From f57bcc92b5b06465974a3276fde86d553fd78c04 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Thu, 13 May 2010 12:10:54 +0200
Subject: s4:provision.ldif - add IP security objects as they exist on Windows
 Server

---
 source4/setup/provision.ldif | 282 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 282 insertions(+)

(limited to 'source4/setup/provision.ldif')

diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c04cce76e6..dc08450114 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -488,11 +488,293 @@ objectClass: linkTrackVolumeTable
 systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 
+# IP security objects
+
 dn: CN=IP Security,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
 isCriticalSystemObject: TRUE
 
+dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
+ipsecName: Server (Request Security)
+ipsecID: {72385230-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {72385231-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABo0hlRHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
+ipsecName: Request Security (Optional) Rule
+ipsecID: {72385232-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319BE2-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Permit unsecure ICMP packets to pass through.
+ipsecName: Permit unsecure ICMP packets to pass through.
+ipsecID: {594272E2-071D-11D3-AD22-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Accepts unsecured communication, but requests clients to establish trust and security methods.  Will communicate insecurely to untrusted clients if they do not respond to request.
+ipsecName: Request Security (Optional)
+ipsecID: {72385233-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIZQBAAAFAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAFwAUwBlAHIAdgBpAGMAZQBzAFwAUABvAGwAaQBjAHkAQQBnAGUAbgCEAwAAoIYBAAAAAAAAAAAAAQAAAAEAAAACAAAAAgAAAEAAAAAIAAAAAAAAAFX0sjdcAEwAbwBjABUADwABAAgAIAJlACACZQBYxHYF+M54BSwBAACghgEAAAAAAAAAAAABAAAAAgAAAAAAAAABAAAAQAAAAAgAAAAtADkAQQBDADEALQA0AEQANgBEAC0AQQAxAEIAMAAtADEANQA4ADcALAEAAKCGAQAAAAAAAAAAAAEAAAABAAAAAAAAAAEAAABAAAAACAAAAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcAFAAbwBsAGkAYwB5AEEAZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAgAAAEAAAAAIAAAANgBDAC0AMwBCADkANwAtADQANQA1ADIALQA4AEUANAA1AC0AOQA5AAA=
+ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000}
+
+dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecFilter
+description: Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
+ipsecName: All IP Traffic
+ipsecID: {7238523A-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: tSDcgMgu0RGongCgJI0wIUoAAAABAAAAAgAAAAAAAgAAAAAAAgAAAAAA3ZsxWeNe0hGs6ABgsOzKFwEAAAAAAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319BDF-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Permit unsecured IP packets to pass through.
+ipsecName: Permit
+ipsecID: {7238523B-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIQQAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD2-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecFilter
+description: Matches all ICMP packets between this computer and any other computer.
+ipsecName: All ICMP Traffic
+ipsecID: {72385235-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: tSDcgMgu0RGongCgJI0wIVIAAAABAAAAAgAAAAAAAgAAAAAACgAAAEkAQwBNAFAAAABj0hlRHQfTEa0iAGCw7MoXAQAAAAAAAAD/////AAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
+ipsecName: Client (Respond Only)
+ipsecID: {72385236-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {72385237-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABz7EFfHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319C04-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319C01-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
+ipsecName: Secure Server (Require Security)
+ipsecID: {7238523C-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {7238523D-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAAD5ckJZHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Accepts unsecured communication, but always requires clients to establish trust and security methods.  Will NOT communicate with untrusted clients.
+ipsecName: Require Security
+ipsecID: {7238523E-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319BF3-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Permit unsecure ICMP packets to pass through.
+ipsecName: Permit unsecure ICMP packets to pass through.
+ipsecID: {594272FD-071D-11D3-AD22-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Accepts unsecured communication, but always requires clients to establish trust and security methods.  Will NOT communicate with untrusted clients.
+ipsecName: Require Security
+ipsecID: {7238523F-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIUQBAAAEAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgCEAwAAoIYBAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAcABzAGUAYwBOAEYAQQB7ADcAMgAzADgANQAyADMARQAtADcAMABGAIQDAACghgEAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAABsAGkAYwB5AFwATABvAGMAYQBsAFwAaQBwAHMAZQBjAE4ARgBBAHsAhAMAAKCGAQAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAGUAYwBOAEYAQQB7AEIARgBDADcAQwAzADUAQQAtAEIANQA5ADIALQAA
+ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000}
+
+dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319BF0-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Version Information Object
+ipsecName: Version Information Object
+ipsecID: {6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: b1wfardy0hGs8ABgsOzKF1AAAAAAAAEApmamNhoAAABXAGkAbgBkAG8AdwBzACAAMgAwADAAMAAAABwAAABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAAAABgAAAA0ACgAAAACsuxGNSdERhjkAoCSNMCEqAAAAAQAAAAUAAAACAAAAAAD9////AgAAAAAAAAAAAAAAAAABAAAAAgAAAAAAAA==
+isCriticalSystemObject: TRUE
+
+# End IP security objects
+
 dn: CN=Meetings,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
-- 
cgit