From cf52d62ec998ae30f4460e75817b0503894aff5d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 5 Apr 2005 07:03:31 +0000 Subject: r6207: - clean up source topdir - move provision stuff to setup/ - remove unused scripts metze (This used to be commit c35887ca649675f28ca986713a08082420418d74) --- source4/hklm.ldif | 32 - source4/provision.ldif | 1246 ------------------------------------- source4/provision.zone | 32 - source4/rootdse.ldif | 32 - source4/samba3_nmbd.patch | 178 ------ source4/script/addtosmbpass | 74 --- source4/script/convert_smbpasswd | 17 - source4/script/creategroup | 27 - source4/script/dcpromo.pl | 225 ------- source4/script/findsmb.in | 152 ----- source4/script/genstruct.pl | 298 --------- source4/script/mknissmbpasswd.sh | 31 - source4/script/mknissmbpwdtbl.sh | 42 -- source4/script/mksmbpasswd.sh | 6 - source4/script/newuser.pl | 145 ----- source4/script/provision.pl | 443 ------------- source4/script/rootdse.pl | 152 ----- source4/script/scancvslog.pl | 112 ---- source4/script/smbtar | 165 ----- source4/script/updatesmbpasswd.sh | 14 - source4/secrets.ldif | 30 - source4/setup/dcpromo.pl | 225 +++++++ source4/setup/hklm.ldif | 32 + source4/setup/newuser.pl | 145 +++++ source4/setup/provision.ldif | 1246 +++++++++++++++++++++++++++++++++++++ source4/setup/provision.pl | 443 +++++++++++++ source4/setup/provision.zone | 32 + source4/setup/rootdse.ldif | 32 + source4/setup/rootdse.pl | 152 +++++ source4/setup/secrets.ldif | 30 + 30 files changed, 2337 insertions(+), 3453 deletions(-) delete mode 100644 source4/hklm.ldif delete mode 100644 source4/provision.ldif delete mode 100644 source4/provision.zone delete mode 100644 source4/rootdse.ldif delete mode 100644 source4/samba3_nmbd.patch delete mode 100644 source4/script/addtosmbpass delete mode 100755 source4/script/convert_smbpasswd delete mode 100755 source4/script/creategroup delete mode 100755 source4/script/dcpromo.pl delete mode 100755 source4/script/findsmb.in delete mode 100755 source4/script/genstruct.pl delete mode 100755 source4/script/mknissmbpasswd.sh delete mode 100755 source4/script/mknissmbpwdtbl.sh delete mode 100644 source4/script/mksmbpasswd.sh delete mode 100755 source4/script/newuser.pl delete mode 100755 source4/script/provision.pl delete mode 100755 source4/script/rootdse.pl delete mode 100755 source4/script/scancvslog.pl delete mode 100644 source4/script/smbtar delete mode 100644 source4/script/updatesmbpasswd.sh delete mode 100644 source4/secrets.ldif create mode 100755 source4/setup/dcpromo.pl create mode 100644 source4/setup/hklm.ldif create mode 100755 source4/setup/newuser.pl create mode 100644 source4/setup/provision.ldif create mode 100755 source4/setup/provision.pl create mode 100644 source4/setup/provision.zone create mode 100644 source4/setup/rootdse.ldif create mode 100755 source4/setup/rootdse.pl create mode 100644 source4/setup/secrets.ldif diff --git a/source4/hklm.ldif b/source4/hklm.ldif deleted file mode 100644 index a4ab32e233..0000000000 --- a/source4/hklm.ldif +++ /dev/null @@ -1,32 +0,0 @@ -dn: @INDEXLIST -@IDXATTR: key - -dn: key=control,key=currentcontrolset,key=system,hive= -key: control - -dn: key=services,key=control,key=currentcontrolset,key=system,hive= -key: services - -dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive= -value: ProductType -data: LanmanNT -type: 1 - -dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive= -key: productoptions - -dn: key=system,hive= -key: system - -dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive= -key: netlogon - -dn: key=services,key=currentcontrolset,key=system,hive= -key: services - -dn: key=print,key=control,key=currentcontrolset,key=system,hive= -key: print - -dn: key=currentcontrolset,key=system,hive= -key: currentcontrolset - diff --git a/source4/provision.ldif b/source4/provision.ldif deleted file mode 100644 index f6cce3e285..0000000000 --- a/source4/provision.ldif +++ /dev/null @@ -1,1246 +0,0 @@ -dn: @INDEXLIST -@IDXATTR: name -@IDXATTR: sAMAccountName -@IDXATTR: objectSid -@IDXATTR: objectClass -@IDXATTR: member -@IDXATTR: unixID -@IDXATTR: unixName -@IDXATTR: privilege - -dn: @ATTRIBUTES -realm: CASE_INSENSITIVE -userPrincipalName: CASE_INSENSITIVE -servicePrincipalName: CASE_INSENSITIVE -cn: CASE_INSENSITIVE -dc: CASE_INSENSITIVE -name: CASE_INSENSITIVE WILDCARD -dn: CASE_INSENSITIVE WILDCARD -sAMAccountName: CASE_INSENSITIVE WILDCARD -objectClass: CASE_INSENSITIVE -unicodePwd: HIDDEN -ntPwdHash: HIDDEN -ntPwdHistory: HIDDEN -lmPwdHash: HIDDEN -lmPwdHistory: HIDDEN -createTimestamp: HIDDEN -modifyTimestamp: HIDDEN - -dn: @SUBCLASSES -top: domain -top: person -top: group -domain: domainDNS -domain: builtinDomain -person: organizationalPerson -organizationalPerson: user -user: computer -template: userTemplate -template: groupTemplate - -#Add modules to the list to activate them by default -#beware often order is important -dn: @MODULES -@LIST: samldb,timestamps - -############################### -# Domain Naming Context -############################### -dn: ${BASEDN} -objectClass: top -objectClass: domain -objectClass: domainDNS -name: ${DOMAIN} -realm: ${REALM} -dnsDomain: ${DNSDOMAIN} -dc: ${DOMAIN} -objectGUID: ${DOMAINGUID} -creationTime: ${NTTIME} -forceLogoff: 0x8000000000000000 -lockoutDuration: -18000000000 -lockOutObservationWindow: -18000000000 -lockoutThreshold: 0 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -maxPwdAge: -37108517437440 -minPwdAge: 0 -minPwdLength: 7 -modifiedCountAtLastProm: 0 -nextRid: 1001 -pwdProperties: 1 -pwdHistoryLength: 24 -objectSid: ${DOMAINSID} -serverState: 1 -nTMixedDomain: 1 -msDS-Behavior-Version: 0 -ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} -uASCompat: 1 -modifiedCount: 1 -objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -subRefs: CN=Configuration,${BASEDN} -subRefs: CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Users,${BASEDN} -objectClass: top -objectClass: container -cn: Users -description: Default container for upgraded user accounts -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: FALSE -name: Users -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Computers,${BASEDN} -objectClass: top -objectClass: container -cn: Computers -description: Default container for upgraded computer accounts -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: FALSE -name: Computers -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: OU=Domain Controllers,${BASEDN} -objectClass: top -objectClass: organizationalUnit -ou: Domain Controllers -description: Default container for domain controllers -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: FALSE -name: Domain Controllers -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=ForeignSecurityPrincipals,${BASEDN} -objectClass: top -objectClass: container -cn: ForeignSecurityPrincipals -description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: FALSE -name: ForeignSecurityPrincipals -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=System,${BASEDN} -objectClass: top -objectClass: container -cn: System -description: Builtin system settings -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: System -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=RID Manager$,CN=System,${BASEDN} -objectclass: top -objectclass: rIDManager -cn: RID Manager$ -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: RID Manager$ -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -rIDAvailablePool: 4611686014132423217 - -dn: CN=DomainUpdates,CN=System,${BASEDN} -objectClass: top -objectClass: container -cn: DomainUpdates -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: DomainUpdates -objectGUID: ${NEWGUID} -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} -objectClass: top -objectClass: container -cn: Windows2003Update -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: Windows2003Update -objectGUID: ${NEWGUID} -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -revision: 8 - -dn: CN=Infrastructure,${BASEDN} -objectclass: top -objectclass: infrastructureUpdate -cn: Infrastructure -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: Infrastructure -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} - -dn: CN=Builtin,${BASEDN} -objectClass: top -objectClass: builtinDomain -cn: Builtin -instanceType: 4 -showInAdvancedViewOnly: FALSE -name: Builtin -forceLogoff: 0x8000000000000000 -lockoutDuration: -18000000000 -lockOutObservationWindow: -18000000000 -lockoutThreshold: 0 -maxPwdAge: -37108517437440 -minPwdAge: 0 -minPwdLength: 0 -modifiedCountAtLastProm: 0 -nextRid: 1000 -pwdProperties: 0 -pwdHistoryLength: 0 -objectSid: S-1-5-32 -serverState: 1 -uASCompat: 1 -modifiedCount: 1 -objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Administrator,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: Administrator -description: Built-in account for administering the computer/domain -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} -memberOf: CN=Domain Admins,CN=Users,${BASEDN} -memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} -memberOf: CN=Schema Admins,CN=Users,${BASEDN} -memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 -name: Administrator -objectGUID: ${NEWGUID} -userAccountControl: 0x10200 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -objectSid: ${DOMAINSID}-500 -adminCount: 1 -accountExpires: -1 -logonCount: 0 -sAMAccountName: Administrator -sAMAccountType: 0x30000000 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unicodePwd: ${ADMINPASS} -unixName: root - -dn: CN=Guest,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: Guest -description: Built-in account for guest access to the computer/domain -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -memberOf: CN=Guests,CN=Builtin,${BASEDN} -uSNChanged: 1 -name: Guest -objectGUID: ${NEWGUID} -userAccountControl: 0x10222 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 514 -objectSid: ${DOMAINSID}-501 -accountExpires: -1 -logonCount: 0 -sAMAccountName: Guest -sAMAccountType: 0x30000000 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Administrators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Administrators -description: Administrators have complete and unrestricted access to the computer/domain -member: CN=Domain Admins,CN=Users,${BASEDN} -member: CN=Enterprise Admins,CN=Users,${BASEDN} -member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Administrators -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-544 -adminCount: 1 -sAMAccountName: Administrators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} -privilege: SeSecurityPrivilege -privilege: SeBackupPrivilege -privilege: SeRestorePrivilege -privilege: SeSystemtimePrivilege -privilege: SeShutdownPrivilege -privilege: SeRemoteShutdownPrivilege -privilege: SeTakeOwnershipPrivilege -privilege: SeDebugPrivilege -privilege: SeSystemEnvironmentPrivilege -privilege: SeSystemProfilePrivilege -privilege: SeProfileSingleProcessPrivilege -privilege: SeIncreaseBasePriorityPrivilege -privilege: SeLoadDriverPrivilege -privilege: SeCreatePagefilePrivilege -privilege: SeIncreaseQuotaPrivilege -privilege: SeChangeNotifyPrivilege -privilege: SeUndockPrivilege -privilege: SeManageVolumePrivilege -privilege: SeImpersonatePrivilege -privilege: SeCreateGlobalPrivilege -privilege: SeEnableDelegationPrivilege -privilege: SeInteractiveLogonRight -privilege: SeNetworkLogonRight -privilege: SeRemoteInteractiveLogonRight - - -dn: CN=Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Users -description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications -member: CN=Domain Users,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Users -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-545 -sAMAccountName: Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Guests,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Guests -description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted -member: CN=Domain Guests,CN=Users,${BASEDN} -member: CN=Guest,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Guests -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-546 -sAMAccountName: Guests -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${NOGROUP} - -dn: CN=Print Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Print Operators -description: Members can administer domain printers -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Print Operators -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-550 -adminCount: 1 -sAMAccountName: Print Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeLoadDriverPrivilege -privilege: SeShutdownPrivilege -privilege: SeInteractiveLogonRight - -dn: CN=Backup Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Backup Operators -description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Backup Operators -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-551 -adminCount: 1 -sAMAccountName: Backup Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeBackupPrivilege -privilege: SeRestorePrivilege -privilege: SeShutdownPrivilege -privilege: SeInteractiveLogonRight - -dn: CN=Replicator,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Replicator -description: Supports file replication in a domain -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Replicator -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-552 -adminCount: 1 -sAMAccountName: Replicator -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Remote Desktop Users -description: Members in this group are granted the right to logon remotely -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Remote Desktop Users -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-555 -sAMAccountName: Remote Desktop Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Network Configuration Operators -description: Members in this group can have some administrative privileges to manage configuration of networking features -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Network Configuration Operators -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-556 -sAMAccountName: Network Configuration Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Performance Monitor Users -description: Members of this group have remote access to monitor this computer -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Performance Monitor Users -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-558 -sAMAccountName: Performance Monitor Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Performance Log Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Performance Log Users -description: Members of this group have remote access to schedule logging of performance counters on this computer -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Performance Log Users -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-559 -sAMAccountName: Performance Log Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -objectClass: computer -cn: ${NETBIOSNAME} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: ${NETBIOSNAME} -objectGUID: ${HOSTGUID} -userAccountControl: 532480 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 127273269057298624 -localPolicyFlags: 0 -pwdLastSet: 127258826171655328 -primaryGroupID: 516 -objectSid: ${DOMAINSID}-1000 -accountExpires: 9223372036854775807 -logonCount: 30 -sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 -operatingSystem: Samba -operatingSystemVersion: 4.0 -dNSHostName: ${DNSNAME} -objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unicodePwd: ${JOINPASS} -servicePrincipalName: HOST/${DNSNAME} -servicePrincipalName: HOST/${NETBIOSNAME} -servicePrincipalName: CIFS/${DNSNAME} -servicePrincipalName: CIFS/${NETBIOSNAME} -servicePrincipalName: LDAP/${DNSNAME} -servicePrincipalName: LDAP/${NETBIOSNAME} - -dn: CN=krbtgt,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: krbtgt -description: Key Distribution Center Service Account -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: krbtgt -objectGUID: ${NEWGUID} -userAccountControl: 514 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 127258826179466560 -primaryGroupID: 513 -objectSid: ${DOMAINSID}-502 -adminCount: 1 -accountExpires: 9223372036854775807 -logonCount: 0 -sAMAccountName: krbtgt -sAMAccountType: 805306368 -servicePrincipalName: kadmin/changepw -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unicodePwd: ${RANDPASS} - -dn: CN=Domain Computers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Computers -description: All workstations and servers joined to the domain -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Domain Computers -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-515 -sAMAccountName: Domain Computers -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Domain Controllers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Controllers -description: All domain controllers in the domain -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Domain Controllers -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-516 -adminCount: 1 -sAMAccountName: Domain Controllers -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Schema Admins,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Schema Admins -description: Designated administrators of the schema -member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Schema Admins -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-518 -adminCount: 1 -sAMAccountName: Schema Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=Enterprise Admins,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Enterprise Admins -description: Designated administrators of the enterprise -member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 -name: Enterprise Admins -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-519 -adminCount: 1 -sAMAccountName: Enterprise Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=Cert Publishers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Cert Publishers -description: Members of this group are permitted to publish certificates to the Active Directory -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Cert Publishers -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-517 -sAMAccountName: Cert Publishers -sAMAccountType: 0x20000000 -groupType: 0x80000004 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Domain Admins,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Admins -description: Designated administrators of the domain -member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 -name: Domain Admins -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-512 -adminCount: 1 -sAMAccountName: Domain Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=Domain Users,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Users -description: All domain users -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -memberOf: CN=Users,CN=Builtin,${BASEDN} -uSNChanged: 1 -name: Domain Users -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-513 -sAMAccountName: Domain Users -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${USERS} - -dn: CN=Domain Guests,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Guests -description: All domain guests -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -memberOf: CN=Guests,CN=Builtin,${BASEDN} -uSNChanged: 1 -name: Domain Guests -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-514 -sAMAccountName: Domain Guests -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Group Policy Creator Owners -description: Members in this group can modify group policy for the domain -member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Group Policy Creator Owners -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-520 -sAMAccountName: Group Policy Creator Owners -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: RAS and IAS Servers -description: Servers in this group can access remote access properties of users -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: RAS and IAS Servers -objectGUID: ${NEWGUID} -objectSid: ${DOMAINSID}-553 -sAMAccountName: RAS and IAS Servers -sAMAccountType: 0x20000000 -groupType: 0x80000004 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Server Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Server Operators -description: Members can administer domain servers -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Server Operators -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-549 -adminCount: 1 -sAMAccountName: Server Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeBackupPrivilege -privilege: SeSystemtimePrivilege -privilege: SeRemoteShutdownPrivilege -privilege: SeRestorePrivilege -privilege: SeShutdownPrivilege -privilege: SeInteractiveLogonRight - -dn: CN=Account Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Account Operators -description: Members can administer domain user and group accounts -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -name: Account Operators -objectGUID: ${NEWGUID} -objectSid: S-1-5-32-548 -adminCount: 1 -sAMAccountName: Account Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeInteractiveLogonRight - -dn: CN=Templates,${BASEDN} -objectClass: top -objectClass: container -cn: Templates -description: Container for SAM account templates -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: Templates -objectGUID: ${NEWGUID} -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -### -# note! the template users must not match normal searches. Be careful -# with what classes you put them in -### - -dn: CN=TemplateUser,CN=Templates,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: Template -objectClass: userTemplate -cn: TemplateUser -name: TemplateUser -instanceType: 4 -userAccountControl: 0x202 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000000 - -dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateMemberServer -name: TemplateMemberServer -instanceType: 4 -userAccountControl: 0x1002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 - -dn: CN=TemplateDomainController,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateDomainController -name: TemplateDomainController -instanceType: 4 -userAccountControl: 0x2002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 - -dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateTrustingDomain -name: TemplateTrustingDomain -instanceType: 4 -userAccountControl: 0x820 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000002 - -dn: CN=TemplateGroup,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: groupTemplate -cn: TemplateGroup -name: TemplateGroup -instanceType: 4 -groupType: 0x80000002 -sAMAccountType: 0x10000000 - -dn: CN=TemplateAlias,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: aliasTemplate -cn: TemplateAlias -name: TemplateAlias -instanceType: 4 -groupType: 0x80000004 -sAMAccountType: 0x10000000 - -dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: foreignSecurityPrincipalTemplate -cn: TemplateForeignSecurityPrincipal -name: TemplateForeignSecurityPrincipal - -dn: CN=TemplateSecret,CN=Templates,${BASEDN} -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: secretTemplate -cn: TemplateSecret -name: TemplateSecret -instanceType: 4 - -dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: trustedDomainTemplate -cn: TemplateTrustedDomain -name: TemplateTrustedDomain -instanceType: 4 - -############################### -# Configuration Naming Context -############################### -dn: CN=Configuration,${BASEDN} -objectClass: top -objectClass: configuration -cn: Configuration -instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Configuration -objectGUID: ${NEWGUID} -objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} -subRefs: CN=Schema,CN=Configuration,${BASEDN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} - -dn: CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRefContainer -cn: Partitions -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Partitions -objectGUID: ${NEWGUID} -systemFlags: 0x80000000 -objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} -msDS-Behavior-Version: 0 -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} - -dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRef -cn: Enterprise Configuration -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Enterprise Configuration -objectGUID: ${NEWGUID} -systemFlags: 0x00000001 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: CN=Configuration,${BASEDN} -dnsRoot: ${DNSDOMAIN} - -dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRef -cn: Enterprise Schema -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Enterprise Schema -objectGUID: ${NEWGUID} -systemFlags: 0x00000001 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: CN=Schema,CN=Configuration,${BASEDN} -dnsRoot: ${DNSDOMAIN} - -dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRef -cn: ${DOMAIN} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: ${DOMAIN} -objectGUID: ${NEWGUID} -systemFlags: 0x00000003 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: ${BASEDN} -nETBIOSName: ${DOMAIN} -dnsRoot: ${DNSDOMAIN} - -dn: CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: sitesContainer -cn: Sites -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Sites -objectGUID: ${NEWGUID} -systemFlags: 0x82000000 -objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: site -cn: Sites -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Sites -objectGUID: ${NEWGUID} -systemFlags: 0x82000000 -objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: serversContainer -cn: Servers -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Servers -objectGUID: ${NEWGUID} -systemFlags: 0x82000000 -objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: server -cn: ${NETBIOSNAME} -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: ${NETBIOSNAME} -objectGUID: ${NEWGUID} -systemFlags: 0x52000000 -objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} -dNSHostName: ${DNSNAME} -serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} - -dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: applicationSettings -objectClass: nTDSDSA -cn: NTDS Settings -instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: NTDS Settings -systemFlags: 0x02000000 -objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} -dMDLocation: CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} -invocationId: ${INVOCATIONID} -msDS-Behavior-Version: 2 - -############################### -# Schema Naming Context -############################### -dn: CN=Schema,CN=Configuration,${BASEDN} -objectClass: top -objectClass: dMD -cn: Schema -instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -uSNCreated: ${USN} -uSNChanged: ${USN} -showInAdvancedViewOnly: TRUE -name: Schema -objectGUID: ${NEWGUID} -objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectVersion: 30 diff --git a/source4/provision.zone b/source4/provision.zone deleted file mode 100644 index c0b941c822..0000000000 --- a/source4/provision.zone +++ /dev/null @@ -1,32 +0,0 @@ -; generate by provision.pl -$ORIGIN ${DNSDOMAIN} -$TTL 1W -@ IN SOA @ hostmaster ( - 42 ; serial (d. adams) - 2D ; refresh - 4H ; retry - 6W ; expiry - 1W ) ; minimum - IN NS ${HOSTNAME} - IN A ${HOSTIP} -; -${HOSTNAME} IN A ${HOSTIP} -${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} -; -; global catalog servers -_gc._tcp IN SRV 0 100 3268 ${HOSTNAME} -_ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} -; -; ldap servers -_ldap._tcp IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} -_ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} -; -; krb5 servers -_kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} -_kerberos._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} -_kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} -_kerberos._udp IN SRV 0 100 88 ${HOSTNAME} diff --git a/source4/rootdse.ldif b/source4/rootdse.ldif deleted file mode 100644 index 534249859a..0000000000 --- a/source4/rootdse.ldif +++ /dev/null @@ -1,32 +0,0 @@ -dn: @INDEXLIST - -dn: @ATTRIBUTES -createTimestamp: HIDDEN -modifyTimestamp: HIDDEN - -dn: @SUBCLASSES - -dn: @MODULES -@MODULE: timestamps - -dn: cn=rootDSE -currentTime: _DYNAMIC_ -subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} -namingContexts: ${BASEDN} -namingContexts: CN=Configuration,${BASEDN} -namingContexts: CN=Schema,CN=Configuration,${BASEDN} -defaultNamingContext: ${BASEDN} -rootDomainNamingContext: ${BASEDN} -configurationNamingContext: CN=Configuration,${BASEDN} -schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} -supportedLDAPVersion: 3 -highestCommittedUSN: _DYNAMIC_ -supportedSASLMechanisms: GSS-SPNEGO -dnsHostName: ${DNSNAME} -ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${DNSDOMAIN} -serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} -isSynchronized: _DYNAMIC_ -domainFunctionality: 0 -forestFunctionality: 0 -domainControllerFunctionality: 2 diff --git a/source4/samba3_nmbd.patch b/source4/samba3_nmbd.patch deleted file mode 100644 index 772a0f917e..0000000000 --- a/source4/samba3_nmbd.patch +++ /dev/null @@ -1,178 +0,0 @@ -This is a extremely rough patch that 'fixes' Samba3 nmbd to allow a -join from a WinXP client to a Samba4 server. Note that it hard-codes -the domain GUID. Please only use for testing Samba4 - do not apply -this to Samba3 svn. - - -Index: nmbd/nmbd_processlogon.c -=================================================================== ---- nmbd/nmbd_processlogon.c (revision 4247) -+++ nmbd/nmbd_processlogon.c (working copy) -@@ -58,10 +58,37 @@ - tdb_close(tdb); - } - -+ -+int push_components(unsigned char *q, const char *s) -+{ -+ char *p; -+ int l, len = 0; -+ -+ if (*s == 0) { -+ q[0] = 0; -+ return 1; -+ } -+ -+ while ((p = strchr(s, '.'))) { -+ l = (p-s); -+ q[0] = l; -+ memcpy(q+1, s, l); -+ s += l + 1; -+ q += l+1; -+ len += l+1; -+ } -+ -+ l = strlen(s); -+ q[0] = l; -+ memcpy(q+1, s, l+1); -+ len += strlen(s)+2; -+ -+ return len; -+} -+ - /**************************************************************************** - Process a domain logon packet - **************************************************************************/ -- - void process_logon_packet(struct packet_struct *p, char *buf,int len, - const char *mailslot) - { -@@ -393,6 +420,8 @@ - - get_mydnsdomname(domain); - get_myname(hostname); -+ -+ pstrcpy(domain, "bludom.tridgell.net"); - - if (SVAL(uniuser, 0) == 0) { - SIVAL(q, 0, SAMLOGON_AD_UNK_R); /* user unknown */ -@@ -403,6 +432,9 @@ - - SIVAL(q, 0, ADS_PDC|ADS_GC|ADS_LDAP|ADS_DS| - ADS_KDC|ADS_TIMESERV|ADS_CLOSEST|ADS_WRITABLE); -+ SIVAL(q, 0, 0x3fd); -+ SIVAL(q, 0, ADS_PDC|ADS_DS| -+ ADS_TIMESERV|ADS_CLOSEST|ADS_WRITABLE); - q += 4; - - /* Push Domain GUID */ -@@ -411,80 +443,34 @@ - return; - } - -+ smb_string_to_uuid("b0eac516-4a33-8675-4127-6bf058911234", &domain_guid); -+ -+ dump_data(0, domain_guid.node, 6); -+ - smb_uuid_pack(domain_guid, &flat_guid); - memcpy(q, &flat_guid.info, UUID_FLAT_SIZE); -- q += UUID_FLAT_SIZE; - -- /* Forest */ -- str_offset = q - q_orig; -- dc = domain; -- q1 = q; -- while ((component = strtok(dc, "."))) { -- dc = NULL; -- size = push_ascii(&q[1], component, -1, 0); -- SCVAL(q, 0, size); -- q += (size + 1); -- } -+ dump_data(0, q, 16); - -- /* Unk0 */ -- SCVAL(q, 0, 0); -- q++; -+ q += UUID_FLAT_SIZE; - -- /* Domain */ -- SCVAL(q, 0, 0xc0 | ((str_offset >> 8) & 0x3F)); -- SCVAL(q, 1, str_offset & 0xFF); -- q += 2; -+ const char *dnsname = "192.168.115.1"; - -- /* Hostname */ -- size = push_ascii(&q[1], hostname, -1, 0); -- SCVAL(q, 0, size); -- q += (size + 1); -- SCVAL(q, 0, 0xc0 | ((str_offset >> 8) & 0x3F)); -- SCVAL(q, 1, str_offset & 0xFF); -- q += 2; -- -- /* NETBIOS of domain */ -- size = push_ascii(&q[1], lp_workgroup(), -1, STR_UPPER); -- SCVAL(q, 0, size); -- q += (size + 1); -- -- /* Unk1 */ -- SCVAL(q, 0, 0); -- q++; -- -- /* NETBIOS of hostname */ -- size = push_ascii(&q[1], my_name, -1, 0); -- SCVAL(q, 0, size); -- q += (size + 1); -- -- /* Unk2 */ -- SCVAL(q, 0, 0); -- q++; -- -- /* User name */ -- if (SVAL(uniuser, 0) != 0) { -- size = push_ascii(&q[1], ascuser, -1, 0); -- SCVAL(q, 0, size); -- q += (size + 1); -+ q += push_components(q, domain); -+ q += push_components(q, domain); -+ q += push_components(q, dnsname); -+ q += push_components(q, lp_workgroup()); -+ q += push_components(q, my_name); -+ q += push_components(q, ""); -+ if (SVAL(uniuser, 0)) { -+ q += push_components(q, ascuser); - } -+ q += push_components(q, "Default-First-Site-Name"); -+ q += push_components(q, "Default-First-Site-Name"); - -- q_orig = q; -- /* Site name */ -- size = push_ascii(&q[1], "Default-First-Site-Name", -1, 0); -- SCVAL(q, 0, size); -- q += (size + 1); -- -- /* Site name (2) */ -- str_offset = q - q_orig; -- SCVAL(q, 0, 0xc0 | ((str_offset >> 8) & 0x3F)); -- SCVAL(q, 1, str_offset & 0xFF); -- q += 2; -- -- SCVAL(q, 0, PTR_DIFF(q,q1)); -- SCVAL(q, 1, 0x10); /* unknown */ -- -- SIVAL(q, 0, 0x00000002); -- q += 4; /* unknown */ -+ SCVAL(q, 0, 0x10); /* unknown */ -+ SIVAL(q, 1, 0x00000002); -+ q += 5; - SIVAL(q, 0, (iface_ip(p->ip))->s_addr); - q += 4; - SIVAL(q, 0, 0x00000000); -@@ -495,7 +481,7 @@ - #endif - - /* tell the client what version we are */ -- SIVAL(q, 0, ((ntversion < 11) || (SEC_ADS != lp_security())) ? 1 : 13); -+ SIVAL(q, 0, 13); - /* our ntversion */ - SSVAL(q, 4, 0xffff); /* our lmnttoken */ - SSVAL(q, 6, 0xffff); /* our lm20token */ diff --git a/source4/script/addtosmbpass b/source4/script/addtosmbpass deleted file mode 100644 index bc82851c52..0000000000 --- a/source4/script/addtosmbpass +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/awk -f -# edit the line above to point to your real location of awk interpreter - -# awk program for adding new entries in smbpasswd files -# arguments are account names to add; feed it an existent Samba password -# file on stdin, results will be written on stdout -# -# Michal Jaegermann, michal@ellpspace.math.ualberta.ca, 1995-11-09 - -BEGIN { - me = "addtosmbpass"; - count = ARGC; - FS = ":"; - - if (count == 1) { - print "Usage:", me, - "name1 [name2 ....] < smbpasswd.in > smbpasswd.out"; - ARGV[1] = "/dev/null"; - ARGC = 2; - exit; - } - - for(i = 1; i < count; i++) { - names[ARGV[i]] = " "; - delete ARGV[i]; - } -# sane awk should work simply with 'ARGC = 1', but not every awk -# implementation is sane - big sigh!! - ARGV[1] = "-"; - ARGC = 2; -# -# If you have ypmatch but is not RPC registered (some Linux systems -# for example) comment out the next line. -# "which ypmatch" | getline ypmatch; - if (1 != match(ypmatch, /^\//)) { - ypmatch = ""; - } - pwdf = "/etc/passwd"; -} -#check for names already present in input -{ - print $0; - for(name in names) { - if($1 == name) { - delete names[name]; - } - } -} -END { - fmt = "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:"; - fmt = fmt "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s:\n"; - for(name in names) { - while ((getline < pwdf) > 0) { - if ($1 == name) { - printf(fmt, $1, $3, $5); - close(pwdf); - notfound = ""; - break; - } - notfound = "n"; - } - $0 = ""; - if (notfound && ypmatch) { -# try to find in NIS databases - command = ypmatch " " name " passwd"; - command | getline; - if (NF > 0) { - printf(fmt, $1, $3, $5); - } - close(command); - } - } -} - diff --git a/source4/script/convert_smbpasswd b/source4/script/convert_smbpasswd deleted file mode 100755 index edb775d3a6..0000000000 --- a/source4/script/convert_smbpasswd +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# -# Convert a Samba 1.9.18 smbpasswd file format into -# a Samba 2.0 smbpasswd file format. -# Read from stdin and write to stdout for simplicity. -# Set the last change time to 0x363F96AD to avoid problems -# with trying to work out how to get the seconds since 1970 -# in awk or the shell. JRA. -# -nawk 'BEGIN {FS=":"} -{ - if( $0 ~ "^#" ) { - print $0 - } else { - printf( "%s:%s:%s:%s:[U ]:LCT-363F96AD:\n", $1, $2, $3, $4); - } -}' diff --git a/source4/script/creategroup b/source4/script/creategroup deleted file mode 100755 index 01fb065944..0000000000 --- a/source4/script/creategroup +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -# Example script for 'add group command'. Handle weird NT group -# names. First attempt to create the group directly, if that fails -# then create a random group and print the numeric group id. -# -# Note that this is only an example and assumes /dev/urandom. -# -# Volker - -GROUPNAME="$1" -ITERS=0 - -while ! /usr/sbin/groupadd "$GROUPNAME" > /dev/null 2>&1 -do - # we had difficulties creating that group. Maybe the name was - # too weird, or it already existed. Create a random name. - GROUPNAME=nt-$(dd if=/dev/urandom bs=16 count=1 2>/dev/null | md5sum | cut -b 1-5) - ITERS=$(expr "$ITERS" + 1) - if [ "$ITERS" -gt 10 ] - then - # Too many attempts - exit 1 - fi -done - -getent group | grep ^"$GROUPNAME": | cut -d : -f 3 diff --git a/source4/script/dcpromo.pl b/source4/script/dcpromo.pl deleted file mode 100755 index 56461ae825..0000000000 --- a/source4/script/dcpromo.pl +++ /dev/null @@ -1,225 +0,0 @@ -#!/usr/bin/perl -w - -################################################### -# package to generate samba ads configuration -# Copyright metze@samba.org 2004 - -# released under the GNU GPL - -use strict; -use Data::Dumper; - -sub print_options($$) { - my $ads = shift; - my $ctx = shift; - my @arr; - my $i; - my $len; - - print "options:\n"; - - @arr = @{$ctx}; - $len = $#arr; - for($i = 0; $i <= $len; $i++) { - my $val = $ctx->[$i]; - print "\t".$i.": ".$val->{TEXT}."\n"; - } - - print "choise []:"; -} - -sub read_option($$) { - my $ads = shift; - my $ctx = shift; - my $val; - - $val = ; - - return $val; -} - -sub call_option($$$) { - my $ads = shift; - my $ctx = shift; - my $switch = shift; - my $val; - my $funcref; - - $val = $ctx->[$switch]; - - $funcref = $val->{ACTION}; - - &$funcref($ads); -} - -sub ask_option($$) { - my $ads = shift; - my $ctx = shift; - my $ret; - - print_options($ads, $ctx); - - $ret = read_option($ads, $ctx); - - call_option($ads, $ctx, $ret); -} - -sub create_ads_tree($) { - my $ads = shift; - - print "Create ADS Domain:\n"; - print Dumper($ads); -} - -sub do_new_domain_in_entire_structure($) { - my $ads; - my $domain_dns; - my $domain_netbios; - - $ads->{NEW_DOMAIN} = 1; - $ads->{NEW_FOREST} = 1; - - print "full dns name of the new domain []:"; - $domain_dns = ; - chomp $domain_dns; - $ads->{FULL_DNS_NAME} = $domain_dns; - - print "netbios name of the new domain []:"; - $domain_netbios = ; - chomp $domain_netbios; - $ads->{NETBIOS} = $domain_netbios; - - create_ads_tree($ads); -} - -sub do_sub_domain_in_existing_structure($) { - my $ads = shift; - my $user_name; - my $user_domain; - my $user_password; - my $top_dns; - my $domain_dns; - my $domain_netbios; - my $db_folder; - my $db_logs; - my $sysvol_folder; - my $admin_password1; - my $admin_password2; - - $ads->{NEW_DOMAIN} = 1; - $ads->{NEW_FOREST} = 0; - - print "User Name []:"; - $user_name = ; - chomp $user_name; - $ads->{USER}{NAME} = $user_name; - - print "User Domain []:"; - $user_domain = ; - chomp $user_domain; - $ads->{USER}{DOMAIN} = $user_domain; - - print "User Password []:"; - $user_password = ; - chomp $user_password; - $ads->{USER}{PASSWORD} = $user_password; - - print "full dns name of the top domain []:"; - $top_dns = ; - chomp $top_dns; - $ads->{TOP_DNS_NAME} = $top_dns; - - print "suffix of the new domain []:"; - $domain_dns = ; - chomp $domain_dns; - $ads->{FULL_DNS_NAME} = $domain_dns.".".$top_dns; - - print "netbios name of the new domain []:"; - $domain_netbios = ; - chomp $domain_netbios; - $ads->{NETBIOS} = $domain_netbios; - - print "folder for database files []:"; - $db_folder = ; - chomp $db_folder; - $ads->{DB_FOLDER} = $db_folder; - - print "folder for database logs []:"; - $db_logs = ; - chomp $db_logs; - $ads->{DB_LOGS} = $db_logs; - - print "folder for SYSVOL []:"; - $sysvol_folder = ; - chomp $sysvol_folder; - $ads->{SYSVOL_FOLDER} = $sysvol_folder; - - # - # test DNS here - # - - # - # test mixed/native here - # - - print "Administrator password []:"; - $admin_password1 = ; - chomp $admin_password1; - print "retype Administrator password []:"; - $admin_password2 = ; - chomp $admin_password2; - if ($admin_password1 eq $admin_password2) { - $ads->{ADMIN_PASSWORD} = $admin_password1; - } else { - $ads->{ADMIN_PASSWORD} = ""; - } - - create_ads_tree($ads); -} - -sub do_sub_structure_in_global_structure($) { - print "go on with do_sub_structure_in_global_structure\n"; -} - -sub do_new_domain($) { - my $ads = shift; - my $ctx; - - $ctx->[0]{TEXT} = "new domain in entire structure"; - $ctx->[0]{ACTION} = \&do_new_domain_in_entire_structure; - - $ctx->[1]{TEXT} = "sub domain in existing structure"; - $ctx->[1]{ACTION} = \&do_sub_domain_in_existing_structure; - - $ctx->[2]{TEXT} = "sub structure in global structure"; - $ctx->[2]{ACTION} = \&do_sub_structure_in_global_structure; - - ask_option($ads ,$ctx); -} - -sub do_existing_domain($) { - print "go on with do existing domain\n"; -} - -sub ask_new_or_exist_domain($) { - my $ads = shift; - my $ctx; - - $ctx->[0]{TEXT} = "new domain"; - $ctx->[0]{ACTION} = \&do_new_domain; - - $ctx->[1]{TEXT} = "existing domain"; - $ctx->[1]{ACTION} = \&do_existing_domain; - - ask_option($ads, $ctx); -} - -sub main { - my $ads; - - $ads->{ADS_TREE} = 1; - - ask_new_or_exist_domain($ads); -} - -main(); diff --git a/source4/script/findsmb.in b/source4/script/findsmb.in deleted file mode 100755 index 6276bd3f39..0000000000 --- a/source4/script/findsmb.in +++ /dev/null @@ -1,152 +0,0 @@ -#!@PERL@ -# -# Prints info on all smb responding machines on a subnet. -# This script needs to be run on a machine without nmbd running and be -# run as root to get correct info from WIN95 clients. -# -# syntax: -# findsmb [-d|-D] [-r] [subnet broadcast address] -# -# with no agrument it will list machines on the current subnet -# -# There will be a "+" in front of the workgroup name for machines that are -# local master browsers for that workgroup. There will be an "*" in front -# of the workgroup name for machines that are the domain master browser for -# that workgroup. -# -# Options: -# -# -d|-D enable debug -# -r add -r option to nmblookup when finding netbios name -# - -$SAMBABIN = "@prefix@/bin"; - -for ($i = 0; $i < 2; $i++) { # test for -d and -r options - $_ = shift; - if (m/-d|-D/) { - $DEBUG = 1; - } elsif (m/-r/) { - $R_OPTION = "-r"; - } -} - -if ($_) { # set broadcast address if it was specified - $BCAST = "-B $_"; -} - -sub ipsort # do numeric sort on last field of IP address -{ - @t1 = split(/\./,$a); - @t2 = split(/\./,$b); - @t1[3] <=> @t2[3]; -} - -# look for all machines that respond to a name lookup - -open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || - die("Can't run nmblookup '*'.\n"); - -# get rid of all lines that are not a response IP address, -# strip everything but IP address and sort by last field in address - -@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); - -# print header info - -print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; -print "---------------------------------------------------------------------\n"; - -foreach $ip (@ipaddrs) # loop through each IP address found -{ - $ip =~ s/\n//; # strip newline from IP address - -# find the netbios names registered by each machine - - open(NMBLOOKUP,"$SAMBABIN/nmblookup $R_OPTION -A $ip|") || - die("Can't get nmb name list.\n"); - @nmblookup = ; - close NMBLOOKUP; - -# get the first <00> name - - @name = grep(/<00>/,@nmblookup); - $_ = @name[0]; - if ($_) { # we have a netbios name - if (/GROUP/) { # is it a group name - ($name, $aliases, $type, $length, @addresses) = - gethostbyaddr(pack('C4',split('\.',$ip)),2); - if (! $name) { # could not get name - $name = "unknown nis name"; - } - } else { -# The Netbios name can contain lot of characters also '<' '>' -# and spaces. The follwing cure inside name space but not -# names starting or ending with spaces - /(.{1,15})\s+<00>\s+/; - $name = $1; - } - -# do an smbclient command on the netbios name. - - open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || - die("Can't do smbclient command.\n"); - @smb = ; - close SMB; - - if ($DEBUG) { # if -d flag print results of nmblookup and smbclient - print "===============================================================\n"; - print @nmblookup; - print @smb; - } - -# look for the OS= string - - @info = grep(/OS=/,@smb); - $_ = @info[0]; - if ($_) { # we found response - s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter - - } else { # no OS= string in response (WIN95 client) - -# for WIN95 clients get workgroup name from nmblookup response - @name = grep(/<00> - /,@nmblookup); - $_ = @name[0]; - if ($_) { -# Same as before for space and characters - /(.