[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Thu May 13 09:12:58 MDT 2010
The branch, master has been updated
via 9ad9fd5... ldb:ldb_msg.c - use result constant
via 4da42b4... s4:domainlevel.py - update the script to handle both domain level occourrences on s4
via 38e9a7f... s4:domain functional level - it is also specified in the domain object under partitions
via 92aa194... s4:provision_configuration.ldif - add more extended rights objects
via 9005227... s4:provision_users.ldif - fix up and reorder the well-known security principals
via c715f6d... s4:provision_configuration.ldif - add more Windows 2008 forest operations
via eaea676... s4:provision_configuration.ldif - the revision level of "Windows2003Update" should obviously be 10
via 025eace... s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" operation is of version 3
via 47818b1... s4:provision*.ldif - always set the "msDS-NcType" attribute correctly
via 1885327... s4:provision_configuration.ldif - set the right schedule on the default site in the NTDS site settings
via 8acd8b9... s4:provision_configuration.ldif - The "NTDS Quotas" object is system-critical
via 79ac53e... s4:provision_configuration.ldif - "sites" object
via f57bcc9... s4:provision.ldif - add IP security objects as they exist on Windows Server
via 44e05dfb.. s4:provision.ldif - add more Windows 2008 domain operations
via cc2bd1f... s4:provision_users.ldif - On Windows Server >= 2008 security principal S-1-5-20 doesn't exist anymore
via 350c619... s4:provision.ldif - "passwordSettingsContainer" add "showInAdvancedViewOnly"
via bbb5825... s4:provision.ldif - fix up "NTDS Quotas" "systemFlags"
via b2bd02e... s4:provision_users.ldif - fix up Administrator's "userAccountControl"
via 8c79671... s4:provision_basedn_modify.ldif - fix up "maxPwdAge"
via 5e4d91f... s4:provision_users.ldif - Fix typos in user/group objects
from 72e65a0... s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9ad9fd5b7120b4fe1bc4296795b5e007a85d1387
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue May 11 22:52:55 2010 +0200
ldb:ldb_msg.c - use result constant
commit 4da42b4e80caba436e44a7f6e6583028d0225da3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 15:29:20 2010 +0200
s4:domainlevel.py - update the script to handle both domain level occourrences on s4
The second "modify" is located under a try-catch block to ignore the change
failure against Windows Server (there only the first change is required).
commit 38e9a7f5778eeff9c87cbb3812c8b0261b018b69
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 15:11:29 2010 +0200
s4:domain functional level - it is also specified in the domain object under partitions
Discovered by the "ldapcmp" tool
commit 92aa194145d6b75316c6d544afae290957022625
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 15:06:35 2010 +0200
s4:provision_configuration.ldif - add more extended rights objects
commit 9005227e7220d5dcd4aa474d2c074109a6a0f89c
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:51:10 2010 +0200
s4:provision_users.ldif - fix up and reorder the well-known security principals
commit c715f6d3f9b180bd6ad2ad5323cf69f0fe092b35
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:43:10 2010 +0200
s4:provision_configuration.ldif - add more Windows 2008 forest operations
commit eaea67691695498761b22176af02662b65ff91e8
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:33:40 2010 +0200
s4:provision_configuration.ldif - the revision level of "Windows2003Update" should obviously be 10
Compared against my Windows Server 2008 and Zahari's output.
