From 3ed1ba6feddbf7ccaddf49319344787bd7506780 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 22 Jul 2015 12:44:32 +0200
Subject: [PATCH] s4:provision: use better values for operatingSystem[Version]

Some clients (e.g. an exchange server) check operatingSystemVersion
in order to check if a domain controller is new enough.

So we better use a value matching the dc functional level.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 python/samba/provision/__init__.py     | 11 ++++++++++-
 source4/setup/provision_self_join.ldif |  4 ++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index bf073a5c371..2e418f1e654 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1137,6 +1137,14 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
     if dc_rid is None:
         dc_rid = next_rid
 
+    # Some clients/applications (like exchange) make use of
+    # the operatingSystemVersion attribute in order to
+    # find if a DC is good enough.
+    #
+    # So we better use a value matching a Windows DC
+    # with the same domainControllerFunctionality level
+    operatingSystemVersion = samba.dsdb.dc_operatingSystemVersion(domainControllerFunctionality)
+
     setup_add_ldif(samdb, setup_path("provision_self_join.ldif"), {
               "CONFIGDN": names.configdn,
               "SCHEMADN": names.schemadn,
@@ -1148,7 +1156,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
               "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')).decode('utf8'),
               "DOMAINSID": str(domainsid),
               "DCRID": str(dc_rid),
-              "SAMBA_VERSION_STRING": version,
+              "OPERATING_SYSTEM": "Samba-%s" % version,
+              "OPERATING_SYSTEM_VERSION": operatingSystemVersion,
               "NTDSGUID": ntdsguid_line,
               "DOMAIN_CONTROLLER_FUNCTIONALITY": str(
                   domainControllerFunctionality),
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 92bf4d9cf8f..e7a711f5a02 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -12,8 +12,8 @@ dNSHostName: ${DNSNAME}
 # "MSDFSR-ComputerReferenceBL" doesn't exist since we still miss DFSR support
 # "isCritcalSystemObject" is now filled in by the samldb LDB module
 localPolicyFlags: 0
-operatingSystem: Samba
-operatingSystemVersion: ${SAMBA_VERSION_STRING}
+operatingSystem: ${OPERATING_SYSTEM}
+operatingSystemVersion: ${OPERATING_SYSTEM_VERSION}
 sAMAccountName: ${NETBIOSNAME}$
 userAccountControl: 532480
 clearTextPassword:: ${MACHINEPASS_B64}