridgell 2005
-# Copyright Jelmer Vernooij 2008
-# Released under the GNU GPL version 3 or later
+# Enables an user account on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import os, sys
-sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
+import sys
+
+sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-import pwd
-import ldb
from samba.auth import system_session
from samba.samdb import SamDB
@@ -23,49 +36,24 @@ parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
-parser.add_option("-H", help="LDB URL for database or target server", type=str)
-parser.add_option("--base", help="Base DN to search for user under", type=str)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
opts, args = parser.parse_args()
-#
-# print a message if quiet is not set
-#
-def message(text):
- if not opts.quiet:
- print text
+filter = opts.filter
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+ print "Either the username or '--filter' must be specified!"
parser.print_usage()
sys.exit(1)
-username = args[0]
-
-if username is None:
- print "username must be specified"
+if filter is None:
+ username = args[0]
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
-
creds = credopts.get_credentials(lp)
-if opts.H is not None:
- url = opts.H
-else:
- url = lp.get("sam database")
-
-samdb = SamDB(url=url, session_info=system_session(),
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
-
-domain_dn = opts.base
-if domain_dn is None:
- domain_dn = SamDB.domain_dn(samdb)
-
-filter = "(&(objectClass=user)(samAccountName=%s))" % username
-
-res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
- expression=filter,
- attrs=[])
-assert(len(res) == 1)
-user_dn = res[0].dn
-
-samdb.enable_account(user_dn)
+samdb.enable_account(filter)
diff --git a/source4/setup/newuser b/source4/setup/newuser
index cc89e922a7..422677c301 100755
--- a/source4/setup/newuser
+++ b/source4/setup/newuser
@@ -1,6 +1,6 @@
#!/usr/bin/python
#
-# Add a new user to a Samba4 server
+# Adds a new user to a Samba4 server
# Copyright Jelmer Vernooij 2008
#
# Based on the original in EJS:
@@ -18,6 +18,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
import sys
# Find right directory when running from source tree
@@ -25,8 +26,10 @@ sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
+
from getpass import getpass
from samba.auth import system_session
+from samba.samdb import SamDB
parser = optparse.OptionParser("newuser [options] <username> [<password>]")
sambaopts = options.SambaOptions(parser)
@@ -34,7 +37,6 @@ parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
-parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--unixname", help="Unix Username", type=str)
parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
@@ -56,6 +58,6 @@ if opts.unixname is None:
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
-samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(),
- credentials=creds)
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login=opts.must_change_at_next_login)
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 1690dc6c02..d46406e144 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -5,24 +5,25 @@
dn: CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: builtinDomain
+creationTime: ${CREATTIME}
forceLogoff: -9223372036854775808
+isCriticalSystemObject: TRUE
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
maxPwdAge: -37108517437440
minPwdAge: 0
minPwdLength: 0
+modifiedCount: 1
modifiedCountAtLastProm: 0
nextRid: 1000
-pwdProperties: 0
-pwdHistoryLength: 0
objectSid: S-1-5-32
+pwdHistoryLength: 0
+pwdProperties: 0
serverState: 1
-uASCompat: 1
-modifiedCount: 1
-systemFlags: -1946157056
-isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
+systemFlags: -1946157056
+uASCompat: 1
dn: CN=Deleted Objects,${DOMAINDN}
objectClass: top
@@ -366,6 +367,8 @@ objectClass: nTFRSSettings
systemFlags: -1946157056
isCriticalSystemObject: TRUE
+# Here are missing the FRS objects since we don't support this technique yet
+
dn: CN=FileLinks,CN=System,${DOMAINDN}
objectClass: top
objectClass: fileLinkTracking
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index ac641da775..506ff21641 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -15,6 +15,8 @@ isDeleted: TRUE
