From ee2bcfacdf32b0c55c6a78ae1ad7b55699611d1b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 02:27:54 +0200 Subject: s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updates We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze --- source4/setup/schema_samba4.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 3e129e4f6b..2c007395fb 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -174,6 +174,8 @@ oMSyntax: 20 #Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2 +#Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3 + #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From 750a848d0dbae8ea66a9f265294d7f95556c0c27 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:01:07 -0700 Subject: added some more well known SIDs - thanks to the WSPP LSAT test suite --- source4/setup/provision_users.ldif | 60 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 854c42d07c..c61cb805c4 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -137,6 +137,66 @@ sAMAccountName: RAS and IAS Servers groupType: -2147483644 isCriticalSystemObject: TRUE +dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Read-Only Domain Controllers +description: read-only domain controllers +objectSid: ${DOMAINSID}-521 +sAMAccountName: Read-Only Domain Controllers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Enterprise Read-Only Domain Controllers +description: enterprise read-only domain controllers +objectSid: ${DOMAINSID}-498 +sAMAccountName: Enterprise Read-Only Domain Controllers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Certificate Service DCOM Access +description: Certificate Service DCOM Access +objectSid: ${DOMAINSID}-574 +sAMAccountName: Certificate Service DCOM Access +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Cryptographic Operators +description: Cryptographic Operators +objectSid: ${DOMAINSID}-569 +sAMAccountName: Cryptographic Operators +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Event Log Readers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Event Log Readers +description: Event Log Readers +objectSid: ${DOMAINSID}-573 +sAMAccountName: Event Log Readers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: IIS_IUSRS +description: IIS_IUSRS +objectSid: ${DOMAINSID}-568 +sAMAccountName: IIS_IUSRS +groupType: -2147483644 +isCriticalSystemObject: TRUE + dn: CN=Administrators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -- cgit From 15b686198120cca0aaa305edc0a5e3242b4fa869 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 12:53:40 -0700 Subject: Use the new 'samba4' name for our internal hdb plugin. --- source4/setup/secrets_dc.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index abc5860cf7..8ae5578e6b 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -22,7 +22,7 @@ realm: ${REALM} sAMAccountName: krbtgt objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:${SAM_LDB}: +krb5Keytab: HDB:samba4:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. # A hook from our credentials system into HDB, as we must be on a KDC, -- cgit From 05994005a35b940efc9cd8d1b3b0eebf2d2e38d7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:56:12 +0200 Subject: s4:setup: add wellknownObjects to the domain object metze --- source4/setup/provision_basedn_modify.ldif | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 63332e937b..a7b501e8a8 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -77,4 +77,12 @@ subRefs: ${SCHEMADN} replace: gPLink gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0] - +replace: wellKnownObjects +wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN} +wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN} +wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN} +wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN} +wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN} +wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN} +- ${DOMAINGUID_MOD} -- cgit From 2deeb99fff1a90c79ba1927e1a069362e250a63c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 15 Oct 2008 14:03:20 -0400 Subject: Transform the sequence_number operation into a normal extended operation as it should always have been. Make it also async so that it is not a special case. --- source4/setup/schema_samba4.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 2c007395fb..c27157d713 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -177,6 +177,8 @@ oMSyntax: 20 #Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 +#Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2 +#Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From e549759efe0b782106e6892685e0494376e592ff Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 20 Oct 2008 10:18:02 +0200 Subject: Fix blackbox tests on IPv6-only hosts. --- source4/setup/provision.zone | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 17ae3bb47a..e7d600df87 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -10,10 +10,10 @@ $TTL 1W 1W ) ; minimum IN NS ${HOSTNAME} ${HOSTIP6_BASE_LINE} - IN A ${HOSTIP} +${HOSTIP_BASE_LINE} ; ${HOSTIP6_HOST_LINE} -${HOSTNAME} IN A ${HOSTIP} +${HOSTIP_HOST_LINE} gc._msdcs IN CNAME ${HOSTNAME} ${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} ; -- cgit From 3038bc484ebb1796e40e0eeb72155d9905ff36fa Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 20 Oct 2008 15:19:01 +1100 Subject: Mark clearTextPassword as a privilaged attribute --- source4/setup/provision_init.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a6c591dd51..8e9b68fb30 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -34,6 +34,7 @@ dn: @OPTIONS checkBaseOnSearch: TRUE dn: @KLUDGEACL +passwordAttribute: clearTextPassword passwordAttribute: userPassword passwordAttribute: ntPwdHash passwordAttribute: sambaNTPwdHistory -- cgit