[Samba] Extending Samba-4 Schema to get Microsoft LAPS working
Andrew Bartlett
abartlet at samba.org
Thu Nov 22 04:41:58 UTC 2018
On Thu, 2018-11-22 at 09:58 +0530, Ardos via samba wrote:
> Hi,
>
> I am trying to get the Microsoft LAPS working in my samba-4 AD
> environment. Microsoft LAPS requires us to extend the schema and add two
> attributes "ms-Mcs-AdmPwd" (Stores the password in plain text) and
> "ms-Mcs-AdmPwdExpirationTime" (Stores the time to reset the password).
>
> I have added the Group Policy part of Microsoft LAPS to Windows RSAT (on
> Windows Server 208 R2) and also been able to extend the samba-4 schema
> by adding the two attributes. However, I am not able to add the above
> two attributes to Computers (dn:
> CN=Computers,CN=Schema,CN=Configuration,DC=sample,DC=com). I am not
> finding a sample LDIF file to make this modification to computers.
>
> Can some one help with this?
>
> I have attached the two ldif files used to add the two attributes to
> Samba-4 schema.
Have you set the magic smb.conf setting?
dsdb:schema update allowed=true
https://wiki.samba.org/index.php/Samba_AD_schema_extensions
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list