commit 025eaceb5c042eeda873db3da2f66a9c9973f953
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:24:02 2010 +0200
s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" operation is of version 3
commit 47818b19fcd7248a2e95171a4e95c60c339da700
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:22:14 2010 +0200
s4:provision*.ldif - always set the "msDS-NcType" attribute correctly
commit 1885327b309992698331be51926eb89160883d4f
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:18:20 2010 +0200
s4:provision_configuration.ldif - set the right schedule on the default site in the NTDS site settings
commit 8acd8b97a6af9af781dc816642ef108c74d8e50a
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:14:31 2010 +0200
s4:provision_configuration.ldif - The "NTDS Quotas" object is system-critical
commit 79ac53eb3b775a78806f307e254b19f3c4280aa6
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 14:08:55 2010 +0200
s4:provision_configuration.ldif - "sites" object
- The default site doesn't contain a licensing object
- Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
commit f57bcc92b5b06465974a3276fde86d553fd78c04
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 12:10:54 2010 +0200
s4:provision.ldif - add IP security objects as they exist on Windows Server
commit 44e05dfb735467013d9bbe8c3c9f30c57ec249c3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:45:43 2010 +0200
s4:provision.ldif - add more Windows 2008 domain operations
commit cc2bd1f7779bfa587bbc5e56ecfe2e5e77a6e6f7
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:32:36 2010 +0200
s4:provision_users.ldif - On Windows Server >= 2008 security principal S-1-5-20 doesn't exist anymore
commit 350c61922e8fd535812d00573929e2c67446f14c
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:28:56 2010 +0200
s4:provision.ldif - "passwordSettingsContainer" add "showInAdvancedViewOnly"
commit bbb5825a6f94ed49f4d6dd8dc76e4947c7de0a8e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:24:20 2010 +0200
s4:provision.ldif - fix up "NTDS Quotas" "systemFlags"
commit b2bd02e11e5d83ff2e0a1c7b4ed1cedca772ce4b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:22:43 2010 +0200
s4:provision_users.ldif - fix up Administrator's "userAccountControl"
commit 8c796715c1c825e6fb21ed29440f6c8ca6c4bf6a
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:21:39 2010 +0200
s4:provision_basedn_modify.ldif - fix up "maxPwdAge"
commit 5e4d91f7aa44c06d8b464f5a65b08bb1b7af9da4
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu May 13 11:13:26 2010 +0200
s4:provision_users.ldif - Fix typos in user/group objects
-----------------------------------------------------------------------
Summary of changes:
source4/lib/ldb/common/ldb_msg.c | 2 +-
.../scripting/python/samba/netcmd/domainlevel.py | 25 ++
source4/scripting/python/samba/provision.py | 3 +-
source4/setup/provision.ldif | 357 +++++++++++++++++++-
source4/setup/provision_basedn_modify.ldif | 4 +-
source4/setup/provision_configuration.ldif | 194 ++++++++++-
source4/setup/provision_configuration_basedn.ldif | 1 +
source4/setup/provision_schema_basedn.ldif | 2 +-
source4/setup/provision_users.ldif | 49 ++--
9 files changed, 599 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c
index 2d2b34d..0322446 100644
--- a/source4/lib/ldb/common/ldb_msg.c
+++ b/source4/lib/ldb/common/ldb_msg.c
@@ -160,7 +160,7 @@ int ldb_msg_add(struct ldb_message *msg,
/* We have to copy this, just in case *el is a pointer into
* what ldb_msg_add_empty() is about to realloc() */
struct ldb_message_element el_copy = *el;
- if (ldb_msg_add_empty(msg, el->name, flags, NULL) != 0) {
+ if (ldb_msg_add_empty(msg, el->name, flags, NULL) != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/source4/scripting/python/samba/netcmd/domainlevel.py b/source4/scripting/python/samba/netcmd/domainlevel.py
index f7e67a2..310747a 100644
--- a/source4/scripting/python/samba/netcmd/domainlevel.py
+++ b/source4/scripting/python/samba/netcmd/domainlevel.py
@@ -185,17 +185,42 @@ class cmd_domainlevel(Command):
# Deactivate mixed/interim domain support
if level_domain_mixed != 0:
+ # Directly on the base DN
m = ldb.Message()
m.dn = ldb.Dn(samdb, domain_dn)
m["nTMixedDomain"] = ldb.MessageElement("0",
ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
