[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Sun Jan 10 16:46:13 MST 2010
The branch, master has been updated
via 73422e7... Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
via 3af84c1... Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
via 306de30... Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
via aa45015... Revert "s4:provision_users.ldif - Add objects for IIS"
via d0123e0... s4-selftest: when a command fails show both normal and expanded command
via 1eebdfd... s4-test: fixed make test without having done make install
from 2cedefa... s4:upgradeprovision - fix up the script regarding linked attributes
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 73422e7dd866f9c65e1ba5cd42fd027b5acf3a40
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Jan 11 10:08:30 2010 +1100
Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
This reverts commit 5c174c68ccba7506147feab1d09ad676792139b3.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
commit 3af84c1cde9f210f9ee6608b2509a58646226127
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Jan 11 10:07:53 2010 +1100
Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
This reverts commit 61dfd3dc1dce2c0dd6693de80930af312ad3e39f.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
commit 306de3051d8780c3ff2f97e0c61c28e5519aa661
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Jan 11 10:06:58 2010 +1100
Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
This reverts commit 9ee895fcf6327b1c2f5ee09fa565bd62974e9c58.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
commit aa4501538a6df60719b0ab988cbd94f4495dacf1
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Jan 11 10:05:50 2010 +1100
Revert "s4:provision_users.ldif - Add objects for IIS"
This reverts commit 91e210028790397996659116446e6add452707f6.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
commit d0123e0a9a4a9dc2e28d6f66afce73b9ab0b0936
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Jan 11 09:36:48 2010 +1100
s4-selftest: when a command fails show both normal and expanded command
It is sometimes hard to tell which varient of something like
$SMB_CONF_PATH or $USERNAME is being used in a test. By giving both
the expanded command ($command with environment variables expanded)
and non-expanded command it is easier to reproduce bugs outside the
test environment.
commit 1eebdfdbe7200fdc7788834a28818f8e0155904a
Author: Andrew Tridgell <tridge at samba.org>
Date: Mon Jan 11 09:29:29 2010 +1100
s4-test: fixed make test without having done make install
client.conf didn't specify "setup directory"
-----------------------------------------------------------------------
Summary of changes:
selftest/selftest.pl | 13 +++
source4/setup/provision_users.ldif | 210 ++++++++++++++----------------------
2 files changed, 92 insertions(+), 131 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 3536d41..883d2a0 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -212,6 +212,17 @@ sub cleanup_pcap($$)
unlink($pcap_file);
}
+# expand strings from %ENV
+sub expand_environment_strings($)
+{
+ my $s = shift;
+ # we use a reverse sort so we do the longer ones first
+ foreach my $k (sort { $b cmp $a } keys %ENV) {
+ $s =~ s/\$$k/$ENV{$k}/g;
+ }
+ return $s;
+}
+
sub run_testsuite($$$$$)
{
my ($envname, $name, $cmd, $i, $totalsuites) = @_;
@@ -255,6 +266,7 @@ sub run_testsuite($$$$$)
}
print "command: $cmd\n";
+ printf "expanded command: %s\n", expand_environment_strings($cmd);
my $exitcode = $ret >> 8;
@@ -587,6 +599,7 @@ sub write_clientconf($$)
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
modules dir = $ENV{LD_SAMBA_MODULE_PATH}
+ setup directory = ./setup
";
close(CF);
}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 2247094..c27249d 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -75,54 +75,43 @@ isCriticalSystemObject: TRUE
# Add other groups
-dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members of this group are Read-Only Domain Controllers in the enterprise
-objectSid: ${DOMAINSID}-498
-sAMAccountName: Enterprise Read-Only Domain Controllers
-groupType: -2147483640
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
isCriticalSystemObject: TRUE
-dn: CN=Domain Admins,CN=Users,${DOMAINDN}
+dn: CN=Schema Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Designated administrators of the domain
+description: Designated administrators of the schema
member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-512
+objectSid: ${DOMAINSID}-518
adminCount: 1
-sAMAccountName: Domain Admins
+sAMAccountName: Schema Admins
isCriticalSystemObject: TRUE
dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group are permitted to publish certificates to the Active Directory
+groupType: -2147483644
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
-groupType: -2147483644
isCriticalSystemObject: TRUE
-dn: CN=Schema Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Designated administrators of the schema
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-518
-adminCount: 1
-sAMAccountName: Schema Admins
-groupType: -2147483640
-isCriticalSystemObject: TRUE
-
-dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+dn: CN=Domain Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Designated administrators of the enterprise
+description: Designated administrators of the domain
member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-519
+objectSid: ${DOMAINSID}-512
adminCount: 1
-sAMAccountName: Enterprise Admins
-groupType: -2147483640
+sAMAccountName: Domain Admins
isCriticalSystemObject: TRUE
dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
@@ -134,47 +123,57 @@ objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
isCriticalSystemObject: TRUE
+dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Servers in this group can access remote access properties of users
+objectSid: ${DOMAINSID}-553
+sAMAccountName: RAS and IAS Servers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members of this group are Read-Only Domain Controllers in the domain
+description: Read-only domain controllers
objectSid: ${DOMAINSID}-521
-adminCount: 1
sAMAccountName: Read-Only Domain Controllers
+groupType: -2147483644
isCriticalSystemObject: TRUE
-dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Servers in this group can access remote access properties of users
-objectSid: ${DOMAINSID}-553
-sAMAccountName: RAS and IAS Servers
+description: Enterprise read-only domain controllers
+objectSid: ${DOMAINSID}-498
+sAMAccountName: Enterprise Read-Only Domain Controllers
groupType: -2147483644
isCriticalSystemObject: TRUE
-dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN}
+dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain.