{1,15})\s+<00>\s+/; - $_ = "[$1]"; - } else { - $_ = "Unknown Workgroup"; - } - } - -# see if machine registered a local master browser name - if (grep(/<1d>/,@nmblookup)) { - $master = '+'; # indicate local master browser - if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? - $master = '*'; # indicate domain master browser - } - } else { - $master = ' '; # not a browse master - } - -# line up info in 3 columns - - print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; - - } else { # no netbios name found -# try getting the host name - ($name, $aliases, $type, $length, @addresses) = - gethostbyaddr(pack('C4',split('\.',$ip)),2); - if (! $name) { # could not get name - $name = "unknown nis name"; - } - if ($DEBUG) { # if -d flag print results of nmblookup - print "===============================================================\n"; - print @nmblookup; - } - print "$ip".' 'x(16-length($ip))."$name\n"; - } -} - diff --git a/source4/script/genstruct.pl b/source4/script/genstruct.pl deleted file mode 100755 index 081b81f510..0000000000 --- a/source4/script/genstruct.pl +++ /dev/null @@ -1,298 +0,0 @@ -#!/usr/bin/perl -w -# a simple system for generating C parse info -# this can be used to write generic C structer load/save routines -# Copyright 2002 Andrew Tridgell -# released under the GNU General Public License v2 or later - -use strict; - -my(%enum_done) = (); -my(%struct_done) = (); - -################################################### -# general handler -sub handle_general($$$$$$$$) -{ - my($name) = shift; - my($ptr_count) = shift; - my($size) = shift; - my($element) = shift; - my($flags) = shift; - my($dump_fn) = shift; - my($parse_fn) = shift; - my($tflags) = shift; - my($array_len) = 0; - my($dynamic_len) = "NULL"; - - # handle arrays, currently treat multidimensional arrays as 1 dimensional - while ($element =~ /(.*)\[(.*?)\]$/) { - $element = $1; - if ($array_len == 0) { - $array_len = $2; - } else { - $array_len = "$2 * $array_len"; - } - } - - if ($flags =~ /_LEN\((\w*?)\)/) { - $dynamic_len = "\"$1\""; - } - - if ($flags =~ /_NULLTERM/) { - $tflags = "FLAG_NULLTERM"; - } - - print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n"; -} - - -#################################################### -# parse one element -sub parse_one($$$$) -{ - my($name) = shift; - my($type) = shift; - my($element) = shift; - my($flags) = shift; - my($ptr_count) = 0; - my($size) = "sizeof($type)"; - my($tflags) = "0"; - - # enums get the FLAG_ALWAYS flag - if ($type =~ /^enum /) { - $tflags = "FLAG_ALWAYS"; - } - - - # make the pointer part of the base type - while ($element =~ /^\*(.*)/) { - $ptr_count++; - $element = $1; - } - - # convert spaces to _ - $type =~ s/ /_/g; - - my($dump_fn) = "gen_dump_$type"; - my($parse_fn) = "gen_parse_$type"; - - handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags); -} - -#################################################### -# parse one element -sub parse_element($$$) -{ - my($name) = shift; - my($element) = shift; - my($flags) = shift; - my($type); - my($data); - - # pull the base type - if ($element =~ /^struct (\S*) (.*)/) { - $type = "struct $1"; - $data = $2; - } elsif ($element =~ /^enum (\S*) (.*)/) { - $type = "enum $1"; - $data = $2; - } elsif ($element =~ /^unsigned (\S*) (.*)/) { - $type = "unsigned $1"; - $data = $2; - } elsif ($element =~ /^(\S*) (.*)/) { - $type = $1; - $data = $2; - } else { - die "Can't parse element '$element'"; - } - - # handle comma separated lists - while ($data =~ /(\S*),[\s]?(.*)/) { - parse_one($name, $type, $1, $flags); - $data = $2; - } - parse_one($name, $type, $data, $flags); -} - - -my($first_struct) = 1; - -#################################################### -# parse the elements of one structure -sub parse_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_struct) { - $first_struct = 0; - print "Parsing structs: $name"; - } else { - print ", $name"; - } - - print OFILE "int gen_dump_struct_$name(struct parse_string *, const char *, unsigned);\n"; - print OFILE "int gen_parse_struct_$name(char *, const char *);\n"; - - print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n"; - - while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?\$(.*)/msi) { - my($element) = $1; - my($flags) = $2; - $elements = $3; - parse_element($name, $element, $flags); - } - - print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n"; - - print OFILE " -int gen_dump_struct_$name(struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_struct(pinfo_$name, p, ptr, indent); -} -int gen_parse_struct_$name(char *ptr, const char *str) { - return gen_parse_struct(pinfo_$name, ptr, str); -} - -"; -} - -my($first_enum) = 1; - -#################################################### -# parse out the enum declarations -sub parse_enum_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_enum) { - $first_enum = 0; - print "Parsing enums: $name"; - } else { - print ", $name"; - } - - print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n"; - - my(@enums) = split(/,/s, $elements); - for (my($i)=0; $i <= $#{@enums}; $i++) { - my($enum) = $enums[$i]; - if ($enum =~ /\s*(\w*)/) { - my($e) = $1; - print OFILE "{\"$e\", $e},\n"; - } - } - - print OFILE "{NULL, 0}};\n"; - - print OFILE " -int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_enum(einfo_$name, p, ptr, indent); -} - -int gen_parse_enum_$name(char *ptr, const char *str) { - return gen_parse_enum(einfo_$name, ptr, str); -} - -"; -} - -#################################################### -# parse out the enum declarations -sub parse_enums($) -{ - my($data) = shift; - - while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - - if (!defined($enum_done{$name})) { - $enum_done{$name} = 1; - parse_enum_elements($name, $elements); - } - } - - if (! $first_enum) { - print "\n"; - } -} - -#################################################### -# parse all the structures -sub parse_structs($) -{ - my($data) = shift; - - # parse into structures - while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - if (!defined($struct_done{$name})) { - $struct_done{$name} = 1; - parse_elements($name, $elements); - } - } - - if (! $first_struct) { - print "\n"; - } else { - print "No GENSTRUCT structures found?\n"; - } -} - - -#################################################### -# parse a header file, generating a dumper structure -sub parse_data($) -{ - my($data) = shift; - - # collapse spaces - $data =~ s/[\t ]+/ /sg; - $data =~ s/\s*\n\s+/\n/sg; - # strip debug lines - $data =~ s/^\#.*?\n//smg; - - parse_enums($data); - parse_structs($data); -} - - -######################################### -# display help text -sub ShowHelp() -{ - print " -generator for C structure dumpers -Copyright Andrew Tridgell - -Sample usage: - genstruct -o output.h gcc -E -O2 -g test.h - -Options: - --help this help page - -o OUTPUT place output in OUTPUT -"; - exit(0); -} - -######################################## -# main program -if ($ARGV[0] ne "-o" || $#ARGV < 2) { - ShowHelp(); -} - -shift; -my($opt_ofile)=shift; - -print "creating $opt_ofile\n"; - -open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile"; - -print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n"; - -parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`); -exit(0); diff --git a/source4/script/mknissmbpasswd.sh b/source4/script/mknissmbpasswd.sh deleted file mode 100755 index a94c963bdc..0000000000 --- a/source4/script/mknissmbpasswd.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 1998 Benny Holmgren -# -# Script to import smbpasswd file into the smbpasswd NIS+ table. Reads -# from stdin the smbpasswd file. -# -while true -do - read row - if [ -z "$row" ] - then - break - fi - - if [ "`echo $row | cut -c1`" = "#" ] - then - continue - fi - - nistbladm -a \ - name=\"`echo $row | cut -d: -f1`\" \ - uid=\"`echo $row | cut -d: -f2`\" \ - lmpwd=\"`echo $row | cut -d: -f3`\" \ - ntpwd=\"`echo $row | cut -d: -f4`\" \ - acb=\"`echo $row | cut -d: -f5`\" \ - pwdlset_t=\"`echo $row | cut -d: -f6`\" \ - gcos=\"`echo $row | cut -d: -f7`\" \ - home=\"`echo $row | cut -d: -f8`\" \ - shell=\"`echo $row | cut -d: -f9`\" smbpasswd.org_dir.`nisdefaults -d` -done diff --git a/source4/script/mknissmbpwdtbl.sh b/source4/script/mknissmbpwdtbl.sh deleted file mode 100755 index a9b34ff9a7..0000000000 --- a/source4/script/mknissmbpwdtbl.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 1998 Benny Holmgren -# -# Creates smbpasswd table and smb group in NIS+ -# - -nistbladm \ - -D access=og=rmcd,nw= -c \ - -s : smbpasswd_tbl \ - name=S,nogw=r \ - uid=S,nogw=r \ - user_rid=S,nogw=r \ - smb_grpid=,nw+r \ - group_rid=,nw+r \ - acb=,nw+r \ - \ - lmpwd=C,nw=,g=r,o=rm \ - ntpwd=C,nw=,g=r,o=rm \ - \ - logon_t=,nw+r \ - logoff_t=,nw+r \ - kick_t=,nw+r \ - pwdlset_t=,nw+r \ - pwdlchg_t=,nw+r \ - pwdmchg_t=,nw+r \ - \ - full_name=,nw+r \ - home_dir=,nw+r \ - dir_drive=,nw+r \ - logon_script=,nw+r \ - profile_path=,nw+r \ - acct_desc=,nw+r \ - workstations=,nw+r \ - \ - hours=,nw+r \ - smbpasswd.org_dir.`nisdefaults -d` - -nisgrpadm -c smb.`nisdefaults -d` - -nischgrp smb.`nisdefaults -d` smbpasswd.org_dir.`nisdefaults -d` - diff --git a/source4/script/mksmbpasswd.sh b/source4/script/mksmbpasswd.sh deleted file mode 100644 index 854e1bd1b5..0000000000 --- a/source4/script/mksmbpasswd.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -awk 'BEGIN {FS=":" - printf("#\n# SMB password file.\n#\n") - } -{ printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s\n", $1, $3, $5) } -' diff --git a/source4/script/newuser.pl b/source4/script/newuser.pl deleted file mode 100755 index 22e3992bbe..0000000000 --- a/source4/script/newuser.pl +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/perl -w -# simple hack script to add a new user for Samba4 - - -use strict; -use Socket; -use Getopt::Long; - -my $opt_password; -my $opt_username; -my $opt_unixname; -my $opt_samdb = "/usr/local/samba/private/sam.ldb"; - - -# generate a random guid. Not a good algorithm. -sub randguid() -{ - my $r1 = int(rand(2**32)); - my $r2 = int(rand(2**16)); - my $r3 = int(rand(2**16)); - my $r4 = int(rand(2**16)); - my $r5 = int(rand(2**32)); - my $r6 = int(rand(2**16)); - return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); -} - -# generate a random password. Poor algorithm :( -sub randpass() -{ - my $pass = ""; - my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; - for (my $i=0;$i<8;$i++) { - my $c = int(rand(length($chars))); - $pass .= substr($chars, $c, 1); - } - return $pass; -} - -sub search($$) -{ - my $expr = shift; - my $attrib = shift; - my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; - chomp $res; - return $res; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 newuser - -provision.pl [options] - --username USERNAME choose new username - --password PASSWORD set password - --samdb DBPATH path to sam.ldb - -You must provide at least a username - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'username=s' => \$opt_username, - 'unixname=s' => \$opt_unixname, - 'password=s' => \$opt_password, - 'samdb=s' => \$opt_samdb - ); - -if ($opt_help || !$opt_username) { - ShowHelp(); -} - -if (!$opt_password) { - $opt_password = randpass(); - print "chose random password '$opt_password'\n"; -} - -if (!$opt_unixname) { - $opt_unixname = $opt_username; -} - -my $res = ""; - -# allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin"; - -$ENV{"LDB_URL"} = $opt_samdb; - -my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); -my $domain_dn = search("(objectClass=domainDNS)", "dn"); - -my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; -chomp $ldif; - -my $sid; - -# crude way of working out a rid -for (my $i=1001;$i<1100;$i++) { - if (search("objectSid=$domain_sid-$i","objectSid") eq "") { - $sid = "$domain_sid-$i"; - last; - } -} - -print "Chose new SID $sid\n"; - -my $dom_users = search("name=Domain Users", "dn"); - - -$ldif .= "sAMAccountName: $opt_username\n"; -$ldif .= "name: $opt_username\n"; -$ldif .= "objectSid: $sid\n"; -$ldif .= "objectGUID: " . randguid() . "\n"; -$ldif .= "memberOf: $dom_users\n"; -$ldif .= "userAccountControl: 0x10200\n"; -$ldif .= "sAMAccountType: 0x30000000\n"; -$ldif .= "objectClass: user\n"; -$ldif .= "unicodePwd: $opt_password\n"; -$ldif .= "unixName: $opt_unixname\n"; - -my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; - -open FILE, ">newuser.ldif"; -print FILE "dn: $user_dn"; -print FILE "$ldif\n"; -close FILE; - -open FILE, ">modgroup.ldif"; -print FILE " -dn: CN=Domain Users,CN=Users,$domain_dn -changetype: modify -add: member -member: $user_dn -"; -close FILE; - -system("ldbadd newuser.ldif"); -system("ldbmodify modgroup.ldif"); diff --git a/source4/script/provision.pl b/source4/script/provision.pl deleted file mode 100755 index e1d5278453..0000000000 --- a/source4/script/provision.pl +++ /dev/null @@ -1,443 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Socket; -use Getopt::Long; - -my $opt_hostname = `hostname`; -chomp $opt_hostname; -my $opt_hostip; -my $opt_realm; -my $opt_domain; -my $opt_adminpass; -my $opt_nobody; -my $opt_nogroup; -my $opt_wheel; -my $opt_users; -my $dnsdomain; -my $netbiosname; -my $dnsname; -my $basedn; -my $defaultsite = "Default-First-Site-Name"; -my $usn = 1; - -# return the current NTTIME as an integer -sub nttime() -{ - my $t = time(); - $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); - $t *= 1.0e7; - return sprintf("%lld", $t); -} - -# generate a random guid. Not a good algorithm. -sub randguid() -{ - my $r1 = int(rand(2**32)); - my $r2 = int(rand(2**16)); - my $r3 = int(rand(2**16)); - my $r4 = int(rand(2**16)); - my $r5 = int(rand(2**32)); - my $r6 = int(rand(2**16)); - return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); -} - -my $opt_domainguid = randguid(); -my $opt_hostguid = randguid(); -my $opt_invocationid = randguid(); - -sub randsid() -{ - return sprintf("S-1-5-21-%d-%d-%d", - int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); -} - -my $opt_domainsid = randsid(); - -# generate a random password. Poor algorithm :( -sub randpass() -{ - my $pass = ""; - my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; - for (my $i=0;$i<8;$i++) { - my $c = int(rand(length($chars))); - $pass .= substr($chars, $c, 1); - } - return $pass; -} - -my $joinpass = randpass(); - -sub ldaptime() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u.0Z", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -####################### -# substitute a single variable -sub substitute($) -{ - my $var = shift; - - if ($var eq "BASEDN") { - return $basedn; - } - - if ($var eq "DOMAINSID") { - return $opt_domainsid; - } - - if ($var eq "DOMAIN") { - return $opt_domain; - } - - if ($var eq "REALM") { - return $opt_realm; - } - - if ($var eq "DNSDOMAIN") { - return $dnsdomain; - } - - if ($var eq "HOSTNAME") { - return $opt_hostname; - } - - if ($var eq "NETBIOSNAME") { - return $netbiosname; - } - - if ($var eq "DNSNAME") { - return $dnsname; - } - - if ($var eq "HOSTIP") { - return $opt_hostip; - } - - if ($var eq "LDAPTIME") { - return ldaptime(); - } - - if ($var eq "NEWGUID") { - return randguid(); - } - - if ($var eq "NEWSCHEMAGUID") { - return randguid(); - } - - if ($var eq "DOMAINGUID") { - return $opt_domainguid; - } - - if ($var eq "HOSTGUID") { - return $opt_hostguid; - } - - if ($var eq "INVOCATIONID") { - return $opt_invocationid; - } - - if ($var eq "DEFAULTSITE") { - return $defaultsite; - } - - if ($var eq "ADMINPASS") { - return $opt_adminpass; - } - - if ($var eq "RANDPASS") { - return randpass(); - } - - if ($var eq "JOINPASS") { - return $joinpass; - } - - if ($var eq "NTTIME") { - return "" . nttime(); - } - - if ($var eq "WHEEL") { - return $opt_wheel; - } - - if ($var eq "NOBODY") { - return $opt_nobody; - } - - if ($var eq "NOGROUP") { - return $opt_nogroup; - } - - if ($var eq "USERS") { - return $opt_users; - } - - if ($var eq "USN") { - my $ret = $usn; - $usn = $ret + 1; - return $ret; - } - - die "ERROR: Uknown substitution variable $var\n"; -} - - -#################################################################### -# substitute all variables in a string -sub apply_substitutions($) -{ - my $data = shift; - my $res = ""; - while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { - my $sub = substitute($2); - $res .= "$1$sub"; - $data = $3; - } - $res .= $data; - return $res; -} - - -##################################################################### -# write a string into a file -sub FileSave($$) -{ - my($filename) = shift; - my($v) = shift; - local(*FILE); - open(FILE, ">$filename") || die "can't open $filename"; - print FILE $v; - close(FILE); -} - -##################################################################### -# read a file into a string -sub FileLoad($) -{ - my($filename) = shift; - local(*INPUTFILE); - open(INPUTFILE, $filename) || return undef; - my($saved_delim) = $/; - undef $/; - my($data) = ; - close(INPUTFILE); - $/ = $saved_delim; - return $data; -} - -####################################################################### -# add a foreign security principle -sub add_foreign($$$) -{ - my $sid = shift; - my $desc = shift; - my $unixname = shift; - return " -dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN} -objectClass: top -objectClass: foreignSecurityPrincipal -cn: $sid -description: $desc -instanceType: 4 -whenCreated: \${LDAPTIME} -whenChanged: \${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: $sid -objectGUID: \${NEWGUID} -objectSid: $sid -objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN} -unixName: $unixname - -"; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 provisioning - -provision.pl [options] - --realm REALM set realm - --domain DOMAIN set domain - --domain-guid GUID set domainguid (otherwise random) - --domain-sid SID set domainsid (otherwise random) - --host-name HOSTNAME set hostname - --host-ip IPADDRESS set ipaddress - --host-guid GUID set hostguid (otherwise random) - --invocationid GUID set invocationid (otherwise random) - --adminpass PASSWORD choose admin password (otherwise random) - --nobody USERNAME choose 'nobody' user - --nogroup GROUPNAME choose 'nogroup' group - --wheel GROUPNAME choose 'wheel' privileged group - --users GROUPNAME choose 'users' group - -You must provide at least a realm and domain - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'realm=s' => \$opt_realm, - 'domain=s' => \$opt_domain, - 'domain-guid=s' => \$opt_domainguid, - 'domain-sid=s' => \$opt_domainsid, - 'host-name=s' => \$opt_hostname, - 'host-ip=s' => \$opt_hostip, - 'host-guid=s' => \$opt_hostguid, - 'invocationid=s' => \$opt_invocationid, - 'adminpass=s' => \$opt_adminpass, - 'nobody=s' => \$opt_nobody, - 'nogroup=s' => \$opt_nogroup, - 'wheel=s' => \$opt_wheel, - 'users=s' => \$opt_users, - ); - -if ($opt_help || - !$opt_realm || - !$opt_domain || - !$opt_hostname) { - ShowHelp(); -} - -$opt_realm=uc($opt_realm); -$opt_domain=uc($opt_domain); -$opt_hostname=lc($opt_hostname); -$netbiosname=uc($opt_hostname); - -if (!$opt_hostip) { - my $hip = gethostbyname($opt_hostname); - if (defined $hip) { - $opt_hostip = inet_ntoa($hip); - } else { - $opt_hostip = "<0.0.0.0>"; - } -} - -print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; - -if (!$opt_nobody) { - if (defined getpwnam("nobody")) { - $opt_nobody = "nobody"; - } -} - -if (!$opt_nogroup) { - if (defined getgrnam("nogroup")) { - $opt_nogroup = "nogroup"; - } elsif (defined getgrnam("nobody")) { - $opt_nogroup = "nobody"; - } -} - -if (!$opt_wheel) { - if (defined getgrnam("wheel")) { - $opt_wheel = "wheel"; - } elsif (defined getgrnam("root")) { - $opt_wheel = "root"; - } -} - -if (!$opt_users) { - if (defined getgrnam("users")) { - $opt_users = "users"; - } -} - -$opt_nobody || die "Unable to determine a user for 'nobody'\n"; -$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; -$opt_users || die "Unable to determine a group for 'users'\n"; -$opt_wheel || die "Unable to determine a group for 'wheel'\n"; - -print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; - -print "generating ldif ...\n"; - -$dnsdomain = lc($opt_realm); -$dnsname = lc($opt_hostname).".".$dnsdomain; -$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); - -my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n"; - -$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); -$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-18", "System", "root"); -$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); - -if (!$opt_adminpass) { - $opt_adminpass = randpass(); - print "chose random Administrator password '$opt_adminpass'\n"; -} - -# allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin"; - - -my $res = apply_substitutions($data); - -my $newdb = "newdb." . int(rand(1000)); - -print "Putting new database files in $newdb\n"; - -mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; - -FileSave("$newdb/sam.ldif", $res); - -print "creating $newdb/sam.ldb ...\n"; - -system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; - -$data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; - -$res = apply_substitutions($data); - -FileSave("$newdb/rootdse.ldif", $res); - -print "creating $newdb/rootdse.ldb ...\n"; - -system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; - -$data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n"; - -$res = apply_substitutions($data); - -FileSave("$newdb/secrets.ldif", $res); - -print "creating $newdb/secrets.ldb ...\n"; - -system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; - -$data = FileLoad("provision.zone") || die "Unable to load provision.zone\n"; - -$res = apply_substitutions($data); - -print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; - -FileSave("$newdb/$dnsdomain.zone", $res); - -print "creating $newdb/hklm.ldb ... \n"; - -system("ldbadd -H $newdb/hklm.ldb hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; - -print " - -Installation: -- Please move $newdb/*.ldb to the private/ directory of your - Samba4 installation -- Please use $newdb/$dnsdomain.zone in BIND on your dns server -"; - - diff --git a/source4/script/rootdse.pl b/source4/script/rootdse.pl deleted file mode 100755 index cfe49a6582..0000000000 --- a/source4/script/rootdse.pl +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Getopt::Long; - -my $opt_hostname = `hostname`; -chomp $opt_hostname; -my $netbiosname; -my $opt_realm; -my $opt_domain; -my $dnsdomain; -my $dnsname; -my $basedn; - -sub ldaptime() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u.0Z", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -####################### -# substitute a single variable -sub substitute($) -{ - my $var = shift; - - if ($var eq "BASEDN") { - return $basedn; - } - - if ($var eq "NETBIOSNAME") { - return $netbiosname; - } - - if ($var eq "DNSNAME") { - return $dnsname; - } - - if ($var eq "DNSDOMAIN") { - return $dnsdomain; - } - - die "ERROR: Uknown substitution variable $var\n"; -} - -##################################################################### -# write a string into a file -sub FileSave($$) -{ - my($filename) = shift; - my($v) = shift; - local(*FILE); - open(FILE, ">$filename") || die "can't open $filename"; - print FILE $v; - close(FILE); -} - -##################################################################### -# read a file into a string -sub FileLoad($) -{ - my($filename) = shift; - local(*INPUTFILE); - open(INPUTFILE, $filename) || return undef; - my($saved_delim) = $/; - undef $/; - my($data) = ; - close(INPUTFILE); - $/ = $saved_delim; - return $data; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 provisioning - -rootdse.pl [options] - --realm REALM set realm - --domain DOMAIN set domain - --hostname HOSTNAME set hostname - -You must provide at least a realm and domain - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'realm=s' => \$opt_realm, - 'domain=s' => \$opt_domain, - 'hostname=s' => \$opt_hostname, - ); - -if ($opt_help || - !$opt_realm || - !$opt_domain || - !$opt_hostname) { - ShowHelp(); -} - -$opt_realm=uc($opt_realm); -$opt_domain=uc($opt_domain); -$opt_hostname=lc($opt_hostname); -$netbiosname=uc($opt_hostname); - -print "Provisioning host '$opt_hostname' with netbios name '$netbiosname' for domain '$opt_domain' in realm '$opt_realm'\n"; - -print "generating ldif ...\n"; - -$dnsdomain = lc($opt_realm); -$dnsname = $opt_hostname.".".$dnsdomain; -$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); - -my $data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; - -my $res = ""; - -print "applying substitutions ...\n"; - -while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { - my $sub = substitute($2); - $res .= "$1$sub"; - $data = $3; -} -$res .= $data; - -print "saving ldif to newrootdse.ldif ...\n"; - -FileSave("newrootdse.ldif", $res); - -unlink("newrootdse.ldb"); - -print "creating newrootdse.ldb ...\n"; - -# allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin"; - -system("ldbadd -H newrootdse.ldb newrootdse.ldif"); - -print "done - -Please move newrootdse.ldb to rootdse.ldb in the private/ directory of your -Samba4 installation -"; - diff --git a/source4/script/scancvslog.pl b/source4/script/scancvslog.pl deleted file mode 100755 index c39f9111c1..0000000000 --- a/source4/script/scancvslog.pl +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -require"timelocal.pl"; - -# -# usage scancvslog.pl logfile starttime tag -# -# this will extract all entries from the specified cvs log file -# that have a date later than or equal to starttime and a tag -# value of tag. If starttime is not specified, all entries are -# extracted. If tag is not specified then entries for all -# branches are extracted. starttime must be specified as -# "monthname day, year" -# -# Example to extract all entries for SAMBA_2_2 branch from the -# log file named cvs.log -# -# scancvslog.pl cvs.log "" SAMBA_2_2 -# -# -# To extract all log entries after Jan 10, 1999 (Note month name -# must be spelled out completely). -# -# scancvslog.pl cvs.log "January 10, 1999" -# - -open(INFILE,@ARGV[0]) || die "Unable to open @ARGV[0]\n"; - -%Monthnum = ( - "January", 0, - "February", 1, - "March", 2, - "April", 3, - "May", 4, - "June", 5, - "July", 6, - "August", 7, - "September", 8, - "October", 9, - "November", 10, - "December", 11, - "Jan", 0, - "Feb", 1, - "Mar", 2, - "Apr", 3, - "May", 4, - "Jun", 5, - "Jul", 6, - "Aug", 7, - "Sep", 8, - "Oct", 9, - "Nov", 10, - "Dec", 11 -); - -$Starttime = (@ARGV[1]) ? &make_time(@ARGV[1]) : 0; -$Tagvalue = @ARGV[2]; - -while (&get_entry) { - $_=$Entry[0]; -# get rid of extra white space - s/\s+/ /g; -# get rid of any time string in date - s/ \d\d:\d\d:\d\d/,/; - s/^Date:\s*\w*\s*(\w*)\s*(\w*),\s*(\w*).*/$1 $2 $3/; - $Testtime = &make_time($_); - $Testtag = &get_tag; - if (($Testtime >= $Starttime) && ($Tagvalue eq $Testtag)) { - print join("\n",@Entry),"\n"; - } -} -close(INFILE); - -sub make_time { - $_ = @_[0]; - s/,//; - ($month, $day, $year) = split(" ",$_); - if (($year < 1900)||($day < 1)||($day > 31)||not length($Monthnum{$month})) { - print "Bad date format @_[0]\n"; - print "Date needs to be specified as \"Monthname day, year\"\n"; - print "eg: \"January 10, 1999\"\n"; - exit 1; - } - $year = ($year == 19100) ? 2000 : $year; - $month = $Monthnum{$month}; - $Mytime=&timelocal((0,0,0,$day,$month,$year)); -} - -sub get_tag { - @Mytag = grep (/Tag:/,@Entry); - $_ = @Mytag[0]; - s/^.*Tag:\s*(\w*).