mirror of
https://github.com/samba-team/samba.git
synced 2025-02-25 17:57:42 +03:00
s4-provision Split addition of users and well known principals
If we are provisioning a subdomain, then these are already in cn=configuration. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
parent
6635bb70d3
commit
846e342648
@ -1401,20 +1401,25 @@ def fill_samdb(samdb, lp, names,
|
||||
|
||||
# If we are setting up a subdomain, then this has been replicated in, so we don't need to add it
|
||||
if fill == FILL_FULL:
|
||||
setup_modify_ldif(samdb,
|
||||
setup_path("provision_configuration_references.ldif"), {
|
||||
"CONFIGDN": names.configdn,
|
||||
"SCHEMADN": names.schemadn})
|
||||
|
||||
logger.info("Setting up well known security principals")
|
||||
setup_add_ldif(samdb, setup_path("provision_well_known_sec_princ.ldif"), {
|
||||
"CONFIGDN": names.configdn,
|
||||
})
|
||||
|
||||
if fill == FILL_FULL or fill == FILL_SUBDOMAIN:
|
||||
setup_modify_ldif(samdb,
|
||||
setup_path("provision_basedn_references.ldif"),
|
||||
{"DOMAINDN": names.domaindn})
|
||||
|
||||
setup_modify_ldif(samdb,
|
||||
setup_path("provision_configuration_references.ldif"), {
|
||||
"CONFIGDN": names.configdn,
|
||||
"SCHEMADN": names.schemadn})
|
||||
if fill == FILL_FULL or fill == FILL_SUBDOMAIN:
|
||||
logger.info("Setting up sam.ldb users and groups")
|
||||
setup_add_ldif(samdb, setup_path("provision_users.ldif"), {
|
||||
"DOMAINDN": names.domaindn,
|
||||
"DOMAINSID": str(domainsid),
|
||||
"CONFIGDN": names.configdn,
|
||||
"ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
|
||||
"KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
|
||||
})
|
||||
|
||||
@ -432,139 +432,3 @@ systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
# Add well known security principals
|
||||
|
||||
dn: CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -2147483648
|
||||
|
||||
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-7
|
||||
|
||||
dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-11
|
||||
|
||||
dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-3
|
||||
|
||||
dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-3-1
|
||||
|
||||
dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-3-0
|
||||
|
||||
dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-1
|
||||
|
||||
dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-64-21
|
||||
|
||||
dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-9
|
||||
|
||||
dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-1-0
|
||||
|
||||
dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-4
|
||||
|
||||
dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-17
|
||||
|
||||
dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-19
|
||||
|
||||
dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-2
|
||||
|
||||
dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-20
|
||||
|
||||
dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-64-10
|
||||
|
||||
dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-1000
|
||||
|
||||
dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-3-4
|
||||
|
||||
dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-8
|
||||
|
||||
dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-14
|
||||
|
||||
dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-12
|
||||
|
||||
dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-64-14
|
||||
|
||||
dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-10
|
||||
|
||||
dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-6
|
||||
|
||||
dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-18
|
||||
|
||||
dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-13
|
||||
|
||||
dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-15
|
||||
|
||||
136
source4/setup/provision_well_known_sec_princ.ldif
Normal file
136
source4/setup/provision_well_known_sec_princ.ldif
Normal file
@ -0,0 +1,136 @@
|
||||
# Add well known security principals
|
||||
|
||||
dn: CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -2147483648
|
||||
|
||||
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-7
|
||||
|
||||
dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-11
|
||||
|
||||
dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-3
|
||||
|
||||
dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-3-1
|
||||
|
||||
dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-3-0
|
||||
|
||||
dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-1
|
||||
|
||||
dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-64-21
|
||||
|
||||
dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-9
|
||||
|
||||
dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-1-0
|
||||
|
||||
dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-4
|
||||
|
||||
dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-17
|
||||
|
||||
dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-19
|
||||
|
||||
dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-2
|
||||
|
||||
dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-20
|
||||
|
||||
dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-64-10
|
||||
|
||||
dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-1000
|
||||
|
||||
dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-3-4
|
||||
|
||||
dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-8
|
||||
|
||||
dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-14
|
||||
|
||||
dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-12
|
||||
|
||||
dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-64-14
|
||||
|
||||
dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-10
|
||||
|
||||
dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-6
|
||||
|
||||
dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-18
|
||||
|
||||
dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-13
|
||||
|
||||
dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
objectSid: S-1-5-15
|
||||
Loading…
x
Reference in New Issue
Block a user