samdb.modify(m)
+ # Under partitions
+ m = ldb.Message()
+ m.dn = ldb.Dn(samdb, "CN=" + lp.get("workgroup")
+ + ",CN=Partitions,CN=Configuration," + domain_dn)
+ m["nTMixedDomain"] = ldb.MessageElement("0",
+ ldb.FLAG_MOD_REPLACE, "nTMixedDomain")
+ try:
+ samdb.modify(m)
+ except LdbError, (num, _):
+ pass
+
+ # Directly on the base DN
m = ldb.Message()
m.dn = ldb.Dn(samdb, domain_dn)
m["msDS-Behavior-Version"]= ldb.MessageElement(
str(new_level_domain), ldb.FLAG_MOD_REPLACE,
"msDS-Behavior-Version")
samdb.modify(m)
+ # Under partitions
+ m = ldb.Message()
+ m.dn = ldb.Dn(samdb, "CN=" + lp.get("workgroup")
+ + ",CN=Partitions,CN=Configuration," + domain_dn)
+ m["msDS-Behavior-Version"]= ldb.MessageElement(
+ str(new_level_domain), ldb.FLAG_MOD_REPLACE,
+ "msDS-Behavior-Version")
+ try:
+ samdb.modify(m)
+ except LdbError, (num, _):
+ pass
+
level_domain = new_level_domain
msgs.append("Domain function level changed!")
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index fa2dabe..f7db2e7 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -976,7 +976,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
"SCHEMADN": names.schemadn,
"DOMAINDN": names.domaindn,
"SERVERDN": names.serverdn,
- "FOREST_FUNCTIONALALITY": str(forestFunctionality)
+ "FOREST_FUNCTIONALALITY": str(forestFunctionality),
+ "DOMAIN_FUNCTIONALITY": str(domainFunctionality)
})
message("Setting up display specifiers")
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index e52b4f0..dc08450 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -76,7 +76,7 @@ objectClass: top
objectClass: msDS-QuotaContainer
description: Quota specifications container
msDS-TombstoneQuotaFactor: 100
-systemFlags: -1946157056
+systemFlags: -2147483648
isCriticalSystemObject: TRUE
dn: CN=Program Data,${DOMAINDN}
@@ -382,6 +382,78 @@ dn: CN=6E157EDF-4E72-4052-A82A-EC3F91021A22,CN=Operations,CN=DomainUpdates,CN=Sy
objectClass: top
objectClass: container
+dn: CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=231fb90b-c92a-40c9-9379-bacfc313a3e3,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=2951353e-d102-4ea5-906c-54247eeec741,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=4c93ad42-178a-4275-8600-16811d28f3aa,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=57428d75-bef7-43e1-938b-2e749f5a8d56,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=61b34cb0-55ee-4be9-b595-97810b92b017,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=71482d49-8870-4cb3-a438-b6fc9ec35d70,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=9738c400-7795-4d6e-b19d-c16cd6486166,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=aed72870-bf16-4788-8ac7-22299c8207f1,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=b96ed344-545a-4172-aa0c-68118202f125,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=de10d491-909f-4fb0-9abb-4b7865c0fe80,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=ebad865a-d649-416f-9922-456b53bbb5b8,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
+dn: CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca,CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: container
+
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
@@ -416,11 +488,293 @@ objectClass: linkTrackVolumeTable
systemFlags: -1946157056
isCriticalSystemObject: TRUE
+# IP security objects
+
dn: CN=IP Security,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
isCriticalSystemObject: TRUE
+dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
+ipsecName: Server (Request Security)
+ipsecID: {72385230-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {72385231-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABo0hlRHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to request.
+ipsecName: Request Security (Optional) Rule
+ipsecID: {72385232-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319BE2-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Permit unsecure ICMP packets to pass through.
+ipsecName: Permit unsecure ICMP packets to pass through.
+ipsecID: {594272E2-071D-11D3-AD22-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Accepts unsecured communication, but requests clients to establish trust and security methods. Will communicate insecurely to untrusted clients if they do not respond to request.