*/$1/; - return $_; -} - -sub get_entry { - @Entry=(); - if (not eof(INFILE)) { - while (not eof(INFILE)) { - $_ = ; - chomp $_; - next if (not ($_)); - if (/^\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/) { - next if ($#Entry == -1); - push(Entry,$_); - return @Entry; - } else { - push(Entry,$_); - } - } - } - return @Entry; -} diff --git a/source4/script/smbtar b/source4/script/smbtar deleted file mode 100644 index f062cba9f0..0000000000 --- a/source4/script/smbtar +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/sh -# -# smbtar script - front end to smbclient -# -# Authors: Martin.Kraemer -# and Ricky Poulten (ricky@logcam.co.uk) -# -# (May need to change shell to ksh for HPUX or OSF for better getopts) -# -# sandy nov 3 '98 added -a flag -# -# Richard Sharpe, added -c 'tarmode full' so that we back up all files to -# fix a bug in clitar when a patch was added to stop system and hidden files -# being backed up. - -case $0 in - # when called by absolute path, assume smbclient is in the same directory - /*) - SMBCLIENT="`dirname $0`/smbclient";; - *) # you may need to edit this to show where your smbclient is - SMBCLIENT="smbclient";; -esac - -# These are the default values. You could fill them in if you know what -# you're doing, but beware: better not store a plain text password! -server="" -service="backup" # Default: a service called "backup" -password="" -username=$LOGNAME # Default: same user name as in *nix -verbose="2>/dev/null" # Default: no echo to stdout -log="-d 2" -newer="" -newerarg="" -blocksize="" -blocksizearg="" -clientargs="-c 'tarmode full'" -tarcmd="c" -tarargs="" -cdcmd="\\" -tapefile=${TAPE-tar.out} - -Usage(){ - ex=$1 - shift -echo >&2 "Usage: `basename $0` [] [] -Function: backup/restore a Windows PC directories to a local tape file -Options: (Description) (Default) - -r Restore from tape file to PC Save from PC to tapefile - -i Incremental mode Full backup mode - -a Reset archive bit mode Don't reset archive bit - -v Verbose mode: echo command Don't echo anything - -s Specify PC Server $server - -p Specify PC Password $password - -x Specify PC Share $service - -X Exclude mode Include - -N File for date comparison `set -- $newer; echo $2` - -b Specify tape's blocksize `set -- $blocksize; echo $2` - -d Specify a directory in share $cdcmd - -l Specify a Samba Log Level `set -- $log; echo $2` - -u Specify User Name $username - -t Specify Tape device $tapefile -" - echo >&2 "$@" - exit $ex -} - -# echo Params count: $# - -# DEC OSF AKA Digital UNIX does not seem to return a value in OPTIND if -# there are no command line params, so protect us against that ... -if [ $# = 0 ]; then - - Usage 2 "Please enter a command line parameter!" - -fi - -while getopts riavl:b:d:N:s:p:x:u:Xt: c; do - case $c in - r) # [r]estore to Windows (instead of the default "Save from Windows") - tarcmd="x" - ;; - i) # [i]ncremental - tarargs=${tarargs}ga - clientargs="-c 'tarmode inc'" - ;; - a) # [a]rchive - tarargs=${tarargs}a - ;; - l) # specify [l]og file - log="-d $OPTARG" - case "$OPTARG" in - [0-9]*) ;; - *) echo >&2 "$0: Error, log level not numeric: -l $OPTARG" - exit 1 - esac - ;; - d) # specify [d]irectory to change to in server's share - cdcmd="$OPTARG" - ;; - N) # compare with a file, test if [n]ewer - if [ -f $OPTARG ]; then - newer=$OPTARG - newerarg="N" - else - echo >&2 $0: Warning, $OPTARG not found - fi - ;; - X) # Add exclude flag - tarargs=${tarargs}X - ;; - s) # specify [s]erver's share to connect to - this MUST be given. - server="$OPTARG" - ;; - b) # specify [b]locksize - blocksize="$OPTARG" - case "$OPTARG" in - [0-9]*) ;; - *) echo >&2 "$0: Error, block size not numeric: -b $OPTARG" - exit 1 - esac - blocksizearg="b" - ;; - p) # specify [p]assword to use - password="$OPTARG" - ;; - x) # specify windows [s]hare to use - service="$OPTARG" - ;; - t) # specify [t]apefile on local host - tapefile="$OPTARG" - ;; - u) # specify [u]sername for connection - username="$OPTARG" - ;; - v) # be [v]erbose and display what's going on - verbose="" - ;; - '?') # any other switch - Usage 2 "Invalid switch specified - abort." - ;; - esac -done - -shift `expr $OPTIND - 1` - -if [ "$server" = "" ] || [ "$service" = "" ]; then - Usage 1 "No server or no service specified - abort." -fi - -# if the -v switch is set, the echo the current parameters -if [ -z "$verbose" ]; then - echo "server is $server" -# echo "share is $service" - echo "share is $service\\$cdcmd" - echo "tar args is $tarargs" -# echo "password is $password" # passwords should never be sent to screen - echo "tape is $tapefile" - echo "blocksize is $blocksize" -fi - -tarargs=${tarargs}${blocksizearg}${newerarg} - -eval $SMBCLIENT "'\\\\$server\\$service'" "'$password'" -U "'$username'" \ --E -N $log -D "'$cdcmd'" ${clientargs} \ --T${tarcmd}${tarargs} $blocksize $newer $tapefile '${1+"$@"}' $verbose diff --git a/source4/script/updatesmbpasswd.sh b/source4/script/updatesmbpasswd.sh deleted file mode 100644 index 1d7e0d7332..0000000000 --- a/source4/script/updatesmbpasswd.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -nawk 'BEGIN {FS=":"} -{ - if( $0 ~ "^#" ) { - print $0 - } else if( (length($4) == 32) && (($4 ~ "^[0-9A-F]*$") || ($4 ~ "^[X]*$") || ( $4 ~ "^[*]*$"))) { - print $0 - } else { - printf( "%s:%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:", $1, $2, $3); - for(i = 4; i <= NF; i++) - printf("%s:", $i) - printf("\n") - } -}' diff --git a/source4/secrets.ldif b/source4/secrets.ldif deleted file mode 100644 index f44521a07b..0000000000 --- a/source4/secrets.ldif +++ /dev/null @@ -1,30 +0,0 @@ -dn: @INDEXLIST -@IDXATTR: cn -@IDXATTR: flatname -@IDXATTR: realm - -dn: @ATTRIBUTES -realm: CASE_INSENSITIVE -flatname: CASE_INSENSITIVE -sAMAccountName: CASE_INSENSITIVE - -dn: CN=LSA Secrets -objectClass: top -objectClass: container -cn: LSA Secrets - -dn: CN=Primary Domains -objectClass: top -objectClass: container -cn: Primary Domains - -dn: flatname=${DOMAIN},CN=Primary Domains -objectClass: top -objectClass: primaryDomain -flatname: ${DOMAIN} -realm: ${REALM} -secret: ${JOINPASS} -sAMAccountName: ${NETBIOSNAME}$ -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} - diff --git a/source4/setup/dcpromo.pl b/source4/setup/dcpromo.pl new file mode 100755 index 0000000000..56461ae825 --- /dev/null +++ b/source4/setup/dcpromo.pl @@ -0,0 +1,225 @@ +#!/usr/bin/perl -w + +################################################### +# package to generate samba ads configuration +# Copyright metze@samba.org 2004 + +# released under the GNU GPL + +use strict; +use Data::Dumper; + +sub print_options($$) { + my $ads = shift; + my $ctx = shift; + my @arr; + my $i; + my $len; + + print "options:\n"; + + @arr = @{$ctx}; + $len = $#arr; + for($i = 0; $i <= $len; $i++) { + my $val = $ctx->[$i]; + print "\t".$i.": ".$val->{TEXT}."\n"; + } + + print "choise []:"; +} + +sub read_option($$) { + my $ads = shift; + my $ctx = shift; + my $val; + + $val = ; + + return $val; +} + +sub call_option($$$) { + my $ads = shift; + my $ctx = shift; + my $switch = shift; + my $val; + my $funcref; + + $val = $ctx->[$switch]; + + $funcref = $val->{ACTION}; + + &$funcref($ads); +} + +sub ask_option($$) { + my $ads = shift; + my $ctx = shift; + my $ret; + + print_options($ads, $ctx); + + $ret = read_option($ads, $ctx); + + call_option($ads, $ctx, $ret); +} + +sub create_ads_tree($) { + my $ads = shift; + + print "Create ADS Domain:\n"; + print Dumper($ads); +} + +sub do_new_domain_in_entire_structure($) { + my $ads; + my $domain_dns; + my $domain_netbios; + + $ads->{NEW_DOMAIN} = 1; + $ads->{NEW_FOREST} = 1; + + print "full dns name of the new domain []:"; + $domain_dns = ; + chomp $domain_dns; + $ads->{FULL_DNS_NAME} = $domain_dns; + + print "netbios name of the new domain []:"; + $domain_netbios = ; + chomp $domain_netbios; + $ads->{NETBIOS} = $domain_netbios; + + create_ads_tree($ads); +} + +sub do_sub_domain_in_existing_structure($) { + my $ads = shift; + my $user_name; + my $user_domain; + my $user_password; + my $top_dns; + my $domain_dns; + my $domain_netbios; + my $db_folder; + my $db_logs; + my $sysvol_folder; + my $admin_password1; + my $admin_password2; + + $ads->{NEW_DOMAIN} = 1; + $ads->{NEW_FOREST} = 0; + + print "User Name []:"; + $user_name = ; + chomp $user_name; + $ads->{USER}{NAME} = $user_name; + + print "User Domain []:"; + $user_domain = ; + chomp $user_domain; + $ads->{USER}{DOMAIN} = $user_domain; + + print "User Password []:"; + $user_password = ; + chomp $user_password; + $ads->{USER}{PASSWORD} = $user_password; + + print "full dns name of the top domain []:"; + $top_dns = ; + chomp $top_dns; + $ads->{TOP_DNS_NAME} = $top_dns; + + print "suffix of the new domain []:"; + $domain_dns = ; + chomp $domain_dns; + $ads->{FULL_DNS_NAME} = $domain_dns.".".$top_dns; + + print "netbios name of the new domain []:"; + $domain_netbios = ; + chomp $domain_netbios; + $ads->{NETBIOS} = $domain_netbios; + + print "folder for database files []:"; + $db_folder = ; + chomp $db_folder; + $ads->{DB_FOLDER} = $db_folder; + + print "folder for database logs []:"; + $db_logs = ; + chomp $db_logs; + $ads->{DB_LOGS} = $db_logs; + + print "folder for SYSVOL []:"; + $sysvol_folder = ; + chomp $sysvol_folder; + $ads->{SYSVOL_FOLDER} = $sysvol_folder; + + # + # test DNS here + # + + # + # test mixed/native here + # + + print "Administrator password []:"; + $admin_password1 = ; + chomp $admin_password1; + print "retype Administrator password []:"; + $admin_password2 = ; + chomp $admin_password2; + if ($admin_password1 eq $admin_password2) { + $ads->{ADMIN_PASSWORD} = $admin_password1; + } else { + $ads->{ADMIN_PASSWORD} = ""; + } + + create_ads_tree($ads); +} + +sub do_sub_structure_in_global_structure($) { + print "go on with do_sub_structure_in_global_structure\n"; +} + +sub do_new_domain($) { + my $ads = shift; + my $ctx; + + $ctx->[0]{TEXT} = "new domain in entire structure"; + $ctx->[0]{ACTION} = \&do_new_domain_in_entire_structure; + + $ctx->[1]{TEXT} = "sub domain in existing structure"; + $ctx->[1]{ACTION} = \&do_sub_domain_in_existing_structure; + + $ctx->[2]{TEXT} = "sub structure in global structure"; + $ctx->[2]{ACTION} = \&do_sub_structure_in_global_structure; + + ask_option($ads ,$ctx); +} + +sub do_existing_domain($) { + print "go on with do existing domain\n"; +} + +sub ask_new_or_exist_domain($) { + my $ads = shift; + my $ctx; + + $ctx->[0]{TEXT} = "new domain"; + $ctx->[0]{ACTION} = \&do_new_domain; + + $ctx->[1]{TEXT} = "existing domain"; + $ctx->[1]{ACTION} = \&do_existing_domain; + + ask_option($ads, $ctx); +} + +sub main { + my $ads; + + $ads->{ADS_TREE} = 1; + + ask_new_or_exist_domain($ads); +} + +main(); diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif new file mode 100644 index 0000000000..a4ab32e233 --- /dev/null +++ b/source4/setup/hklm.ldif @@ -0,0 +1,32 @@ +dn: @INDEXLIST +@IDXATTR: key + +dn: key=control,key=currentcontrolset,key=system,hive= +key: control + +dn: key=services,key=control,key=currentcontrolset,key=system,hive= +key: services + +dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive= +value: ProductType +data: LanmanNT +type: 1 + +dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive= +key: productoptions + +dn: key=system,hive= +key: system + +dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive= +key: netlogon + +dn: key=services,key=currentcontrolset,key=system,hive= +key: services + +dn: key=print,key=control,key=currentcontrolset,key=system,hive= +key: print + +dn: key=currentcontrolset,key=system,hive= +key: currentcontrolset + diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl new file mode 100755 index 0000000000..6ddda5028e --- /dev/null +++ b/source4/setup/newuser.pl @@ -0,0 +1,145 @@ +#!/usr/bin/perl -w +# simple hack script to add a new user for Samba4 + + +use strict; +use Socket; +use Getopt::Long; + +my $opt_password; +my $opt_username; +my $opt_unixname; +my $opt_samdb = "/usr/local/samba/private/sam.ldb"; + + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +sub search($$) +{ + my $expr = shift; + my $attrib = shift; + my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; + chomp $res; + return $res; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 newuser + +newuser.pl [options] + --username USERNAME choose new username + --password PASSWORD set password + --samdb DBPATH path to sam.ldb + +You must provide at least a username + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'username=s' => \$opt_username, + 'unixname=s' => \$opt_unixname, + 'password=s' => \$opt_password, + 'samdb=s' => \$opt_samdb + ); + +if ($opt_help || !$opt_username) { + ShowHelp(); +} + +if (!$opt_password) { + $opt_password = randpass(); + print "chose random password '$opt_password'\n"; +} + +if (!$opt_unixname) { + $opt_unixname = $opt_username; +} + +my $res = ""; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + +$ENV{"LDB_URL"} = $opt_samdb; + +my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); +my $domain_dn = search("(objectClass=domainDNS)", "dn"); + +my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; +chomp $ldif; + +my $sid; + +# crude way of working out a rid +for (my $i=1001;$i<1100;$i++) { + if (search("objectSid=$domain_sid-$i","objectSid") eq "") { + $sid = "$domain_sid-$i"; + last; + } +} + +print "Chose new SID $sid\n"; + +my $dom_users = search("name=Domain Users", "dn"); + + +$ldif .= "sAMAccountName: $opt_username\n"; +$ldif .= "name: $opt_username\n"; +$ldif .= "objectSid: $sid\n"; +$ldif .= "objectGUID: " . randguid() . "\n"; +$ldif .= "memberOf: $dom_users\n"; +$ldif .= "userAccountControl: 0x10200\n"; +$ldif .= "sAMAccountType: 0x30000000\n"; +$ldif .= "objectClass: user\n"; +$ldif .= "unicodePwd: $opt_password\n"; +$ldif .= "unixName: $opt_unixname\n"; + +my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; + +open FILE, ">newuser.ldif"; +print FILE "dn: $user_dn"; +print FILE "$ldif\n"; +close FILE; + +open FILE, ">modgroup.ldif"; +print FILE " +dn: CN=Domain Users,CN=Users,$domain_dn +changetype: modify +add: member +member: $user_dn +"; +close FILE; + +system("ldbadd newuser.ldif"); +system("ldbmodify modgroup.ldif"); diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif new file mode 100644 index 0000000000..f6cce3e285 --- /dev/null +++ b/source4/setup/provision.ldif @@ -0,0 +1,1246 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectClass +@IDXATTR: member +@IDXATTR: unixID +@IDXATTR: unixName +@IDXATTR: privilege + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +userPrincipalName: CASE_INSENSITIVE +servicePrincipalName: CASE_INSENSITIVE +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE WILDCARD +dn: CASE_INSENSITIVE WILDCARD +sAMAccountName: CASE_INSENSITIVE WILDCARD +objectClass: CASE_INSENSITIVE +unicodePwd: HIDDEN +ntPwdHash: HIDDEN +ntPwdHistory: HIDDEN +lmPwdHash: HIDDEN +lmPwdHistory: HIDDEN +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN + +dn: @SUBCLASSES +top: domain +top: person +top: group +domain: domainDNS +domain: builtinDomain +person: organizationalPerson +organizationalPerson: user +user: computer +template: userTemplate +template: groupTemplate + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: samldb,timestamps + +############################### +# Domain Naming Context +############################### +dn: ${BASEDN} +objectClass: top +objectClass: domain +objectClass: domainDNS +name: ${DOMAIN} +realm: ${REALM} +dnsDomain: ${DNSDOMAIN} +dc: ${DOMAIN} +objectGUID: ${DOMAINGUID} +creationTime: ${NTTIME} +forceLogoff: 0x8000000000000000 +lockoutDuration: -18000000000 +lockOutObservationWindow: -18000000000 +lockoutThreshold: 0 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +maxPwdAge: -37108517437440 +minPwdAge: 0 +minPwdLength: 7 +modifiedCountAtLastProm: 0 +nextRid: 1001 +pwdProperties: 1 +pwdHistoryLength: 24 +objectSid: ${DOMAINSID} +serverState: 1 +nTMixedDomain: 1 +msDS-Behavior-Version: 0 +ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} +uASCompat: 1 +modifiedCount: 1 +objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +subRefs: CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Users,${BASEDN} +objectClass: top +objectClass: container +cn: Users +description: Default container for upgraded user accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Users +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Computers,${BASEDN} +objectClass: top +objectClass: container +cn: Computers +description: Default container for upgraded computer accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Computers +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: organizationalUnit +ou: Domain Controllers +description: Default container for domain controllers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Domain Controllers +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=ForeignSecurityPrincipals,${BASEDN} +objectClass: top +objectClass: container +cn: ForeignSecurityPrincipals +description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: ForeignSecurityPrincipals +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: System +description: Builtin system settings +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: System +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=RID Manager$,CN=System,${BASEDN} +objectclass: top +objectclass: rIDManager +cn: RID Manager$ +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: RID Manager$ +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +rIDAvailablePool: 4611686014132423217 + +dn: CN=DomainUpdates,CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: DomainUpdates +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: DomainUpdates +objectGUID: ${NEWGUID} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: Windows2003Update +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Windows2003Update +objectGUID: ${NEWGUID} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +revision: 8 + +dn: CN=Infrastructure,${BASEDN} +objectclass: top +objectclass: infrastructureUpdate +cn: Infrastructure +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Infrastructure +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Builtin,${BASEDN} +objectClass: top +objectClass: builtinDomain +cn: Builtin +instanceType: 4 +showInAdvancedViewOnly: FALSE +name: Builtin +forceLogoff: 0x8000000000000000 +lockoutDuration: -18000000000 +lockOutObservationWindow: -18000000000 +lockoutThreshold: 0 +maxPwdAge: -37108517437440 +minPwdAge: 0 +minPwdLength: 0 +modifiedCountAtLastProm: 0 +nextRid: 1000 +pwdProperties: 0 +pwdHistoryLength: 0 +objectSid: S-1-5-32 +serverState: 1 +uASCompat: 1 +modifiedCount: 1 +objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Administrator,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Administrator +description: Built-in account for administering the computer/domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +memberOf: CN=Domain Admins,CN=Users,${BASEDN} +memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} +memberOf: CN=Schema Admins,CN=Users,${BASEDN} +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Administrator +objectGUID: ${NEWGUID} +userAccountControl: 0x10200 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +objectSid: ${DOMAINSID}-500 +adminCount: 1 +accountExpires: -1 +logonCount: 0 +sAMAccountName: Administrator +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${ADMINPASS} +unixName: root + +dn: CN=Guest,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Guest +description: Built-in account for guest access to the computer/domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Guest +objectGUID: ${NEWGUID} +userAccountControl: 0x10222 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 514 +objectSid: ${DOMAINSID}-501 +accountExpires: -1 +logonCount: 0 +sAMAccountName: Guest +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Administrators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Administrators +description: Administrators have complete and unrestricted access to the computer/domain +member: CN=Domain Admins,CN=Users,${BASEDN} +member: CN=Enterprise Admins,CN=Users,${BASEDN} +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Administrators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-544 +adminCount: 1 +sAMAccountName: Administrators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + + +dn: CN=Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Users +description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications +member: CN=Domain Users,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-545 +sAMAccountName: Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Guests,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Guests +description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted +member: CN=Domain Guests,CN=Users,${BASEDN} +member: CN=Guest,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Guests +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-546 +sAMAccountName: Guests +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${NOGROUP} + +dn: CN=Print Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Print Operators +description: Members can administer domain printers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Print Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-550 +adminCount: 1 +sAMAccountName: Print Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Backup Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Backup Operators +description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Backup Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-551 +adminCount: 1 +sAMAccountName: Backup Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Replicator,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Replicator +description: Supports file replication in a domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Replicator +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-552 +adminCount: 1 +sAMAccountName: Replicator +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Remote Desktop Users +description: Members in this group are granted the right to logon remotely +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Remote Desktop Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-555 +sAMAccountName: Remote Desktop Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Network Configuration Operators +description: Members in this group can have some administrative privileges to manage configuration of networking features +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Network Configuration Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-556 +sAMAccountName: Network Configuration Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Monitor Users +description: Members of this group have remote access to monitor this computer +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Performance Monitor Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-558 +sAMAccountName: Performance Monitor Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Log Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Log Users +description: Members of this group have remote access to schedule logging of performance counters on this computer +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Performance Log Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-559 +sAMAccountName: Performance Log Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +objectClass: computer +cn: ${NETBIOSNAME} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: ${NETBIOSNAME} +objectGUID: ${HOSTGUID} +userAccountControl: 532480 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 127273269057298624 +localPolicyFlags: 0 +pwdLastSet: 127258826171655328 +primaryGroupID: 516 +objectSid: ${DOMAINSID}-1000 +accountExpires: 9223372036854775807 +logonCount: 30 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${JOINPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: CIFS/${DNSNAME} +servicePrincipalName: CIFS/${NETBIOSNAME} +servicePrincipalName: LDAP/${DNSNAME} +servicePrincipalName: LDAP/${NETBIOSNAME} + +dn: CN=krbtgt,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: krbtgt +objectGUID: ${NEWGUID} +userAccountControl: 514 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 127258826179466560 +primaryGroupID: 513 +objectSid: ${DOMAINSID}-502 +adminCount: 1 +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: krbtgt +sAMAccountType: 805306368 +servicePrincipalName: kadmin/changepw +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${RANDPASS} + +dn: CN=Domain Computers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Domain Computers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-515 +sAMAccountName: Domain Computers +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Controllers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Domain Controllers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-516 +adminCount: 1 +sAMAccountName: Domain Controllers +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Schema Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Schema Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-518 +adminCount: 1 +sAMAccountName: Schema Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Enterprise Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Enterprise Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Cert Publishers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to the Active Directory +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Cert Publishers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-517 +sAMAccountName: Cert Publishers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-512 +adminCount: 1 +sAMAccountName: Domain Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Domain Users,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Users,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Users +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${USERS} + +dn: CN=Domain Guests,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Guests +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Group Policy Creator Owners +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of users +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: RAS and IAS Servers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Server Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Server Operators +description: Members can administer domain servers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Server Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Account Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Account Operators +description: Members can administer domain user and group accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Account Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight + +dn: CN=Templates,${BASEDN} +objectClass: top +objectClass: container +cn: Templates +description: Container for SAM account templates +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Templates +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +### +# note! the template users must not match normal searches. Be careful +# with what classes you put them in +### + +dn: CN=TemplateUser,CN=Templates,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: Template +objectClass: userTemplate +cn: TemplateUser +name: TemplateUser +instanceType: 4 +userAccountControl: 0x202 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000000 + +dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateMemberServer +name: TemplateMemberServer +instanceType: 4 +userAccountControl: 0x1002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 + +dn: CN=TemplateDomainController,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateDomainController +name: TemplateDomainController +instanceType: 4 +userAccountControl: 0x2002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 + +dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateTrustingDomain +name: TemplateTrustingDomain +instanceType: 4 +userAccountControl: 0x820 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000002 + +dn: CN=TemplateGroup,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: groupTemplate +cn: TemplateGroup +name: TemplateGroup +instanceType: 4 +groupType: 0x80000002 +sAMAccountType: 0x10000000 + +dn: CN=TemplateAlias,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: aliasTemplate +cn: TemplateAlias +name: TemplateAlias +instanceType: 4 +groupType: 0x80000004 +sAMAccountType: 0x10000000 + +dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: foreignSecurityPrincipalTemplate +cn: TemplateForeignSecurityPrincipal +name: TemplateForeignSecurityPrincipal + +dn: CN=TemplateSecret,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: secretTemplate +cn: TemplateSecret +name: TemplateSecret +instanceType: 4 + +dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: trustedDomainTemplate +cn: TemplateTrustedDomain +name: TemplateTrustedDomain +instanceType: 4 + +############################### +# Configuration Naming Context +############################### +dn: CN=Configuration,${BASEDN} +objectClass: top +objectClass: configuration +cn: Configuration +instanceType: 13 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Configuration +objectGUID: ${NEWGUID} +objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRefContainer +cn: Partitions +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Partitions +objectGUID: ${NEWGUID} +systemFlags: 0x80000000 +objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +msDS-Behavior-Version: 0 +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Configuration +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Enterprise Configuration +objectGUID: ${NEWGUID} +systemFlags: 0x00000001 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Schema +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Enterprise Schema +objectGUID: ${NEWGUID} +systemFlags: 0x00000001 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Schema,CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: ${DOMAIN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: ${DOMAIN} +objectGUID: ${NEWGUID} +systemFlags: 0x00000003 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: ${BASEDN} +nETBIOSName: ${DOMAIN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: sitesContainer +cn: Sites +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Sites +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: site +cn: Sites +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Sites +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: serversContainer +cn: Servers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Servers +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: server +cn: ${NETBIOSNAME} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: ${NETBIOSNAME} +objectGUID: ${NEWGUID} +systemFlags: 0x52000000 +objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +dNSHostName: ${DNSNAME} +serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} + +dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: applicationSettings +objectClass: nTDSDSA +cn: NTDS Settings +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: NTDS Settings +systemFlags: 0x02000000 +objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +dMDLocation: CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} +invocationId: ${INVOCATIONID} +msDS-Behavior-Version: 2 + +############################### +# Schema Naming Context +############################### +dn: CN=Schema,CN=Configuration,${BASEDN} +objectClass: top +objectClass: dMD +cn: Schema +instanceType: 13 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Schema +objectGUID: ${NEWGUID} +objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectVersion: 30 diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl new file mode 100755 index 0000000000..4000ac3bde --- /dev/null +++ b/source4/setup/provision.pl @@ -0,0 +1,443 @@ +#!