mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
5eb3b919c5
We can't allocate a objectSID until we have rIDSetReferences, but that is in the DC object, so we have to force the objectSID of the DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
95 lines
3.1 KiB
Plaintext
95 lines
3.1 KiB
Plaintext
# Accounts for selfjoin (joins DC to itself)
|
|
|
|
# Object under "Domain Controllers"
|
|
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
objectClass: computer
|
|
accountExpires: 9223372036854775807
|
|
dNSHostName: ${DNSNAME}
|
|
# "frsComputerReferenceBL" doesn't exist since we still miss FRS support
|
|
isCriticalSystemObject: TRUE
|
|
localPolicyFlags: 0
|
|
operatingSystem: Samba
|
|
operatingSystemVersion: ${SAMBA_VERSION_STRING}
|
|
primaryGroupID: 516
|
|
rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
|
|
# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
|
|
# "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS
|
|
servicePrincipalName: GC/${DNSNAME}/${REALM}
|
|
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
|
servicePrincipalName: HOST/${NETBIOSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
|
# "servicePrincipalName"s with GUIDs are located in
|
|
# "provision_self_join_modify.ldif"
|
|
servicePrincipalName: ldap/${DNSNAME}/${DOMAIN}
|
|
servicePrincipalName: ldap/${NETBIOSNAME}
|
|
servicePrincipalName: ldap/${DNSNAME}
|
|
servicePrincipalName: ldap/${DNSNAME}/${REALM}
|
|
userAccountControl: 532480
|
|
userPassword:: ${MACHINEPASS_B64}
|
|
objectSID: ${DOMAINSID}-1001
|
|
|
|
dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: rIDSet
|
|
rIDAllocationPool: 1000-1499
|
|
rIDPreviousAllocationPool: 1000-1499
|
|
rIDUsedPool: 0
|
|
rIDNextRID: 1001
|
|
|
|
|
|
# Here are missing the objects for the NTFRS subscription and the RID set since
|
|
# we don't support those techniques (FRS, distributed RIDs) yet.
|
|
|
|
# Objects under "Configuration/Sites/<Default sitename>/Servers"
|
|
|
|
dn: ${SERVERDN}
|
|
objectClass: top
|
|
objectClass: server
|
|
systemFlags: 1375731712
|
|
dNSHostName: ${DNSNAME}
|
|
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
|
|
dn: CN=NTDS Settings,${SERVERDN}
|
|
objectClass: top
|
|
objectClass: applicationSettings
|
|
objectClass: nTDSDSA
|
|
dMDLocation: ${SCHEMADN}
|
|
hasMasterNCs: ${CONFIGDN}
|
|
hasMasterNCs: ${SCHEMADN}
|
|
hasMasterNCs: ${DOMAINDN}
|
|
invocationId: ${INVOCATIONID}
|
|
msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
|
|
msDS-HasDomainNCs: ${DOMAINDN}
|
|
# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS
|
|
msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
|
|
msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
|
|
msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
|
|
# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS
|
|
msDS-hasMasterNCs: ${CONFIGDN}
|
|
msDS-hasMasterNCs: ${SCHEMADN}
|
|
msDS-hasMasterNCs: ${DOMAINDN}
|
|
options: 1
|
|
systemFlags: 33554432
|
|
${NTDSGUID}
|
|
|
|
# Provides an account for DNS keytab export
|
|
dn: CN=dns,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
description: DNS Service Account
|
|
userAccountControl: 514
|
|
accountExpires: 9223372036854775807
|
|
sAMAccountName: dns
|
|
servicePrincipalName: DNS/${DNSDOMAIN}
|
|
userPassword:: ${DNSPASS_B64}
|
|
isCriticalSystemObject: TRUE
|