Small number of questions about s4

Alexander Bokovoy ab at
Tue Apr 10 06:24:51 UTC 2018

On ti, 10 huhti 2018, William Brown via samba-technical wrote:
> Hi,
> I'm looking at s4 from the point of view as an LDAP server. I have a
> number of questions about this content.
> * Does samba support userCertificate storage via a set of MS
> attributes? AKA userCertificate;binary from netscape ldap or freeipa
I don't think there is an explicit support for that in s4 ldap server.

> * There are a large number of default objects in the directory. Where
> is the MS documentation about these and their roles? IE account
> operators and the like.
MS-ADA*, MS-ADLS, MS-ADSC, and MS-ADTS are the canonical documents. But
they quickly start referring to each other and many other pieces of the
documentation puzzle so enjoy the untangling show.
> * Does samba have a hardening guide akin to an AD hardening guide?
> Would we consider a command that can highlight and detect "best
> practices" like hardening options for users IE samba-tool security
> check/audit that can also list how to correct the issue? One that comes
> to mind is the "default users can join 10 machines to a domain" or
> "Guest account enabled".
> * Is there a way to check replication health and consistency
> * Do you update internal database formats on startup or via scripts
> triggered on an upgrade?
On startup.

> * Where are the MS schema syntax documents?
See above.

/ Alexander Bokovoy

More information about the samba-technical mailing list