/usr/bin/perl -w + +use strict; +use Socket; +use Getopt::Long; + +my $opt_hostname = `hostname`; +chomp $opt_hostname; +my $opt_hostip; +my $opt_realm; +my $opt_domain; +my $opt_adminpass; +my $opt_nobody; +my $opt_nogroup; +my $opt_wheel; +my $opt_users; +my $dnsdomain; +my $netbiosname; +my $dnsname; +my $basedn; +my $defaultsite = "Default-First-Site-Name"; +my $usn = 1; + +# return the current NTTIME as an integer +sub nttime() +{ + my $t = time(); + $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); + $t *= 1.0e7; + return sprintf("%lld", $t); +} + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +my $opt_domainguid = randguid(); +my $opt_hostguid = randguid(); +my $opt_invocationid = randguid(); + +sub randsid() +{ + return sprintf("S-1-5-21-%d-%d-%d", + int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); +} + +my $opt_domainsid = randsid(); + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +my $joinpass = randpass(); + +sub ldaptime() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u.0Z", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + +####################### +# substitute a single variable +sub substitute($) +{ + my $var = shift; + + if ($var eq "BASEDN") { + return $basedn; + } + + if ($var eq "DOMAINSID") { + return $opt_domainsid; + } + + if ($var eq "DOMAIN") { + return $opt_domain; + } + + if ($var eq "REALM") { + return $opt_realm; + } + + if ($var eq "DNSDOMAIN") { + return $dnsdomain; + } + + if ($var eq "HOSTNAME") { + return $opt_hostname; + } + + if ($var eq "NETBIOSNAME") { + return $netbiosname; + } + + if ($var eq "DNSNAME") { + return $dnsname; + } + + if ($var eq "HOSTIP") { + return $opt_hostip; + } + + if ($var eq "LDAPTIME") { + return ldaptime(); + } + + if ($var eq "NEWGUID") { + return randguid(); + } + + if ($var eq "NEWSCHEMAGUID") { + return randguid(); + } + + if ($var eq "DOMAINGUID") { + return $opt_domainguid; + } + + if ($var eq "HOSTGUID") { + return $opt_hostguid; + } + + if ($var eq "INVOCATIONID") { + return $opt_invocationid; + } + + if ($var eq "DEFAULTSITE") { + return $defaultsite; + } + + if ($var eq "ADMINPASS") { + return $opt_adminpass; + } + + if ($var eq "RANDPASS") { + return randpass(); + } + + if ($var eq "JOINPASS") { + return $joinpass; + } + + if ($var eq "NTTIME") { + return "" . nttime(); + } + + if ($var eq "WHEEL") { + return $opt_wheel; + } + + if ($var eq "NOBODY") { + return $opt_nobody; + } + + if ($var eq "NOGROUP") { + return $opt_nogroup; + } + + if ($var eq "USERS") { + return $opt_users; + } + + if ($var eq "USN") { + my $ret = $usn; + $usn = $ret + 1; + return $ret; + } + + die "ERROR: Uknown substitution variable $var\n"; +} + + +#################################################################### +# substitute all variables in a string +sub apply_substitutions($) +{ + my $data = shift; + my $res = ""; + while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= "$1$sub"; + $data = $3; + } + $res .= $data; + return $res; +} + + +##################################################################### +# write a string into a file +sub FileSave($$) +{ + my($filename) = shift; + my($v) = shift; + local(*FILE); + open(FILE, ">$filename") || die "can't open $filename"; + print FILE $v; + close(FILE); +} + +##################################################################### +# read a file into a string +sub FileLoad($) +{ + my($filename) = shift; + local(*INPUTFILE); + open(INPUTFILE, $filename) || return undef; + my($saved_delim) = $/; + undef $/; + my($data) = ; + close(INPUTFILE); + $/ = $saved_delim; + return $data; +} + +####################################################################### +# add a foreign security principle +sub add_foreign($$$) +{ + my $sid = shift; + my $desc = shift; + my $unixname = shift; + return " +dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: $sid +description: $desc +instanceType: 4 +whenCreated: \${LDAPTIME} +whenChanged: \${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: $sid +objectGUID: \${NEWGUID} +objectSid: $sid +objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN} +unixName: $unixname + +"; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 provisioning + +provision.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --domain-guid GUID set domainguid (otherwise random) + --domain-sid SID set domainsid (otherwise random) + --host-name HOSTNAME set hostname + --host-ip IPADDRESS set ipaddress + --host-guid GUID set hostguid (otherwise random) + --invocationid GUID set invocationid (otherwise random) + --adminpass PASSWORD choose admin password (otherwise random) + --nobody USERNAME choose 'nobody' user + --nogroup GROUPNAME choose 'nogroup' group + --wheel GROUPNAME choose 'wheel' privileged group + --users GROUPNAME choose 'users' group + +You must provide at least a realm and domain + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'realm=s' => \$opt_realm, + 'domain=s' => \$opt_domain, + 'domain-guid=s' => \$opt_domainguid, + 'domain-sid=s' => \$opt_domainsid, + 'host-name=s' => \$opt_hostname, + 'host-ip=s' => \$opt_hostip, + 'host-guid=s' => \$opt_hostguid, + 'invocationid=s' => \$opt_invocationid, + 'adminpass=s' => \$opt_adminpass, + 'nobody=s' => \$opt_nobody, + 'nogroup=s' => \$opt_nogroup, + 'wheel=s' => \$opt_wheel, + 'users=s' => \$opt_users, + ); + +if ($opt_help || + !$opt_realm || + !$opt_domain || + !$opt_hostname) { + ShowHelp(); +} + +$opt_realm=uc($opt_realm); +$opt_domain=uc($opt_domain); +$opt_hostname=lc($opt_hostname); +$netbiosname=uc($opt_hostname); + +if (!$opt_hostip) { + my $hip = gethostbyname($opt_hostname); + if (defined $hip) { + $opt_hostip = inet_ntoa($hip); + } else { + $opt_hostip = "<0.0.0.0>"; + } +} + +print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; + +if (!$opt_nobody) { + if (defined getpwnam("nobody")) { + $opt_nobody = "nobody"; + } +} + +if (!$opt_nogroup) { + if (defined getgrnam("nogroup")) { + $opt_nogroup = "nogroup"; + } elsif (defined getgrnam("nobody")) { + $opt_nogroup = "nobody"; + } +} + +if (!$opt_wheel) { + if (defined getgrnam("wheel")) { + $opt_wheel = "wheel"; + } elsif (defined getgrnam("root")) { + $opt_wheel = "root"; + } +} + +if (!$opt_users) { + if (defined getgrnam("users")) { + $opt_users = "users"; + } +} + +$opt_nobody || die "Unable to determine a user for 'nobody'\n"; +$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; +$opt_users || die "Unable to determine a group for 'users'\n"; +$opt_wheel || die "Unable to determine a group for 'wheel'\n"; + +print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; + +print "generating ldif ...\n"; + +$dnsdomain = lc($opt_realm); +$dnsname = lc($opt_hostname).".".$dnsdomain; +$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); + +my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n"; + +$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); +$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); +$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); +$data .= add_foreign("S-1-5-18", "System", "root"); +$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); + +if (!$opt_adminpass) { + $opt_adminpass = randpass(); + print "chose random Administrator password '$opt_adminpass'\n"; +} + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + + +my $res = apply_substitutions($data); + +my $newdb = "newdb." . int(rand(1000)); + +print "Putting new database files in $newdb\n"; + +mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; + +FileSave("$newdb/sam.ldif", $res); + +print "creating $newdb/sam.ldb ...\n"; + +system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; + +$data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; + +$res = apply_substitutions($data); + +FileSave("$newdb/rootdse.ldif", $res); + +print "creating $newdb/rootdse.ldb ...\n"; + +system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; + +$data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n"; + +$res = apply_substitutions($data); + +FileSave("$newdb/secrets.ldif", $res); + +print "creating $newdb/secrets.ldb ...\n"; + +system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; + +$data = FileLoad("provision.zone") || die "Unable to load provision.zone\n"; + +$res = apply_substitutions($data); + +print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; + +FileSave("$newdb/$dnsdomain.zone", $res); + +print "creating $newdb/hklm.ldb ... \n"; + +system("ldbadd -H $newdb/hklm.ldb hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; + +print " + +Installation: +- Please move $newdb/*.ldb to the private/ directory of your + Samba4 installation +- Please use $newdb/$dnsdomain.zone in BIND on your dns server +"; + + diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone new file mode 100644 index 0000000000..c0b941c822 --- /dev/null +++ b/source4/setup/provision.zone @@ -0,0 +1,32 @@ +; generate by provision.pl +$ORIGIN ${DNSDOMAIN} +$TTL 1W +@ IN SOA @ hostmaster ( + 42 ; serial (d. adams) + 2D ; refresh + 4H ; retry + 6W ; expiry + 1W ) ; minimum + IN NS ${HOSTNAME} + IN A ${HOSTIP} +; +${HOSTNAME} IN A ${HOSTIP} +${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} +; +; global catalog servers +_gc._tcp IN SRV 0 100 3268 ${HOSTNAME} +_ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} +; +; ldap servers +_ldap._tcp IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +; +; krb5 servers +_kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} +_kerberos._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} +_kerberos._udp IN SRV 0 100 88 ${HOSTNAME} diff --git a/source4/setup/rootdse.ldif b/source4/setup/rootdse.ldif new file mode 100644 index 0000000000..534249859a --- /dev/null +++ b/source4/setup/rootdse.ldif @@ -0,0 +1,32 @@ +dn: @INDEXLIST + +dn: @ATTRIBUTES +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN + +dn: @SUBCLASSES + +dn: @MODULES +@MODULE: timestamps + +dn: cn=rootDSE +currentTime: _DYNAMIC_ +subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} +namingContexts: ${BASEDN} +namingContexts: CN=Configuration,${BASEDN} +namingContexts: CN=Schema,CN=Configuration,${BASEDN} +defaultNamingContext: ${BASEDN} +rootDomainNamingContext: ${BASEDN} +configurationNamingContext: CN=Configuration,${BASEDN} +schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} +supportedLDAPVersion: 3 +highestCommittedUSN: _DYNAMIC_ +supportedSASLMechanisms: GSS-SPNEGO +dnsHostName: ${DNSNAME} +ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${DNSDOMAIN} +serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} +isSynchronized: _DYNAMIC_ +domainFunctionality: 0 +forestFunctionality: 0 +domainControllerFunctionality: 2 diff --git a/source4/setup/rootdse.pl b/source4/setup/rootdse.pl new file mode 100755 index 0000000000..799019fad8 --- /dev/null +++ b/source4/setup/rootdse.pl @@ -0,0 +1,152 @@ +#!/usr/bin/perl -w + +use strict; +use Getopt::Long; + +my $opt_hostname = `hostname`; +chomp $opt_hostname; +my $netbiosname; +my $opt_realm; +my $opt_domain; +my $dnsdomain; +my $dnsname; +my $basedn; + +sub ldaptime() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u.0Z", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + +####################### +# substitute a single variable +sub substitute($) +{ + my $var = shift; + + if ($var eq "BASEDN") { + return $basedn; + } + + if ($var eq "NETBIOSNAME") { + return $netbiosname; + } + + if ($var eq "DNSNAME") { + return $dnsname; + } + + if ($var eq "DNSDOMAIN") { + return $dnsdomain; + } + + die "ERROR: Uknown substitution variable $var\n"; +} + +##################################################################### +# write a string into a file +sub FileSave($$) +{ + my($filename) = shift; + my($v) = shift; + local(*FILE); + open(FILE, ">$filename") || die "can't open $filename"; + print FILE $v; + close(FILE); +} + +##################################################################### +# read a file into a string +sub FileLoad($) +{ + my($filename) = shift; + local(*INPUTFILE); + open(INPUTFILE, $filename) || return undef; + my($saved_delim) = $/; + undef $/; + my($data) = ; + close(INPUTFILE); + $/ = $saved_delim; + return $data; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 provisioning + +rootdse.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --hostname HOSTNAME set hostname + +You must provide at least a realm and domain + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'realm=s' => \$opt_realm, + 'domain=s' => \$opt_domain, + 'hostname=s' => \$opt_hostname, + ); + +if ($opt_help || + !$opt_realm || + !$opt_domain || + !$opt_hostname) { + ShowHelp(); +} + +$opt_realm=uc($opt_realm); +$opt_domain=uc($opt_domain); +$opt_hostname=lc($opt_hostname); +$netbiosname=uc($opt_hostname); + +print "Provisioning host '$opt_hostname' with netbios name '$netbiosname' for domain '$opt_domain' in realm '$opt_realm'\n"; + +print "generating ldif ...\n"; + +$dnsdomain = lc($opt_realm); +$dnsname = $opt_hostname.".".$dnsdomain; +$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); + +my $data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; + +my $res = ""; + +print "applying substitutions ...\n"; + +while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= "$1$sub"; + $data = $3; +} +$res .= $data; + +print "saving ldif to newrootdse.ldif ...\n"; + +FileSave("newrootdse.ldif", $res); + +unlink("newrootdse.ldb"); + +print "creating newrootdse.ldb ...\n"; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + +system("ldbadd -H newrootdse.ldb newrootdse.ldif"); + +print "done + +Please move newrootdse.ldb to rootdse.ldb in the private/ directory of your +Samba4 installation +"; + diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif new file mode 100644 index 0000000000..f44521a07b --- /dev/null +++ b/source4/setup/secrets.ldif @@ -0,0 +1,30 @@ +dn: @INDEXLIST +@IDXATTR: cn +@IDXATTR: flatname +@IDXATTR: realm + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +flatname: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE + +dn: CN=LSA Secrets +objectClass: top +objectClass: container +cn: LSA Secrets + +dn: CN=Primary Domains +objectClass: top +objectClass: container +cn: Primary Domains + +dn: flatname=${DOMAIN},CN=Primary Domains +objectClass: top +objectClass: primaryDomain +flatname: ${DOMAIN} +realm: ${REALM} +secret: ${JOINPASS} +sAMAccountName: ${NETBIOSNAME}$ +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} + -- cgit