+ipsecName: Request Security (Optional)
+ipsecID: {72385233-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIZQBAAAFAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAFwAUwBlAHIAdgBpAGMAZQBzAFwAUABvAGwAaQBjAHkAQQBnAGUAbgCEAwAAoIYBAAAAAAAAAAAAAQAAAAEAAAACAAAAAgAAAEAAAAAIAAAAAAAAAFX0sjdcAEwAbwBjABUADwABAAgAIAJlACACZQBYxHYF+M54BSwBAACghgEAAAAAAAAAAAABAAAAAgAAAAAAAAABAAAAQAAAAAgAAAAtADkAQQBDADEALQA0AEQANgBEAC0AQQAxAEIAMAAtADEANQA4ADcALAEAAKCGAQAAAAAAAAAAAAEAAAABAAAAAAAAAAEAAABAAAAACAAAAGUAdABcAFMAZQByAHYAaQBjAGUAcwBcAFAAbwBsAGkAYwB5AEEAZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAgAAAEAAAAAIAAAANgBDAC0AMwBCADkANwAtADQANQA1ADIALQA4AEUANAA1AC0AOQA5AAA=
+ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000}
+
+dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecFilter
+description: Matches all IP packets from this computer to any other computer, except broadcast, multicast, Kerberos, RSVP and ISAKMP (IKE).
+ipsecName: All IP Traffic
+ipsecID: {7238523A-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: tSDcgMgu0RGongCgJI0wIUoAAAABAAAAAgAAAAAAAgAAAAAAAgAAAAAA3ZsxWeNe0hGs6ABgsOzKFwEAAAAAAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+ipsecOwnersReference: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319BDF-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Permit unsecured IP packets to pass through.
+ipsecName: Permit
+ipsecID: {7238523B-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIQQAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD2-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecFilter
+description: Matches all ICMP packets between this computer and any other computer.
+ipsecName: All ICMP Traffic
+ipsecID: {72385235-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: tSDcgMgu0RGongCgJI0wIVIAAAABAAAAAgAAAAAAAgAAAAAACgAAAEkAQwBNAFAAAABj0hlRHQfTEa0iAGCw7MoXAQAAAAAAAAD/////AAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecOwnersReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured.
+ipsecName: Client (Respond Only)
+ipsecID: {72385236-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {72385237-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAABz7EFfHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319C04-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319C01-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecPolicy
+description: For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.
+ipsecName: Secure Server (Require Security)
+ipsecID: {7238523C-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: YyEgIkxP0RGGOwCgJI0wIQQAAAAwKgAAAA==
+ipsecISAKMPReference: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNFAReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecISAKMPPolicy
+ipsecID: {7238523D-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uCDcgMgu0RGongCgJI0wIUABAAD5ckJZHQfTEa0iAGCw7MoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAADNzQMAAABAAAAACAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0CAAAAAAAAAAAAAACAcAAAzc3NzQAAzc0DAAAAQAAAAAgAAAABAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAzc3NAgAAAAAAAAAAAAAAgHAAAM3Nzc0AAM3NAQAAAEAAAAAIAAAAAgAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAM3NzQEAAAAAAAAAAAAAAIBwAADNzc3NAADNzQEAAABAAAAACAAAAAEAAABAAAAAAAAAAAAAAAAAAAAAAAAAAADNzc0BAAAAAAAAAAAAAACAcAAAzc3NzQA=
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
+ipsecName: Require Security
+ipsecID: {7238523E-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+ipsecID: {59319BF3-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Permit unsecure ICMP packets to pass through.
+ipsecName: Permit unsecure ICMP packets to pass through.
