[SAMBA 4] Patches for "systemFlags"

Matthias Dieter Wallnöfer mwallnoefer at yahoo.de
Tue Jun 30 02:01:01 MDT 2009


Here the mentioned patches.

Matthias
-------------- next part --------------
diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif
index a5319f6..e4e4309 100644
--- a/source4/setup/provision_rootdse_add.ldif
+++ b/source4/setup/provision_rootdse_add.ldif
@@ -7,6 +7,7 @@ rootDomainNamingContext: ${ROOTDN}
 configurationNamingContext: ${CONFIGDN}
 schemaNamingContext: ${SCHEMADN}
 supportedLDAPVersion: 3
+supportedLDAPVersion: 2
 dnsHostName: ${DNSNAME}
 ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
 serverName: ${SERVERDN}
-------------- next part --------------
diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif
index 669a153..dc76077 100644
--- a/source4/setup/display_specifiers.ldif
+++ b/source4/setup/display_specifiers.ldif
@@ -1,6 +1,8 @@
 dn: CN=DisplaySpecifiers,${CONFIGDN}
 objectClass: top
 objectClass: container
+objectVersion: 1
+systemFlags: -2147483648
 
 dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN}
 objectClass: top
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 1afe72f..e5b20d0 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -3,7 +3,7 @@ objectClass: top
 objectClass: organizationalUnit
 cn: Domain Controllers
 description: Default container for domain controllers
-systemFlags: 2348810240
+systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: FALSE
 
@@ -12,7 +12,7 @@ objectClass: top
 objectClass: container
 cn: ForeignSecurityPrincipals
 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
-systemFlags: 2348810240
+systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: FALSE
 
@@ -21,14 +21,14 @@ objectClass: top
 objectClass: container
 cn: System
 description: Builtin system settings
-systemFlags: 2348810240
+systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 
 dn: CN=RID Manager$,CN=System,${DOMAINDN}
 objectclass: top
 objectclass: rIDManager
 cn: RID Manager$
-systemFlags: 2348810240
+systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
 rIDAvailablePool: 4611686014132423217
@@ -48,7 +48,7 @@ dn: CN=Infrastructure,${DOMAINDN}
 objectclass: top
 objectclass: infrastructureUpdate
 cn: Infrastructure
-systemFlags: 2348810240
+systemFlags: -1946157056
 isCriticalSystemObject: TRUE
 fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
 
@@ -56,7 +56,7 @@ dn: CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: builtinDomain
 cn: Builtin
-forceLogoff: 9223372036854775808
+forceLogoff: -9223372036854775808
 lockoutDuration: -18000000000
 lockOutObservationWindow: -18000000000
 lockoutThreshold: 0
@@ -73,10 +73,12 @@ uASCompat: 1
 modifiedCount: 1
 isCriticalSystemObject: TRUE
 showInAdvancedViewOnly: FALSE
+systemFlags: -1946157056
 
 dn: CN=Policies,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
+systemFlags: -1946157056
 
 dn: CN=IP Security,CN=System,${DOMAINDN}
 objectClass: top
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 7b13a19..69b2481 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -5,7 +5,7 @@ dn: ${DOMAINDN}
 changetype: modify
 -
 replace: forceLogoff
-forceLogoff: 9223372036854775808
+forceLogoff: -9223372036854775808
 -
 replace: lockoutDuration
 lockoutDuration: -18000000000
@@ -20,7 +20,7 @@ replace: maxPwdAge
 maxPwdAge: -37108517437440
 -
 replace: minPwdAge
-minPwdAge: 0
+minPwdAge: -864000000
 -
 replace: minPwdLength
 minPwdLength: 7
@@ -64,12 +64,14 @@ modifiedCount: 1
 replace: fSMORoleOwner
 fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
 -
+replace: systemFlags
+systemFlags: -1946157056
+-
 replace: isCriticalSystemObject
 isCriticalSystemObject: TRUE
 -
 replace: subRefs
 subRefs: ${CONFIGDN}
-subRefs: ${SCHEMADN}
 -
 replace: gPLink
 gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif
index 3bb4074..110c44c 100644
--- a/source4/setup/provision_computers_modify.ldif
+++ b/source4/setup/provision_computers_modify.ldif
@@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly
 showInAdvancedViewOnly: FALSE
 -
 replace: systemFlags
-systemFlags: 2348810240
+systemFlags: -1946157056
 -
 replace: isCriticalSystemObject
 isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index fff3805..e84ac85 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -5,7 +5,7 @@ dn: CN=Partitions,${CONFIGDN}
 objectClass: top
 objectClass: crossRefContainer
 cn: Partitions
-systemFlags: 2147483648
+systemFlags: -2147483648
 msDS-Behavior-Version: 0
 fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
 
@@ -38,25 +38,25 @@ dn: CN=Sites,${CONFIGDN}
 objectClass: top
 objectClass: sitesContainer
 cn: Sites
-systemFlags: 2181038080
+systemFlags: -2113929216
 
 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
 objectClass: top
 objectClass: site
 cn: ${DEFAULTSITE}
-systemFlags: 2181038080
+systemFlags: 1107296256
 
 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
 objectClass: top
 objectClass: serversContainer
 cn: Servers
-systemFlags: 2181038080
+systemFlags: 33554432
 
 dn: CN=Services,${CONFIGDN}
 objectClass: top
 objectClass: container
 cn: Services
-systemFlags: 2147483648
+systemFlags: -2147483648
 
 dn: CN=Windows NT,CN=Services,${CONFIGDN}
 objectClass: top
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 98c09b9..d6a4659 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -1,5 +1,6 @@
 dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
 objectClass: top
+objectClass: leaf
 objectClass: domainPolicy
 isCriticalSystemObject: TRUE
 
