Extending Samba 4 schema for OSX GPO support

Aubrey Ekstrom aekstrom at proclivitysystems.com
Mon Nov 22 10:06:27 MST 2010


Hello all,

Great job on Samba 4! We are a tech start up looking to use Samba 4 in our small production site (50 or so users). We have a mixed environment of OS X, Ubuntu and Windows desktops. Windows works fine with Samba 4, as does Likewise Open for Ubuntu. On Ubuntu logging into the domain is all that is needed for now so no issues there. 

For OS X though, we'd like to extend the A/D schema to support Apple MCX extensions so we can apply Group Policy to our Apple machines. Is this possible? After looking through the documentation and searching Samba Wiki and the web, as well as poking through any README files in the git download of Samba 4 I can not find any instructions. I did find the MS-AD schema files in /share/setup/ad-schema/ and ldif files in /share/setup/, but I am not sure which I would use to extend the schema, or if one of those is the correct way to do this. I did try importing the Apple Schema as an .ldf file through the phpLDAPadmin web based tool. But the file import does not appear to make any changes even though it returns no error. If I paste the contents into phpLDAPadmin then it returns an error:

LDIF text import
Could not add object: CN=apple-category,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
LDAP said: LDAP_NO_SUCH_ATTRIBUTE
That entry does not contain the attribute specified.

We are using the git version of Samba: 4.0.0alpha14-GIT-0e95fca
on Debian 5.0.6
and phpLDAPadmin 1.1.0.5

So the basic question is can we extend the schema for OS X, and if yes, what is the best way to do this?

Thanks!


Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.
---------
This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.
If you are not the intended recipient, reliance or forwarding without
express permission is strictly prohibited; please contact the sender and
delete all copies.



More information about the samba-technical mailing list