FW: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 15 08:53:12 UTC 2017
Hai,
I know everybody is very buzy, but a small question.
Somehow my ad structure is not correct.
I need to re-apply/validate the MS-AD_Schema_2K8_R2_Attributes.txt to my AD. but i dont know if its possible.
Anyone a hint tips is it possible?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: donderdag 14 december 2017 16:41
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> Hai Rowland,
>
> Ok, cool, thanks for that.
> Thats good to have that confirmed, the search show the same here.
>
> Enabled that one, and yes, i can see the msNPAllowDailin but
> only in attribut editor, Dail-in tab still errors.
>
> Reappy-ing the file : MS-AD_Schema_2K8_R2_Attributes.txt
> Is that possible, that "should" fix the missing parts.
> I suspect a failure in the structure of the AD. ( arg.. hard
> to discribe what i mean in english )
> I suspect some more parts, somewhere in 2015 i had a big ad
> problem, i think this is a left over.
>
> I looked up some thing about then, and i see i had to fix
> almost all my AD objects.
> That worked, everything runs fine., but i would really like
> my Dail-in tab working.
>
>
> Greetz,
>
> Louis
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: Rowland Penny [mailto:rpenny at samba.org]
> > Verzonden: donderdag 14 december 2017 15:20
> > Aan: samba at lists.samba.org
> > CC: L.P.H. van Belle
> > Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> > vpn advice for ad setup.
> >
> > On Thu, 14 Dec 2017 13:52:29 +0100
> > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> >
> > >
> > > Readin :
> > https://wiki.samba.org/index.php/Samba_AD_schema_extensions
> > >
> > > Is it an option to make an ldiff for the msNPAllowDialin
> > and others
> > > on that Dail-in Tab. Im looking at the automount example.
> > > Hints tips?
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> >
> > OK, I take it back, I do have 'msNPAllowDialin' in AD:
> >
> > root at dc1:~# ldbsearch --cross-ncs -H
> > /var/lib/samba/private/sam.ldb -b
> > 'CN=Schema,CN=Configuration,DC=example,DC=com' -s sub
> > '(cn=msNPAllowDialin)'
> > # record 1
> > dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC=com
> > objectClass: top
> > objectClass: attributeSchema
> > cn: msNPAllowDialin
> > instanceType: 4
> > whenCreated: 20171206114944.0Z
> > whenChanged: 20171206114944.0Z
> > uSNCreated: 755
> > attributeID: 1.2.840.113556.1.4.1119
> > attributeSyntax: 2.5.5.8
> > isSingleValued: TRUE
> > uSNChanged: 755
> > showInAdvancedViewOnly: TRUE
> > adminDisplayName: msNPAllowDialin
> > adminDescription: msNPAllowDialin
> > oMSyntax: 1
> > searchFlags: 16
> > lDAPDisplayName: msNPAllowDialin
> > name: msNPAllowDialin
> > objectGUID: cf7b3ec9-7055-428b-826a-41a526cca483
> > schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0
> > attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939
> > systemOnly: FALSE
> > systemFlags: 16
> > objectCategory:
> > CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=c
> > om
> > distinguishedName:
> > CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC
> > =com
> >
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> >
> > I created an ldif:
> >
> > dn: CN=sysadmin,OU=itadmin,OU=personnel,OU=People,DC=example,DC=com
> > changetype: modify
> > add: msNPAllowDialin
> > msNPAllowDialin: TRUE
> >
> > Added the ldif with:
> >
> > ldbmodify --url=/var/lib/samba/private/sam.ldb msadd.ldif
> >
> > I now have a user with the 'msNPAllowDialin' attribute
> >
> > Rowland
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba-technical
mailing list