isCriticalSystemObject: TRUE
systemFlags: -1946157056
+# Extended rights
+
dn: CN=Extended-Rights,${CONFIGDN}
objectClass: top
objectClass: container
@@ -637,6 +639,8 @@ appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
localizationDisplayId: 28
validAccesses: 256
+# Forest updates
+
dn: CN=ForestUpdates,${CONFIGDN}
objectClass: top
objectClass: container
@@ -645,6 +649,154 @@ dn: CN=Operations,CN=ForestUpdates,${CONFIGDN}
objectClass: top
objectClass: container
+dn: CN=6b800a81-affe-4a15-8e41-6ea0c7aa89e4,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dd07182c-3174-4c95-902a-d64fee285bbf,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ffa5ee3c-1405-476d-b344-7ad37d69cc25,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=099f1587-af70-49c6-ab6c-7b3e82be0fe2,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=1a3f6b15-55f2-4752-ba27-3d38a8232c4d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dee21a17-4e8e-4f40-a58c-c0c009b685a7,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=9bd98bb4-4047-4de5-bf4c-7bd1d0f6d21d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3fe80fbf-bf39-4773-b5bd-3e5767a30d2d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f02915e2-9141-4f73-b8e7-2804662782da,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=39902c52-ef24-4b4b-8033-2c9dfdd173a2,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=20bf09b4-6d0b-4cd1-9c09-4231edf1209b,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bb-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bc-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bd-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238be-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238bf-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=94f238c0-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b47-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b48-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b49-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=eda27b4a-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=26d9c510-e61a-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=26d9c511-e61a-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=3467dae5-dedd-4648-9066-f48ac186b20a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=33b7ee33-1386-47cf-baa1-b03e06473253,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=e9ee8d55-c2fb-4723-a333-c80ff4dfbf45,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ccfae63a-7fb5-454c-83ab-0e8e1214974e,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ad3c7909-b154-4c16-8bf7-2c3a7870bb3d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=26ad2ebf-f8f5-44a4-b97c-a616c8b9d09a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4444c516-f43a-4c12-9c4b-b5c064941d61,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=436a1a4b-f41a-46e6-ac86-427720ef29f3,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=b2b7fb45-f50d-41bc-a73b-8f580f3b636a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=1bdf6366-c3db-4d0b-b8cb-f99ba9bce20f,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=63c0f51a-067c-4640-8a4f-044fb33f1049,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dae441c0-366e-482e-98d9-60a99a1898cc,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=7dd09ca6-f0d6-43bf-b7f8-ef348f435617,CN=Operations,CN=ForestUpdates,${CONFIGDN}
+objectClass: top
+objectClass: container
+
dn: CN=Windows2003Update,CN=ForestUpdates,${CONFIGDN}
objectClass: top
objectClass: container
@@ -662,6 +814,8 @@ description: Quota specifications container
msDS-TombstoneQuotaFactor: 100
systemFlags: -2147483648
+# Partitions
+
dn: CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRefContainer
@@ -669,27 +823,30 @@ systemFlags: -2147483648
msDS-Behavior-Version: ${FOREST_FUNCTIONALALITY}
showInAdvancedViewOnly: TRUE
+# Partitions for DNS are missing since we don't support AD DNS
+
dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
-systemFlags: 1
-nCName: ${CONFIGDN}
dnsRoot: ${DNSDOMAIN}
+nCName: ${CONFIGDN}
+systemFlags: 1
dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
-systemFlags: 1
-nCName: ${SCHEMADN}
dnsRoot: ${DNSDOMAIN}
