Small number of questions about s4
Alexander Bokovoy
ab at samba.org
Tue Apr 10 06:24:51 UTC 2018
On ti, 10 huhti 2018, William Brown via samba-technical wrote:
> Hi,
>
> I'm looking at s4 from the point of view as an LDAP server. I have a
> number of questions about this content.
>
> * Does samba support userCertificate storage via a set of MS
> attributes? AKA userCertificate;binary from netscape ldap or freeipa
I don't think there is an explicit support for that in s4 ldap server.
> * There are a large number of default objects in the directory. Where
> is the MS documentation about these and their roles? IE account
> operators and the like.
Check https://msdn.microsoft.com/en-us/library/jj712081.aspx
MS-ADA*, MS-ADLS, MS-ADSC, and MS-ADTS are the canonical documents. But
they quickly start referring to each other and many other pieces of the
documentation puzzle so enjoy the untangling show.
> * Does samba have a hardening guide akin to an AD hardening guide?
> Would we consider a command that can highlight and detect "best
> practices" like hardening options for users IE samba-tool security
> check/audit that can also list how to correct the issue? One that comes
> to mind is the "default users can join 10 machines to a domain" or
> "Guest account enabled".
>
> * Is there a way to check replication health and consistency
>
> * Do you update internal database formats on startup or via scripts
> triggered on an upgrade?
On startup.
> * Where are the MS schema syntax documents?
See above.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list