[SAMBA4] SWAT-based GUI vampire from AD

Andrew Bartlett abartlet at samba.org
Fri Jan 13 13:04:08 GMT 2006

In my continuing race to get a tech preview that can really show off
what Samba is best at, I have been working in the area of Windows

Samba4 has for a long time (tridge did the early work when he started
the RPC system) had the basic code to handle the SamSync operations,
used in Samba3's vampire code.  However, it was not integrated into
anything more than the testsuite.  

Since that time, I have created a set of utilities in 'net samsync',
'net samdump' and 'net samdump keytab'.  All these allowed a similar
operation to that which we see in Samba3.  In August of this year, we
used these to work on the PAC, but tridge noted that they 'needed

Now, I have completed a SWAT fronted to this functionality.  From the
install menu, we can join and vampire an AD domain into Samba4, with
just a few clicks.  I have also extended the base library to use LDAP,
to obtain extra information not available over SamSync (such as the
servicePrincipalName), and removed silly constraints like the 'password
server' smb.conf parameter.

I would encourage testing.  The outstanding issues are:  
 - Need to migrate more/all LDAP attributes
 - Need idmap, or similar and winbindd to provide a posix backing for
these accounts.  (For file-share logins)
 - Need to make the 'success' state clear (if it doesn't list an error,
it worked).

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060114/e4764754/attachment.bin

More information about the samba-technical mailing list