mirror of
https://github.com/samba-team/samba.git
synced 2025-01-06 13:18:07 +03:00
66b2a04346
templating support for foreignSecurityPrincipals to the samdb module.
This is an extension beyond what microsoft does, and has been very
useful :-)
The setup scripts have been modified to use the new template, as has
the SAMR and LSA code.
Other cleanups in LSA remove the assumption that the short domain name
is the first component of the realm.
Also add a lot of useful debug messages, to make it clear how/why the
SamSync may have gone wrong. Many of these should perhaps be hooked
into an error string.
Andrew Bartlett
(This used to be commit 1f071b0609)
144 lines
3.2 KiB
Plaintext
144 lines
3.2 KiB
Plaintext
dn: CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Templates
|
|
description: Container for SAM account templates
|
|
instanceType: 4
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
###
|
|
# note! the template users must not match normal searches. Be careful
|
|
# with what classes you put them in
|
|
###
|
|
|
|
dn: CN=TemplateUser,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateUser
|
|
instanceType: 4
|
|
userAccountControl: 0x202
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000000
|
|
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateMemberServer
|
|
instanceType: 4
|
|
userAccountControl: 0x1002
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000001
|
|
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateDomainController
|
|
instanceType: 4
|
|
userAccountControl: 0x2002
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000001
|
|
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateTrustingDomain
|
|
instanceType: 4
|
|
userAccountControl: 0x820
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000002
|
|
|
|
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: groupTemplate
|
|
cn: TemplateGroup
|
|
instanceType: 4
|
|
groupType: 0x80000002
|
|
sAMAccountType: 0x10000000
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateAlias,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: aliasTemplate
|
|
cn: TemplateAlias
|
|
instanceType: 4
|
|
groupType: 0x80000004
|
|
sAMAccountType: 0x10000000
|
|
|
|
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: foreignSecurityPrincipalTemplate
|
|
cn: TemplateForeignSecurityPrincipal
|
|
instanceType: 4
|
|
showInAdvancedViewOnly: TRUE
|
|
objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: leaf
|
|
objectClass: Template
|
|
objectClass: secretTemplate
|
|
cn: TemplateSecret
|
|
instanceType: 4
|
|
|
|
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: leaf
|
|
objectClass: Template
|
|
objectClass: trustedDomainTemplate
|
|
cn: TemplateTrustedDomain
|
|
instanceType: 4
|
|
|