From fa4023d6f73920765aa5fdbcdd6fd934782258cf Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 17 Sep 2009 21:19:24 +0200 Subject: s4:provision - Some rework (continuation) - Fix up "servicePrincipalNames" attributes on the DC object - Add some informative comments (most in "provision_self_join.ldif") - Add also comments where objects are missing which we may add later when we support the feature (mainly for FRS) - Add "domain updates" objects also under "CN=Configuration" (they exist twice) - Add the default services under "Services" to allow interoperability with some MS client tools - Smaller changes --- source4/setup/provision_self_join.ldif | 82 +++++++++++++++++++++------------- 1 file changed, 52 insertions(+), 30 deletions(-) (limited to 'source4/setup/provision_self_join.ldif') diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index c59c421b7f..639bc96040 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -1,41 +1,43 @@ -# Join the DC to itself +# Accounts for selfjoin (joins DC to itself) +# Object under "Domain Controllers" dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer -userAccountControl: 532480 -localPolicyFlags: 0 -primaryGroupID: 516 accountExpires: 9223372036854775807 -sAMAccountName: ${NETBIOSNAME}$ +dNSHostName: ${DNSNAME} +# "frsComputerReferenceBL" doesn't exist since we still miss FRS support +isCriticalSystemObject: TRUE +localPolicyFlags: 0 operatingSystem: Samba operatingSystemVersion: ${SAMBA_VERSION_STRING} -dNSHostName: ${DNSNAME} -userPassword:: ${MACHINEPASS_B64} -servicePrincipalName: HOST/${DNSNAME} +primaryGroupID: 516 +# "rIDSetReferences" doesn't exist since we still miss distributed RIDs +sAMAccountName: ${NETBIOSNAME}$ +# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support +# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones", +# "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS +servicePrincipalName: GC/${DNSNAME}/${REALM} +servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${DNSNAME}/${REALM} -servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} -servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} -servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} -isCriticalSystemObject: TRUE +# "servicePrincipalName"s with GUIDs are located in +# "provision_self_join_modify.ldif" +servicePrincipalName: ldap/${DNSNAME}/${DOMAIN} +servicePrincipalName: ldap/${NETBIOSNAME} +servicePrincipalName: ldap/${DNSNAME} +servicePrincipalName: ldap/${DNSNAME}/${REALM} +userAccountControl: 532480 +userPassword:: ${MACHINEPASS_B64} -#Provide a account for DNS keytab export -dn: CN=dns,CN=Users,${DOMAINDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -description: DNS Service Account -userAccountControl: 514 -accountExpires: 9223372036854775807 -sAMAccountName: dns -servicePrincipalName: DNS/${DNSDOMAIN} -userPassword:: ${DNSPASS_B64} -isCriticalSystemObject: TRUE +# Here are missing the objects for the NTFRS subscription and the RID set since +# we don't support those techniques (FRS, distributed RIDs) yet. + +# Objects under "Configuration/Sites//Servers" dn: ${SERVERDN} objectClass: top @@ -48,14 +50,34 @@ dn: CN=NTDS Settings,${SERVERDN} objectClass: top objectClass: applicationSettings objectClass: nTDSDSA -options: 1 -systemFlags: 33554432 dMDLocation: ${SCHEMADN} +hasMasterNCs: ${CONFIGDN} +hasMasterNCs: ${SCHEMADN} +hasMasterNCs: ${DOMAINDN} invocationId: ${INVOCATIONID} msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY} +msDS-HasDomainNCs: ${DOMAINDN} +# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS +msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN} +msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN} +msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN} +# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS msDS-hasMasterNCs: ${CONFIGDN} msDS-hasMasterNCs: ${SCHEMADN} msDS-hasMasterNCs: ${DOMAINDN} -hasMasterNCs: ${CONFIGDN} -hasMasterNCs: ${SCHEMADN} -hasMasterNCs: ${DOMAINDN} +options: 1 +systemFlags: 33554432 + +# Provides an account for DNS keytab export +dn: CN=dns,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +description: DNS Service Account +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +servicePrincipalName: DNS/${DNSDOMAIN} +userPassword:: ${DNSPASS_B64} +isCriticalSystemObject: TRUE -- cgit