-objectSid: ${DOMAINSID}-571
-sAMAccountName: Allowed RODC Password Replication Group
+description: Certificate Service DCOM Access
+objectSid: ${DOMAINSID}-574
+sAMAccountName: Certificate Service DCOM Access
groupType: -2147483644
isCriticalSystemObject: TRUE
-dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN}
+dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain.
-member: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
-member: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
-member: CN=Domain Admins,CN=Users,${DOMAINDN}
-member: CN=Cert Publishers,CN=Users,${DOMAINDN}
-member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
-member: CN=Schema Admins,CN=Users,${DOMAINDN}
-member: CN=Domain Controllers,CN=Users,${DOMAINDN}
-member: CN=krbtgt,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-572
-sAMAccountName: Denied RODC Password Replication Group
+description: Cryptographic Operators
+objectSid: ${DOMAINSID}-569
+sAMAccountName: Cryptographic Operators
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Event Log Readers
+objectSid: ${DOMAINSID}-573
+sAMAccountName: Event Log Readers
groupType: -2147483644
isCriticalSystemObject: TRUE
@@ -195,11 +194,6 @@ objectClass: top
objectClass: foreignSecurityPrincipal
objectSid: S-1-5-11
-dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-17
-
dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: foreignSecurityPrincipal
@@ -246,28 +240,6 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Members can administer domain user and group accounts
-objectSid: S-1-5-32-548
-adminCount: 1
-sAMAccountName: Account Operators
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-
-dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Members can administer domain servers
-objectSid: S-1-5-32-549
-adminCount: 1
-sAMAccountName: Server Operators
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-
dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@@ -301,17 +273,6 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: A backward compatibility group which allows read access on all users and groups in the domain
-member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectSid: S-1-5-32-554
-sAMAccountName: Pre-Windows 2000 Compatible Access
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-
dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@@ -332,16 +293,6 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Members of this group can create incoming, one-way trusts to this forest
-objectSid: S-1-5-32-557
-sAMAccountName: Incoming Forest Trust Builders
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-
dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@@ -363,74 +314,76 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
+dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
-member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectSid: S-1-5-32-560
-sAMAccountName: Windows Authorization Access Group
+description: Members can administer domain servers
+objectSid: S-1-5-32-549
+adminCount: 1
+sAMAccountName: Server Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
+dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Terminal Server License Servers
-objectSid: S-1-5-32-561
-sAMAccountName: Terminal Server License Servers
+description: Members can administer domain user and group accounts
+objectSid: S-1-5-32-548
+adminCount: 1
+sAMAccountName: Account Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
+dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
-objectSid: S-1-5-32-562
-sAMAccountName: Distributed COM Users
+description: A backward compatibility group which allows read access on all users and groups in the domain
+member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-554
+sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=IIS_IUSRS,CN=Builtin,${DOMAINDN}
+dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Integrated group used by the IIS
-member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectSid: S-1-5-32-568
-sAMAccountName: IIS_IUSRS
+description: Members of this group can create incoming, one-way trusts to this forest
+objectSid: S-1-5-32-557
+sAMAccountName: Incoming Forest Trust Builders
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN}
+dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members are authorized to perform cryptographic operations.
-objectSid: S-1-5-32-569
-sAMAccountName: Cryptographic Operators
+description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
+member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-560
+sAMAccountName: Windows Authorization Access Group
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN}
+dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members of this group can read event logs from local machine.
-objectSid: S-1-5-32-573
-sAMAccountName: Event Log Readers
+description: Terminal Server License Servers
+objectSid: S-1-5-32-561
+sAMAccountName: Terminal Server License Servers
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
-dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN}
+dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
-description: Members of this group are allowed to connect to Certification Authorities in the enterprise.
-objectSid: S-1-5-32-574
-sAMAccountName: Certificate Service DCOM Access
+description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
+objectSid: S-1-5-32-562
+sAMAccountName: Distributed COM Users
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -492,11 +445,6 @@ objectClass: top
objectClass: foreignSecurityPrincipal
objectSid: S-1-5-4
-dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-17
-
dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: foreignSecurityPrincipal
--
Samba Shared Repository
More information about the samba-cvs
mailing list