[Samba] Question about silos and Authentication policies

Stefan Kania stefan at kania-online.de
Thu Oct 19 09:48:04 UTC 2023 

Do you know wich of the RSAT I need to use to manage auth-policies and 
silos. With samba-tool I can't assign users and hosts to the policies. I 
can only create, delete, list and view policies and silos


Am 19.10.23 um 09:03 schrieb Daniel Müller via samba:
> Hello,
> 
> You cannot use Active Directory Administrativ Center because samba has no ADWS implented.
> There where efforts and but ADWS did no reach production status. I think Catalyst, Andrew Bartlett tried someting, did not finish it.
> Yes you need to use the old RSAT.
> 
> Gretings
> Daniel
> 
> 
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> 
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Stefan Kania via samba [mailto:samba at lists.samba.org]
> Gesendet: Mittwoch, 18. Oktober 2023 17:43
> An: Samba List <samba at lists.samba.org>
> Betreff: [Samba] Question about silos and Authentication policies
> 
> I just installed Samba 4.19.1 (Sernet-packages). Here is my smb.conf on my DC
> -----------------
> # Global parameters
> [global]
>           ad dc functional level = 2016
>           netbios name = ADDC-01
>           realm = EXAMPLE.NET
>           server role = active directory domain controller
>           server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
>           workgroup = EXAMPLE
> 
> [sysvol]
>           path = /var/lib/samba/sysvol
>           read only = No
> 
> [netlogon]
>           path = /var/lib/samba/sysvol/example.net/scripts
>           read only = No
> -----------------
> 
> I provisioned my DC with:
> 
> -----------
> samba-tool domain provision --option="ad dc functional level = 2016"
> --function-level=2016 --domain=example --realm=example.net
> --host-ip=192.168.56.201 --backend-store=mdb --dns-backend=BIND9_DLZ --adminpass=Gansgehe1m
> -----------
> 
> Then I did:
> ---------
> samba-tool domain schemaupgrade --schema=2019 samba-tool domain functionalprep --function-level=2016 samba-tool domain level raise --domain-level=2016 --forest-level=2016
> ---------
> 
> I joined a Windows 10 client. I can start ADUC sites-and-services DNS-manager from RSAT. But if I try to start "Active Directory Administrativ Center" to manage auth-policies and silos I getting the
> message:
> --------
> It's not possible to get a connection to any domain
> --------
> So even if I had switch to FL 2016 I still can't manage auth-policies and silos via Windows RSAT?
> 
> Or did I forget something?
> 
> 
> 
> 
> 
> 

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre 
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter 
https://www.dgn.de/dgncert/index.html
Download der root-Zertifikate: https://www.dgn.de/dgncert/downloads.html

Neuer GPG-Key der public key befindet sich im Anhang


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20231019/1722e694/OpenPGP_signature.sig>

More information about the samba mailing list