sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-23 20:59:10 +03:00
Code Activity

provision: No longer use the wheel group in new AD Domains

Browse Source 
The issue here is that if we set S-1-5-32-544 (administrators) to a
GID only, then users cannot force a mandetory profile to be owned by
administrators (which is a requirement).

There is no particularly useful reason for us to enforce this matching
a system group.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2012-10-16 13:08:22 +11:00
parent b557f34c80
commit 9eb022c8c6
6 changed files with 29 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source4/scripting/python/samba/netcmd/domain.py
View File

@ -186,8 +186,6 @@ class cmd_domain_provision(Command):
help="choose 'root' unix username"),
Option("--nobody", type="string", metavar="USERNAME",
help="choose 'nobody' user"),
Option("--wheel", type="string", metavar="GROUPNAME",
help="choose 'wheel' privileged group"),
Option("--users", type="string", metavar="GROUPNAME",
help="choose 'users' group"),
Option("--quiet", help="Be quiet", action="store_true"),
@ -237,7 +235,6 @@ class cmd_domain_provision(Command):
ldapadminpass=None,
root=None,
nobody=None,
wheel=None,
users=None,
quiet=None,
blank=None,
@ -393,7 +390,7 @@ class cmd_domain_provision(Command):
krbtgtpass=krbtgtpass, machinepass=machinepass,
dns_backend=dns_backend, dns_forwarder=dns_forwarder,
dnspass=dnspass, root=root, nobody=nobody,
wheel=wheel, users=users,
users=users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
backend_type=ldap_backend_type,
ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls,