[Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Rowland Penny rpenny at samba.org
Thu Dec 14 14:20:04 UTC 2017


On Thu, 14 Dec 2017 13:52:29 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> 
> Readin : https://wiki.samba.org/index.php/Samba_AD_schema_extensions 
> 
> Is it an option to make an ldiff for the  msNPAllowDialin  and others
> on that Dail-in Tab. Im looking at the automount example. 
> Hints tips? 
> 
> 
> Greetz, 
> 
> Louis

OK, I take it back, I do have 'msNPAllowDialin' in AD:

root at dc1:~# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b 'CN=Schema,CN=Configuration,DC=example,DC=com' -s sub '(cn=msNPAllowDialin)'
# record 1
dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: msNPAllowDialin
instanceType: 4
whenCreated: 20171206114944.0Z
whenChanged: 20171206114944.0Z
uSNCreated: 755
attributeID: 1.2.840.113556.1.4.1119
attributeSyntax: 2.5.5.8
isSingleValued: TRUE
uSNChanged: 755
showInAdvancedViewOnly: TRUE
adminDisplayName: msNPAllowDialin
adminDescription: msNPAllowDialin
oMSyntax: 1
searchFlags: 16
lDAPDisplayName: msNPAllowDialin
name: msNPAllowDialin
objectGUID: cf7b3ec9-7055-428b-826a-41a526cca483
schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0
attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939
systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=c
 om
distinguishedName: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC
 =com

# returned 1 records
# 1 entries
# 0 referrals

I created an ldif:

dn: CN=sysadmin,OU=itadmin,OU=personnel,OU=People,DC=example,DC=com
changetype: modify
add: msNPAllowDialin
msNPAllowDialin: TRUE

Added the ldif with:

ldbmodify --url=/var/lib/samba/private/sam.ldb msadd.ldif

I now have a user with the 'msNPAllowDialin' attribute

Rowland



More information about the samba mailing list