From 931aa4e8bd83e515b992d3df726c5804d941de64 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Wed, 26 Aug 2009 03:51:45 +0200 Subject: s4:provision - Change the "provision_users.ldif" file to support the "samldb" changes The "provision_users.ldif" file needs some rework to pass against the changed and improved "samldb" module (see next commit). --- source4/setup/provision_users.ldif | 61 ++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 26 deletions(-) (limited to 'source4/setup/provision_users.ldif') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 041262de14..8669d8a4e6 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -1,3 +1,24 @@ +# Add default primary groups (domain users, domain guests) - needed for +# the users to find valid primary groups (samldb module) + +dn: CN=Domain Users,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +description: All domain users +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +isCriticalSystemObject: TRUE + +dn: CN=Domain Guests,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +description: All domain guests +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +isCriticalSystemObject: TRUE + +# Add users + dn: CN=Administrator,CN=Users,${DOMAINDN} objectClass: user description: Built-in account for administering the computer/domain @@ -18,16 +39,6 @@ objectSid: ${DOMAINSID}-501 sAMAccountName: Guest isCriticalSystemObject: TRUE -dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -description: Designated administrators of the enterprise -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-519 -adminCount: 1 -sAMAccountName: Enterprise Admins -isCriticalSystemObject: TRUE - dn: CN=krbtgt,CN=Users,${DOMAINDN} objectClass: top objectClass: person @@ -44,6 +55,18 @@ servicePrincipalName: kadmin/changepw userPassword:: ${KRBTGTPASS_B64} isCriticalSystemObject: TRUE +# Add other groups + +dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +isCriticalSystemObject: TRUE + dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top objectClass: group @@ -90,22 +113,6 @@ adminCount: 1 sAMAccountName: Domain Admins isCriticalSystemObject: TRUE -dn: CN=Domain Users,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -description: All domain users -objectSid: ${DOMAINSID}-513 -sAMAccountName: Domain Users -isCriticalSystemObject: TRUE - -dn: CN=Domain Guests,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -description: All domain guests -objectSid: ${DOMAINSID}-514 -sAMAccountName: Domain Guests -isCriticalSystemObject: TRUE - dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} objectClass: top objectClass: group @@ -391,6 +398,8 @@ systemFlags: -1946157056 groupType: -2147483643 isCriticalSystemObject: TRUE +# Add well known security principals + dn: CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: container -- cgit