+nCName: ${SCHEMADN}
+systemFlags: 1
dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
-systemFlags: 3
+dnsRoot: ${DNSDOMAIN}
nCName: ${DOMAINDN}
nETBIOSName: ${DOMAIN}
-dnsRoot: ${DNSDOMAIN}
+nTMixedDomain: 0
+systemFlags: 3
dn: CN=Physical Locations,${CONFIGDN}
objectClass: top
@@ -699,11 +856,91 @@ l: Physical Locations tree root
# Schema located in "ad-schema/*.txt"
+# Services
+
dn: CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
systemFlags: -2147483648
+dn: CN=MsmqServices,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: mSMQEnterpriseSettings
+mSMQVersion: 200
+
+dn: CN=NetServices,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Certificate Templates,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Enrollment Services,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=Certification Authorities,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=AIA,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=CDP,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=KRA,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=OID,CN=Public Key Services,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: msPKI-Enterprise-Oid
+
+dn: CN=RRAS,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: container
+
+dn: CN=IdentityDictionary,CN=RRAS,CN=Services,${CONFIGDN}
+objectClass: top
+objectClass: rRASAdministrationDictionary
+msRRASVendorAttributeEntry: 311:6:803:RADIUS Accouting
+msRRASVendorAttributeEntry: 311:6:802:RADIUS Authentication
+msRRASVendorAttributeEntry: 311:6:801:NT Domain Authentication
+msRRASVendorAttributeEntry: 311:6:714:Point to point parallel connection
+msRRASVendorAttributeEntry: 311:6:713:Point to point serial connection
+msRRASVendorAttributeEntry: 311:6:712:Generic LAN
+msRRASVendorAttributeEntry: 311:6:711:Generic WAN
+msRRASVendorAttributeEntry: 311:6:710:X.25
+msRRASVendorAttributeEntry: 311:6:709:IrDA
+msRRASVendorAttributeEntry: 311:6:708:Switched 56
+msRRASVendorAttributeEntry: 311:6:707:SONET
+msRRASVendorAttributeEntry: 311:6:706:Modem
+msRRASVendorAttributeEntry: 311:6:705:ISDN
+msRRASVendorAttributeEntry: 311:6:704:ATM
+msRRASVendorAttributeEntry: 311:6:703:Frame Relay
+msRRASVendorAttributeEntry: 311:6:702:Layer 2 Tunneling Protocol
+msRRASVendorAttributeEntry: 311:6:701:Point-to-Point Tunneling Protocol
+msRRASVendorAttributeEntry: 311:6:604:Network Address and Port Translation
+msRRASVendorAttributeEntry: 311:6:603:Demand Dial Router
+msRRASVendorAttributeEntry: 311:6:602:Remote Access Server
+msRRASVendorAttributeEntry: 311:6:601:LAN-to- LAN Router
+msRRASVendorAttributeEntry: 311:6:503:AppleTalk Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:502:IPX Forwarding Enabled
+msRRASVendorAttributeEntry: 311:6:501:IP Forwarding Enabled
+msRRASVendorAttributeEntry: 311:5:2:IPX SAP
+msRRASVendorAttributeEntry: 311::5:1:IPX RIP
+msRRASVendorAttributeEntry: 311:1:10:IGMP Only
+msRRASVendorAttributeEntry: 311:0:13:OSPF
+msRRASVendorAttributeEntry: 311:0:8:RIP (version 1 or 2)
+
dn: CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
@@ -711,7 +948,12 @@ objectClass: container
dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
objectClass: nTDSService
-sPNMappings: host=ldap,dns,cifs,http
+msDS-Other-Settings: DisableVLVSupport=0
+msDS-Other-Settings: DynamicObjectMinTTL=900
+msDS-Other-Settings: DynamicObjectDefaultTTL=86400
+# "sPNMappings" needs to be enhanced when we add features
+sPNMappings: host=dns,netlogon,rpc,cifs,wins,http
+tombstoneLifetime: 180
dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
@@ -734,6 +976,8 @@ lDAPAdminLimits: MaxConnIdleTime=900
lDAPAdminLimits: InitRecvTimeout=120
lDAPAdminLimits: MaxConnections=5000
+# Sites
+
dn: CN=Sites,${CONFIGDN}
objectClass: top
objectClass: sitesContainer
@@ -759,6 +1003,7 @@ objectClass: top
objectClass: interSiteTransport
transportAddressAttribute: dNSHostName
transportDLLName: ismip.dll
+systemFlags: -2147483648
dn: CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
objectClass: top
@@ -785,3 +1030,7 @@ objectClass: top
objectClass: serversContainer
systemFlags: 33554432
+dn: CN=Subnets,CN=Sites,${CONFIGDN}
+objectClass: top
+objectClass: subnetContainer
+systemFlags: -1073741824