@@ -15,7 +16,7 @@ objectClass: groupPolicyContainer
 displayName: Default Domain Policy
 gPCFunctionalityVersion: 2
 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 1
+versionNumber: 65543
 flags: 0
 gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
  8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
@@ -25,11 +26,14 @@ gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
  1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
  11D1-A7CC-0000F87571E3}]
 nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: -1946157056
 
 dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
+systemFlags: -1946157056
 
 dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: container
+systemFlags: -1946157056
diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif
index d6c4589..6cd7e05 100644
--- a/source4/setup/provision_schema_basedn_modify.ldif
+++ b/source4/setup/provision_schema_basedn_modify.ldif
@@ -7,7 +7,7 @@ replace: fSMORoleOwner
 fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
 -
 replace: objectVersion
-objectVersion: 30
+objectVersion: 31
 -
 replace: prefixMap
 prefixMap:: ${PREFIXMAP_B64}
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 77a2e49..b7ca872 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -1,6 +1,10 @@
 #Join the DC to itself by default
 
 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
 objectClass: computer
 cn: ${NETBIOSNAME}
 userAccountControl: 532480
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index c61cb80..88146d8 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -208,7 +208,7 @@ member: CN=Administrator,CN=Users,${DOMAINDN}
 objectSid: S-1-5-32-544
 adminCount: 1
 sAMAccountName: Administrators
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 privilege: SeSecurityPrivilege
@@ -244,7 +244,7 @@ description: Users are prevented from making accidental or intentional system-wi
 member: CN=Domain Users,CN=Users,${DOMAINDN}
 objectSid: S-1-5-32-545
 sAMAccountName: Users
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -257,7 +257,7 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN}
 member: CN=Guest,CN=Users,${DOMAINDN}
 objectSid: S-1-5-32-546
 sAMAccountName: Guests
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -269,7 +269,7 @@ description: Members can administer domain printers
 objectSid: S-1-5-32-550
 adminCount: 1
 sAMAccountName: Print Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 privilege: SeLoadDriverPrivilege
@@ -284,7 +284,7 @@ description: Backup Operators can override security restrictions for the sole pu
 objectSid: S-1-5-32-551
 adminCount: 1
 sAMAccountName: Backup Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 privilege: SeBackupPrivilege
@@ -300,7 +300,7 @@ description: Supports file replication in a domain
 objectSid: S-1-5-32-552
 adminCount: 1
 sAMAccountName: Replicator
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -311,7 +311,7 @@ cn: Remote Desktop Users
 description: Members in this group are granted the right to logon remotely
 objectSid: S-1-5-32-555
 sAMAccountName: Remote Desktop Users
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -322,7 +322,7 @@ cn: Network Configuration Operators
 description: Members in this group can have some administrative privileges to manage configuration of networking features
 objectSid: S-1-5-32-556
 sAMAccountName: Network Configuration Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -333,7 +333,7 @@ cn: Performance Monitor Users
 description: Members of this group have remote access to monitor this computer
 objectSid: S-1-5-32-558
 sAMAccountName: Performance Monitor Users
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -344,7 +344,7 @@ cn: Performance Log Users
 description: Members of this group have remote access to schedule logging of performance counters on this computer
 objectSid: S-1-5-32-559
 sAMAccountName: Performance Log Users
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -356,7 +356,7 @@ description: Members can administer domain servers
 objectSid: S-1-5-32-549
 adminCount: 1
 sAMAccountName: Server Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 privilege: SeBackupPrivilege
@@ -374,7 +374,7 @@ description: Members can administer domain user and group accounts
 objectSid: S-1-5-32-548
 adminCount: 1
 sAMAccountName: Account Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 privilege: SeInteractiveLogonRight
@@ -386,7 +386,7 @@ cn: Pre-Windows 2000 Compatible Access
 description: A backward compatibility group which allows read access on all users and groups in the domain
 objectSid: S-1-5-32-554
 sAMAccountName: Pre-Windows 2000 Compatible Access
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 privilege: SeRemoteInteractiveLogonRight
@@ -399,7 +399,7 @@ cn: Incoming Forest Trust Builders
 description: Members of this group can create incoming, one-way trusts to this forest
 objectSid: S-1-5-32-557
 sAMAccountName: Incoming Forest Trust Builders
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -410,7 +410,7 @@ cn: Windows Authorization Access Group
 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
 objectSid: S-1-5-32-560
 sAMAccountName: Windows Authorization Access Group
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -421,7 +421,7 @@ cn: Terminal Server License Servers
 description: Terminal Server License Servers
 objectSid: S-1-5-32-561
 sAMAccountName: Terminal Server License Servers
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -432,7 +432,7 @@ cn: Distributed COM Users
 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
 objectSid: S-1-5-32-562
 sAMAccountName: Distributed COM Users
-systemFlags: 2348810240
+systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
@@ -440,7 +440,7 @@ dn: CN=WellKnown Security Principals,${CONFIGDN}
 objectClass: top
 objectClass: container
 cn: WellKnown Security Principals
-systemFlags: 2147483648
+systemFlags: -2147483648
 
 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
 objectClass: top
diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif
index 06954c4..a7e8a43 100644
--- a/source4/setup/provision_users_modify.ldif
+++ b/source4/setup/provision_users_modify.ldif
@@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly
 showInAdvancedViewOnly: FALSE
 -
 replace: systemFlags
-systemFlags: 2348810240
+systemFlags: -1946157056
 -
 replace: isCriticalSystemObject
 isCriticalSystemObject: TRUE


More information about the samba-technical mailing list