[Samba] Extending Samba-4 Schema to get Microsoft LAPS working
Ardos
raghav at ardos.in
Thu Nov 22 04:28:47 UTC 2018
Hi,
I am trying to get the Microsoft LAPS working in my samba-4 AD
environment. Microsoft LAPS requires us to extend the schema and add two
attributes "ms-Mcs-AdmPwd" (Stores the password in plain text) and
"ms-Mcs-AdmPwdExpirationTime" (Stores the time to reset the password).
I have added the Group Policy part of Microsoft LAPS to Windows RSAT (on
Windows Server 208 R2) and also been able to extend the samba-4 schema
by adding the two attributes. However, I am not able to add the above
two attributes to Computers (dn:
CN=Computers,CN=Schema,CN=Configuration,DC=sample,DC=com). I am not
finding a sample LDIF file to make this modification to computers.
Can some one help with this?
I have attached the two ldif files used to add the two attributes to
Samba-4 schema.
Best regards,
Raghavendra
-------------- next part --------------
# Samba 4 Active Directory Schema Extension for Microsoft LAPS
# Attribute:ms-Mcs-AdmPwdExpirationTime
CN=ms-Mcs-AdmPwdExpirationTime,CN=Schema,CN=Configuration,DC=sample,DC=com
objectClass: top
objectClass: attributeSchema
attributeID: 1.2.840.113556.1.8000.2554.50051.45980.28112.18903.35903.6685103.1224907.2.2
cn: ms-Mcs-AdmPwdExpirationTime
name: ms-Mcs-AdmPwdExpirationTime
attributeSyntax: 2.5.5.16
lDAPDisplayName: ms-Mcs-AdmPwdExpirationTime
Description: Local Administrator Password Expiry Time Parameter
oMSyntax: 65
isSingleValued: TRUE
searchFlags: 0
isMemberOfPartialAttributeSet: FALSE
-------------- next part --------------
# Samba 4 Active Directory Schema Extension for Microsoft LAPS
# Attribute:ms-Mcs-AdmPwd
CN=ms-Mcs-AdmPwd,CN=Schema,CN=Configuration,DC=sample,DC=com
objectClass: top
objectClass: attributeSchema
attributeID: 1.2.840.113556.1.8000.2554.50051.45980.28112.18903.35903.6685103.1224907.2.1
cn: ms-Mcs-AdmPwd
name: ms-Mcs-AdmPwd
attributeSyntax: 2.5.5.5
lDAPDisplayName: ms-Mcs-AdmPwd
Description: Local Administrator Password parameter
oMSyntax: 19
isSingleValued: TRUE
searchFlags: 904
isMemberOfPartialAttributeSet: FALSE
More information about the samba
mailing list