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index c59c421b7f..639bc96040 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -1,41 +1,43 @@
-# Join the DC to itself
+# Accounts for selfjoin (joins DC to itself)
+# Object under "Domain Controllers"
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
-userAccountControl: 532480
-localPolicyFlags: 0
-primaryGroupID: 516
accountExpires: 9223372036854775807
-sAMAccountName: ${NETBIOSNAME}$
+dNSHostName: ${DNSNAME}
+# "frsComputerReferenceBL" doesn't exist since we still miss FRS support
+isCriticalSystemObject: TRUE
+localPolicyFlags: 0
operatingSystem: Samba
operatingSystemVersion: ${SAMBA_VERSION_STRING}
-dNSHostName: ${DNSNAME}
-userPassword:: ${MACHINEPASS_B64}
-servicePrincipalName: HOST/${DNSNAME}
+primaryGroupID: 516
+# "rIDSetReferences" doesn't exist since we still miss distributed RIDs
+sAMAccountName: ${NETBIOSNAME}$
+# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
+# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
+# "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS
+servicePrincipalName: GC/${DNSNAME}/${REALM}
+servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
servicePrincipalName: HOST/${NETBIOSNAME}
+servicePrincipalName: HOST/${DNSNAME}
servicePrincipalName: HOST/${DNSNAME}/${REALM}
-servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
-servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
-servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
-isCriticalSystemObject: TRUE
+# "servicePrincipalName"s with GUIDs are located in
+# "provision_self_join_modify.ldif"
+servicePrincipalName: ldap/${DNSNAME}/${DOMAIN}
+servicePrincipalName: ldap/${NETBIOSNAME}
+servicePrincipalName: ldap/${DNSNAME}
+servicePrincipalName: ldap/${DNSNAME}/${REALM}
+userAccountControl: 532480
+userPassword:: ${MACHINEPASS_B64}
-#Provide a account for DNS keytab export
-dn: CN=dns,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account
-userAccountControl: 514
-accountExpires: 9223372036854775807
-sAMAccountName: dns
-servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
+# Here are missing the objects for the NTFRS subscription and the RID set since
+# we don't support those techniques (FRS, distributed RIDs) yet.
+
+# Objects under "Configuration/Sites/<Default sitename>/Servers"
dn: ${SERVERDN}
objectClass: top
@@ -48,14 +50,34 @@ dn: CN=NTDS Settings,${SERVERDN}
objectClass: top
objectClass: applicationSettings
objectClass: nTDSDSA
-options: 1
-systemFlags: 33554432
dMDLocation: ${SCHEMADN}
+hasMasterNCs: ${CONFIGDN}
+hasMasterNCs: ${SCHEMADN}
+hasMasterNCs: ${DOMAINDN}
invocationId: ${INVOCATIONID}
msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
+msDS-HasDomainNCs: ${DOMAINDN}
+# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS
+msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
+msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
+msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
+# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS
msDS-hasMasterNCs: ${CONFIGDN}
msDS-hasMasterNCs: ${SCHEMADN}
msDS-hasMasterNCs: ${DOMAINDN}
-hasMasterNCs: ${CONFIGDN}
-hasMasterNCs: ${SCHEMADN}
-hasMasterNCs: ${DOMAINDN}
+options: 1
+systemFlags: 33554432
+
+# Provides an account for DNS keytab export
+dn: CN=dns,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+servicePrincipalName: DNS/${DNSDOMAIN}
+userPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE
diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings
index cd9c07dfb5..6a5e18ef59 100755
--- a/source4/setup/pwsettings
+++ b/source4/setup/pwsettings
@@ -1,21 +1,32 @@
#!/usr/bin/python
#
-# Sets password settings (Password complexity, history length,
-# minimum password length, the minimum and maximum password age) on a
-# Samba4 server
+# Sets password settings (Password complexity, history length, minimum password
+# length, the minimum and maximum password age) on a Samba4 server
#
-# Copyright Jelmer Vernooij 2008
-# Copyright Matthias Dieter Wallnoefer 2009
-# Copyright Andrew Kroeger 2009
-# Released under the GNU GPL version 3 or later
+# Copyright Matthias Dieter Wallnoefer 2009
+# Copyright Andrew Kroeger 2009
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import os, sys
-sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
+import sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-import pwd
import ldb
from samba.auth import system_session
@@ -29,7 +40,6 @@ parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
parser.add_option("--quiet", help="Be quiet", action="store_true")
-parser.add_option("-H", help="LDB URL for database or target server", type=str)
parser.add_option("--complexity",
help="The password complexity (on | off | default). Default is 'on'", type=str)
parser.add_option("--history-length",
@@ -55,15 +65,9 @@ if len(args) == 0:
sys.exit(1)
lp = sambaopts.get_loadparm()
-
creds = credopts.get_credentials(lp)
-if opts.H is not None:
- url = opts.H
-else:
- url = lp.get("sam database")
-
-samdb = SamDB(url=url, session_info=system_session(),
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
domain_dn = SamDB.domain_dn(samdb)
@@ -79,13 +83,10 @@ try:
min_pwd_age = int(abs(int(res[0]["minPwdAge"][0])) / (1e7 * 60 * 60 * 24))
max_pwd_age = int(abs(int(res[0]["maxPwdAge"][0])) / (1e7 * 60 * 60 * 24))
except:
+ print "ERROR: Could not retrieve password properties!"
if args[0] == "show":
- print "ERROR: Password informations missing in your AD domain object!"
print "So no settings can be displayed!"
- sys.exit(1)
- else:
- print "ERROR: Could not retrieve password properties (used for password complexity setting)"
- sys.exit(1)
+ sys.exit(1)
if args[0] == "show":
message("Password informations for domain '" + domain_dn + "'")
diff --git a/source4/setup/setexpiry b/source4/setup/setexpiry
index db7cdd412f..6c6305ceaf 100755
--- a/source4/setup/setexpiry
+++ b/source4/setup/setexpiry
@@ -1,9 +1,23 @@
#!/usr/bin/python
#
-# Sets the password expiry for a user on a Samba4 server
-# Copyright Andrew Tridgell 2005
-# Copyright Jelmer Vernooij 2008
-# Released under the GNU GPL version 3 or later
+# Sets the user password expiry on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import sys
@@ -13,32 +27,38 @@ sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-from getpass import getpass
+
from samba.auth import system_session
+from samba.samdb import SamDB
-parser = optparse.OptionParser("setexpiry [options] <username>")
+parser = optparse.OptionParser("setexpiry [username] [options]")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
parser.add_option("--days", help="Days to expiry", type=int)
-parser.add_option("--noexpiry", help="Never expire", action="store_true")
+parser.add_option("--noexpiry", help="Password does never expire", action="store_true")
opts, args = parser.parse_args()
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+ print "Either the username or '--filter' must be specified!"
parser.print_usage()
sys.exit(1)
-username = args[0]
+days = opts.days
+if days is None:
+ days = 0
+
+if filter is None:
+ username = args[0]
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
-samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(),
- credentials=creds)
-days = opts.days
-if days is None:
- days = 0
-samdb.setexpiry(username, days*24*3600, opts.noexpiry)
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
+samdb.setexpiry(filter, days*24*3600, noexpiry=opts.noexpiry)
diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 513730d649..d8a2a1144a 100755
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -20,15 +20,14 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import os, sys
+import sys
# Find right directory when running from source tree
sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-import pwd
-import sys
+
from getpass import getpass
from samba.auth import system_session
from samba.samdb import SamDB
@@ -45,13 +44,6 @@ parser.add_option("--must-change-at-next-login", help="Force password to be chan
opts, args = parser.parse_args()
-#
-# print a message if quiet is not set
-#
-def message(text):
- if not opts.quiet:
- print text
-
filter = opts.filter
if (len(args) == 0) and (filter is None):
@@ -65,7 +57,7 @@ if password is None:
if filter is None:
username = args[0]
- filter = "(&(objectclass=user)(samAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
generated by cgit (git 2.34.1) at 2024-07-11 00:58:22 +0000