[Samba] Question about silos and Authentication policies
Andrew Bartlett
abartlet at samba.org
Thu Oct 19 21:42:58 UTC 2023
We are writing a set of command line tools to provide the
administration.
It would be great to see someone want to take up implementing/funding
the ADWS server, but for now we hope the command-line clients will be
enough.
Please do try them out and give feedback. The current effort is at
this MR:
https://gitlab.com/samba-team/samba/-/merge_requests/3325
Andrew Bartlett
On Thu, 2023-10-19 at 15:09 +0200, Stefan Kania via samba wrote:
> Error verifying signature: parse error
>
> --------------ms020002050408010000020809
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 8bit
>
> I looked around a little bit, but as far as I can see, at the moment
> it's not possible to use auth-policies and silos with Samba-DCs only.
> So
> I need at least one Windows DC :-(
>
> Am 19.10.23 um 11:48 schrieb Stefan Kania via samba:
> > Do you know wich of the RSAT I need to use to manage auth-policies
> > and
> > silos. With samba-tool I can't assign users and hosts to the
> > policies. I
> > can only create, delete, list and view policies and silos
> >
> >
> > Am 19.10.23 um 09:03 schrieb Daniel Müller via samba:
> > > Hello,
> > >
> > > You cannot use Active Directory Administrativ Center because
> > > samba has
> > > no ADWS implented.
> > > There where efforts and but ADWS did no reach production status.
> > > I
> > > think Catalyst, Andrew Bartlett tried someting, did not finish
> > > it.
> > > Yes you need to use the old RSAT.
> > >
> > > Gretings
> > > Daniel
> > >
> > >
> > > EDV Daniel Müller
> > >
> > > Leitung EDV
> > > Tropenklinik Paul-Lechler-Krankenhaus
> > >
> > >
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Stefan Kania via samba [mailto:
> > > samba at lists.samba.org
> > > ]
> > > Gesendet: Mittwoch, 18. Oktober 2023 17:43
> > > An: Samba List <
> > > samba at lists.samba.org
> > > >
> > > Betreff: [Samba] Question about silos and Authentication policies
> > >
> > > I just installed Samba 4.19.1 (Sernet-packages). Here is my
> > > smb.conf
> > > on my DC
> > > -----------------
> > > # Global parameters
> > > [global]
> > > ad dc functional level = 2016
> > > netbios name = ADDC-01
> > > realm = EXAMPLE.NET
> > > server role = active directory domain controller
> > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> > > kdc,
> > > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > > workgroup = EXAMPLE
> > >
> > > [sysvol]
> > > path = /var/lib/samba/sysvol
> > > read only = No
> > >
> > > [netlogon]
> > > path = /var/lib/samba/sysvol/example.net/scripts
> > > read only = No
> > > -----------------
> > >
> > > I provisioned my DC with:
> > >
> > > -----------
> > > samba-tool domain provision --option="ad dc functional level =
> > > 2016"
> > > --function-level=2016 --domain=example --realm=example.net
> > > --host-ip=192.168.56.201 --backend-store=mdb --dns-
> > > backend=BIND9_DLZ
> > > --adminpass=Gansgehe1m
> > > -----------
> > >
> > > Then I did:
> > > ---------
> > > samba-tool domain schemaupgrade --schema=2019 samba-tool domain
> > > functionalprep --function-level=2016 samba-tool domain level
> > > raise
> > > --domain-level=2016 --forest-level=2016
> > > ---------
> > >
> > > I joined a Windows 10 client. I can start ADUC sites-and-
> > > services
> > > DNS-manager from RSAT. But if I try to start "Active Directory
> > > Administrativ Center" to manage auth-policies and silos I getting
> > > the
> > > message:
> > > --------
> > > It's not possible to get a connection to any domain
> > > --------
> > > So even if I had switch to FL 2016 I still can't manage auth-
> > > policies
> > > and silos via Windows RSAT?
> > >
> > > Or did I forget something?
> > >
> > >
>
>
> --------------ms020002050408010000020809--
>
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list