+ipsecID: {594272FD-071D-11D3-AD22-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: AKy7EY1J0RGGOQCgJI0wISoAAAABAAAABQAAAAIAAAAAAP3///8CAAAAAAAAAAAAAAAAAAEAAAACAAAAAAAA
+ipsecOwnersReference: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecNegotiationPolicyReference: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+ipsecFilterReference: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+
+dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+description: Accepts unsecured communication, but always requires clients to establish trust and security methods. Will NOT communicate with untrusted clients.
+ipsecName: Require Security
+ipsecID: {7238523F-70FA-11D1-864C-14A300000000}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIUQBAAAEAAAAhAMAAKCGAQAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAHUAcgByAGUAbgB0AEMAbwBuAHQAcgBvAGwAUwBlAHQAXABTAGUAcgCEAwAAoIYBAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAcABzAGUAYwBOAEYAQQB7ADcAMgAzADgANQAyADMARQAtADcAMABGAIQDAACghgEAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAABsAGkAYwB5AFwATABvAGMAYQBsAFwAaQBwAHMAZQBjAE4ARgBBAHsAhAMAAKCGAQAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAGUAYwBOAEYAQQB7AEIARgBDADcAQwAzADUAQQAtAEIANQA5ADIALQAA
+ipsecOwnersReference: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E10-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {3F91A81A-7647-11D1-864D-D46A00000000}
+
+dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNegotiationPolicy
+ipsecID: {59319BF0-5EE3-11D2-ACE8-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: uSDcgMgu0RGongCgJI0wIeQBAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAgAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAMAAAABAAAAAgAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAIAAAACAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAIAAABAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAQAAAEAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAAAAAABAAAAQAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+ipsecOwnersReference: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+isCriticalSystemObject: TRUE
+iPSECNegotiationPolicyType: {62F49E13-6C37-11D1-864C-14A300000000}
+iPSECNegotiationPolicyAction: {8A171DD3-77E3-11D1-8659-A04F00000000}
+
+dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,${DOMAINDN}
+objectClass: top
+objectClass: ipsecBase
+objectClass: ipsecNFA
+description: Version Information Object
+ipsecName: Version Information Object
+ipsecID: {6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17}
+ipsecDataType: 598
+ipsecData:: b1wfardy0hGs8ABgsOzKF1AAAAAAAAEApmamNhoAAABXAGkAbgBkAG8AdwBzACAAMgAwADAAMAAAABwAAABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAAAABgAAAA0ACgAAAACsuxGNSdERhjkAoCSNMCEqAAAAAQAAAAUAAAACAAAAAAD9////AgAAAAAAAAAAAAAAAAABAAAAAgAAAAAAAA==
+isCriticalSystemObject: TRUE
+
+# End IP security objects
+
dn: CN=Meetings,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
@@ -435,6 +789,7 @@ dn: CN=Password Settings Container,CN=System,${DOMAINDN}
objectClass: top
objectClass: msDS-PasswordSettingsContainer
systemFlags: -1946157056
+showInAdvancedViewOnly: TRUE
dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 9fe0c60..1d5345c 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -33,9 +33,9 @@ lockoutThreshold: 0
-
# "masteredBy" filled in later
replace: maxPwdAge
-maxPwdAge: -37108517437440
+maxPwdAge: -36288000000000
-
-# FIXME: This should be "-864000000000" when we fully comply with passwords pol.
+# "minPwdAge" is "0" in order to let the password change tests pass
replace: minPwdAge
minPwdAge: 0
-
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index 13d162e..b913eba 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -639,6 +639,66 @@ appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
localizationDisplayId: 28
validAccesses: 256
+dn: CN=DS-Replication-Get-Changes-In-Filtered-Set,CN=Extended-Rights,${CONFIGDN}
+objectClass: top
+objectClass: controlAccessRight
+displayName: Replicating Directory Changes In Filtered Set
+rightsGuid: 89e95b76-444d-4c62-991a-0facbeda640c
+appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
+appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2
+appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9
--
Samba Shared Repository
More information about the samba-cvs
mailing list