From 6173fad23171add5b1d143f6c15fb36842811135 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 02:12:20 +0000 Subject: r8660: Use templates for the initial provision of user and computer accounts. This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1) --- source4/setup/provision.ldif | 232 ------------------------------------------- 1 file changed, 232 deletions(-) (limited to 'source4/setup/provision.ldif') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index bc4505e8a4..10ea5248c8 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -191,7 +191,6 @@ objectClass: organizationalPerson objectClass: user cn: Administrator description: Built-in account for administering the computer/domain -instanceType: 4 uSNCreated: 1 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} memberOf: CN=Domain Admins,CN=Users,${BASEDN} @@ -201,21 +200,10 @@ memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Administrator userAccountControl: 0x10200 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 objectSid: ${DOMAINSID}-500 adminCount: 1 accountExpires: -1 -logonCount: 0 sAMAccountName: Administrator -sAMAccountType: 0x30000000 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${ADMINPASS} unixName: ${ROOT} @@ -227,26 +215,14 @@ objectClass: organizationalPerson objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain -instanceType: 4 uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Guest userAccountControl: 0x10222 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 -accountExpires: -1 -logonCount: 0 sAMAccountName: Guest -sAMAccountType: 0x30000000 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=Administrators,CN=Builtin,${BASEDN} @@ -257,7 +233,6 @@ description: Administrators have complete and unrestricted access to the compute member: CN=Domain Admins,CN=Users,${BASEDN} member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Administrators @@ -302,7 +277,6 @@ objectClass: group cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Users @@ -321,7 +295,6 @@ cn: Guests description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Guests @@ -339,7 +312,6 @@ objectClass: top objectClass: group cn: Print Operators description: Members can administer domain printers -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Print Operators @@ -360,7 +332,6 @@ objectClass: top objectClass: group cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Backup Operators @@ -382,7 +353,6 @@ objectClass: top objectClass: group cn: Replicator description: Supports file replication in a domain -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Replicator @@ -400,7 +370,6 @@ objectClass: top objectClass: group cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Remote Desktop Users @@ -417,7 +386,6 @@ objectClass: top objectClass: group cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Network Configuration Operators @@ -434,7 +402,6 @@ objectClass: top objectClass: group cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Performance Monitor Users @@ -451,7 +418,6 @@ objectClass: top objectClass: group cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Performance Log Users @@ -467,33 +433,24 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} objectClass: top objectClass: person objectClass: organizationalPerson -objectClass: user objectClass: computer cn: ${NETBIOSNAME} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: ${NETBIOSNAME} objectGUID: ${HOSTGUID} userAccountControl: 532480 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 lastLogon: 127273269057298624 localPolicyFlags: 0 pwdLastSet: 127258826171655328 primaryGroupID: 516 objectSid: ${DOMAINSID}-1000 accountExpires: 9223372036854775807 -logonCount: 30 sAMAccountName: ${NETBIOSNAME}$ sAMAccountType: 805306369 operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} -objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${MACHINEPASS} servicePrincipalName: HOST/${DNSNAME} @@ -507,28 +464,18 @@ objectClass: organizationalPerson objectClass: user cn: krbtgt description: Key Distribution Center Service Account -instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: krbtgt userAccountControl: 514 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 pwdLastSet: 127258826179466560 -primaryGroupID: 513 objectSid: ${DOMAINSID}-502 adminCount: 1 accountExpires: 9223372036854775807 -logonCount: 0 sAMAccountName: krbtgt sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${KRBTGTPASS} @@ -537,14 +484,11 @@ objectClass: top objectClass: group cn: Domain Computers description: All workstations and servers joined to the domain -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Domain Computers objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers -sAMAccountType: 0x10000000 -groupType: 0x80000002 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -553,16 +497,12 @@ objectClass: top objectClass: group cn: Domain Controllers description: All domain controllers in the domain -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Domain Controllers objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=Schema Admins,CN=Users,${BASEDN} @@ -571,16 +511,12 @@ objectClass: group cn: Schema Admins description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Schema Admins objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -590,7 +526,6 @@ objectClass: group cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 @@ -598,9 +533,6 @@ name: Enterprise Admins objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -609,14 +541,11 @@ objectClass: top objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Cert Publishers objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers -sAMAccountType: 0x20000000 -groupType: 0x80000004 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -626,7 +555,6 @@ objectClass: group cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 @@ -634,9 +562,6 @@ name: Domain Admins objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -645,16 +570,12 @@ objectClass: top objectClass: group cn: Domain Users description: All domain users -instanceType: 4 uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Users objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${USERS} @@ -663,16 +584,12 @@ objectClass: top objectClass: group cn: Domain Guests description: All domain guests -instanceType: 4 uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Guests objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} @@ -681,14 +598,11 @@ objectClass: group cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Group Policy Creator Owners objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners -sAMAccountType: 0x10000000 -groupType: 0x80000002 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -752,152 +666,6 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight -dn: CN=Templates,${BASEDN} -objectClass: top -objectClass: container -cn: Templates -description: Container for SAM account templates -instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: Templates -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -### -# note! the template users must not match normal searches. Be careful -# with what classes you put them in -### - -dn: CN=TemplateUser,CN=Templates,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: Template -objectClass: userTemplate -cn: TemplateUser -name: TemplateUser -instanceType: 4 -userAccountControl: 0x202 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000000 - -dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateMemberServer -name: TemplateMemberServer -instanceType: 4 -userAccountControl: 0x1002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 - -dn: CN=TemplateDomainController,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateDomainController -name: TemplateDomainController -instanceType: 4 -userAccountControl: 0x2002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 - -dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateTrustingDomain -name: TemplateTrustingDomain -instanceType: 4 -userAccountControl: 0x820 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000002 - -dn: CN=TemplateGroup,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: groupTemplate -cn: TemplateGroup -name: TemplateGroup -instanceType: 4 -groupType: 0x80000002 -sAMAccountType: 0x10000000 - -dn: CN=TemplateAlias,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: aliasTemplate -cn: TemplateAlias -name: TemplateAlias -instanceType: 4 -groupType: 0x80000004 -sAMAccountType: 0x10000000 - -dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: foreignSecurityPrincipalTemplate -cn: TemplateForeignSecurityPrincipal -name: TemplateForeignSecurityPrincipal - -dn: CN=TemplateSecret,CN=Templates,${BASEDN} -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: secretTemplate -cn: TemplateSecret -name: TemplateSecret -instanceType: 4 - -dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: trustedDomainTemplate -cn: TemplateTrustedDomain -name: TemplateTrustedDomain -instanceType: 4 - ############################### # Configuration Naming Context ############################### -- cgit