[Samba] Question about silos and Authentication policies
Stefan Kania
stefan at kania-online.de
Thu Oct 19 13:09:32 UTC 2023
I looked around a little bit, but as far as I can see, at the moment
it's not possible to use auth-policies and silos with Samba-DCs only. So
I need at least one Windows DC :-(
Am 19.10.23 um 11:48 schrieb Stefan Kania via samba:
> Do you know wich of the RSAT I need to use to manage auth-policies and
> silos. With samba-tool I can't assign users and hosts to the policies. I
> can only create, delete, list and view policies and silos
>
>
> Am 19.10.23 um 09:03 schrieb Daniel Müller via samba:
>> Hello,
>>
>> You cannot use Active Directory Administrativ Center because samba has
>> no ADWS implented.
>> There where efforts and but ADWS did no reach production status. I
>> think Catalyst, Andrew Bartlett tried someting, did not finish it.
>> Yes you need to use the old RSAT.
>>
>> Gretings
>> Daniel
>>
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Stefan Kania via samba [mailto:samba at lists.samba.org]
>> Gesendet: Mittwoch, 18. Oktober 2023 17:43
>> An: Samba List <samba at lists.samba.org>
>> Betreff: [Samba] Question about silos and Authentication policies
>>
>> I just installed Samba 4.19.1 (Sernet-packages). Here is my smb.conf
>> on my DC
>> -----------------
>> # Global parameters
>> [global]
>> ad dc functional level = 2016
>> netbios name = ADDC-01
>> realm = EXAMPLE.NET
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> workgroup = EXAMPLE
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/example.net/scripts
>> read only = No
>> -----------------
>>
>> I provisioned my DC with:
>>
>> -----------
>> samba-tool domain provision --option="ad dc functional level = 2016"
>> --function-level=2016 --domain=example --realm=example.net
>> --host-ip=192.168.56.201 --backend-store=mdb --dns-backend=BIND9_DLZ
>> --adminpass=Gansgehe1m
>> -----------
>>
>> Then I did:
>> ---------
>> samba-tool domain schemaupgrade --schema=2019 samba-tool domain
>> functionalprep --function-level=2016 samba-tool domain level raise
>> --domain-level=2016 --forest-level=2016
>> ---------
>>
>> I joined a Windows 10 client. I can start ADUC sites-and-services
>> DNS-manager from RSAT. But if I try to start "Active Directory
>> Administrativ Center" to manage auth-policies and silos I getting the
>> message:
>> --------
>> It's not possible to get a connection to any domain
>> --------
>> So even if I had switch to FL 2016 I still can't manage auth-policies
>> and silos via Windows RSAT?
>>
>> Or did I forget something?
>>
>>
More information about the samba
mailing list