From 4b31fd4409cd9eca29469c09ce4b585c6d5f1a81 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Aug 2007 02:26:24 +0000 Subject: r24696: Fix bug 4918 reported by Matthias Wallnöfer with a patch from Andrew Kroeger . MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The changes to samldb_fill_foreignSecurityPrincipal_object() look much larger then they are: We just skip all the objectSid generation if the SID is supplied. By providing a few more objects, standard dialogs on the clients are better behaved, for these 'well known' users. Andrew Bartlett (This used to be commit 35ee4aee719e69983d650602d1c6422a31600001) --- source4/setup/provision_users.ldif | 237 +++++++++++++++++++++++++++++++++++++ 1 file changed, 237 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index fa81784f1e..dcb9ef14fa 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -347,3 +347,240 @@ groupType: 2147483653 isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight +dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Pre-Windows 2000 Compatible Access +description: A backward compatibility group which allows read access on all users and groups in the domain +objectSid: S-1-5-32-554 +sAMAccountName: Pre-Windows 2000 Compatible Access +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE +privilege: SeRemoteInteractiveLogonRight +privilege: SeChangeNotifyPrivilege + +dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Incoming Forest Trust Builders +description: Members of this group can create incoming, one-way trusts to this forest +objectSid: S-1-5-32-557 +sAMAccountName: Incoming Forest Trust Builders +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Windows Authorization Access Group +description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects +objectSid: S-1-5-32-560 +sAMAccountName: Windows Authorization Access Group +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Terminal Server License Servers +description: Terminal Server License Servers +objectSid: S-1-5-32-561 +sAMAccountName: Terminal Server License Servers +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Distributed COM Users +description: Members are allowed to launch, activate and use Distributed COM objects on this machine. +objectSid: S-1-5-32-562 +sAMAccountName: Distributed COM Users +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: container +cn: WellKnown Security Principals +systemFlags: 2147483648 +showInAdvancedViewOnly: TRUE + +dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Anonymous Logon +objectSid: S-1-5-7 +showInAdvancedViewOnly: TRUE + +dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Authenticated Users +objectSid: S-1-5-11 +showInAdvancedViewOnly: TRUE + +dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Batch +objectSid: S-1-5-3 +showInAdvancedViewOnly: TRUE + +dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Creator Group +objectSid: S-1-3-1 +showInAdvancedViewOnly: TRUE + +dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Creator Owner +objectSid: S-1-3-0 +showInAdvancedViewOnly: TRUE + +dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Dialup +objectSid: S-1-5-1 +showInAdvancedViewOnly: TRUE + +dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Digest Authentication +objectSid: S-1-5-64-21 +showInAdvancedViewOnly: TRUE + +dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Enterprise Domain Controllers +objectSid: S-1-5-9 +showInAdvancedViewOnly: TRUE + +dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Everyone +objectSid: S-1-1-0 +showInAdvancedViewOnly: TRUE + +dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Interactive +objectSid: S-1-5-4 +showInAdvancedViewOnly: TRUE + +dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Local Service +objectSid: S-1-5-19 +showInAdvancedViewOnly: TRUE + +dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Network +objectSid: S-1-5-2 +showInAdvancedViewOnly: TRUE + +dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Network Service +objectSid: S-1-5-20 +showInAdvancedViewOnly: TRUE + +dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: NTLM Authentication +objectSid: S-1-5-64-10 +showInAdvancedViewOnly: TRUE + +dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Other Organization +objectSid: S-1-5-1000 +showInAdvancedViewOnly: TRUE + +dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Proxy +objectSid: S-1-5-8 +showInAdvancedViewOnly: TRUE + +dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Remote Interactive Logon +objectSid: S-1-5-14 +showInAdvancedViewOnly: TRUE + +dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Restricted +objectSid: S-1-5-12 +showInAdvancedViewOnly: TRUE + +dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: SChannel Authentication +objectSid: S-1-5-64-14 +showInAdvancedViewOnly: TRUE + +dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Self +objectSid: S-1-5-10 +showInAdvancedViewOnly: TRUE + +dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Service +objectSid: S-1-5-6 +showInAdvancedViewOnly: TRUE + +dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Terminal Server User +objectSid: S-1-5-13 +showInAdvancedViewOnly: TRUE + +dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: This Organization +objectSid: S-1-5-15 +showInAdvancedViewOnly: TRUE + +dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Well-Known-Security-Id-System +objectSid: S-1-5-18 +showInAdvancedViewOnly: TRUE + -- cgit