sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

2008R2: Missing operation (75, 76) for ActiveDirectoryUpdate version 5 (FL)

Browse Source 
Operation 75 {5e1574f6-55df-493e-a6-71-aa-ef-fc-a6-a1-00}

 - Create the CN=Managed Service Accounts object

Operation 76 {d262aae8-41f7-48ed-9f-35-56-bb-b6-77-57-3d}

 - Add otherWellKnownObject link for CN=Managed Service Accounts

Referenced in the page 'Windows Server 2008R2: Domain-Wide Updates':
https://technet.microsoft.com/en-us/library/dd378973(v=ws.10).aspx

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Garming Sam 2017-08-24 13:59:22 +12:00 committed by Garming Sam
parent 0efc061a62
commit 3cddb6ad07
5 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
python/samba/descriptor.py
View File

@ -268,6 +268,17 @@ def get_domain_users_descriptor(domain_sid, name_map={}):
"S:"
return sddl2binary(sddl, domain_sid, name_map)
def get_managed_service_accounts_descriptor(domain_sid, name_map={}):
sddl = "D:" \
"(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
"(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)" \
"(OA;;CCDC;ce206244-5827-4a86-ba1c-1c0c386c1b64;;AO)" \
"(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)" \
"(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)" \
"(A;;RPLCLORC;;;AU)" \
"S:"
return sddl2binary(sddl, domain_sid, name_map)
def get_domain_controllers_descriptor(domain_sid, name_map={}):
sddl = "D:" \
"(A;;RPLCLORC;;;AU)" \

8
python/samba/provision/__init__.py
View File

@ -100,6 +100,7 @@ from samba.descriptor import (
get_dns_partition_descriptor,
get_dns_forest_microsoft_dns_descriptor,
get_dns_domain_microsoft_dns_descriptor,
get_managed_service_accounts_descriptor,
)
from samba.provision.common import (
setup_path,
@ -1479,6 +1480,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
if fill == FILL_FULL:
managedservice_descr = b64encode(get_managed_service_accounts_descriptor(names.domainsid))
setup_modify_ldif(samdb,
setup_path("provision_configuration_references.ldif"), {
"CONFIGDN": names.configdn,
@ -1493,8 +1495,10 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
if fill == FILL_FULL or fill == FILL_SUBDOMAIN:
setup_modify_ldif(samdb,
setup_path("provision_basedn_references.ldif"),
{"DOMAINDN": names.domaindn})
setup_path("provision_basedn_references.ldif"), {
"DOMAINDN": names.domaindn,
"MANAGEDSERVICE_DESCRIPTOR": managedservice_descr
})
logger.info("Setting up sam.ldb users and groups")
setup_add_ldif(samdb, setup_path("provision_users.ldif"), {

1
selftest/knownfail.d/functionalprep Normal file
View File

@ -0,0 +1 @@
^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_full_sd

8
source4/setup/provision.ldif
View File

@ -464,6 +464,14 @@ objectClass: top
objectClass: container
revision: 9
dn: CN=5e1574f6-55df-493e-a671-aaeffca6a100,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
dn: CN=d262aae8-41f7-48ed-9f35-56bbb677573d,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
# End domain updates
dn: CN=File Replication Service,CN=System,${DOMAINDN}

8
source4/setup/provision_basedn_references.ldif
View File

@ -1,6 +1,13 @@
###############################
# Domain Naming Context
###############################
dn: CN=Managed Service Accounts,${DOMAINDN}
changetype: add
objectClass: container
description: Default container for managed service accounts
showInAdvancedViewOnly: FALSE
nTSecurityDescriptor:: ${MANAGEDSERVICE_DESCRIPTOR}
dn: ${DOMAINDN}
changetype: modify
-
@ -19,4 +26,5 @@ wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN}
wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN}
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
otherWellKnownObjects: B:32:1EB93889E40C45DF9F0C64D23BBB6237:CN=Managed Service Accounts,${DOMAINDN}
-