[Samba] Extending Samba-4 Schema to get Microsoft LAPS working
Ardos
raghav at ardos.in
Thu Nov 22 05:51:14 UTC 2018
Hi,
I am using the command "ldbmodify -H path_to_sam_ldb
automount_classes.ldif --option="dsdb:schema update allowed"=true" as
given in the wiki. /
/
Using the above method I was able to add the two attributes. But I am
not able to add these attributes to computers class.
Hence looking for help to create the ldif file to add these two
attributes to computer class.
Best regads,
Raghavendra
//
On 22/11/18 10:11 AM, Andrew Bartlett wrote:
> On Thu, 2018-11-22 at 09:58 +0530, Ardos via samba wrote:
>> Hi,
>>
>> I am trying to get the Microsoft LAPS working in my samba-4 AD
>> environment. Microsoft LAPS requires us to extend the schema and add two
>> attributes "ms-Mcs-AdmPwd" (Stores the password in plain text) and
>> "ms-Mcs-AdmPwdExpirationTime" (Stores the time to reset the password).
>>
>> I have added the Group Policy part of Microsoft LAPS to Windows RSAT (on
>> Windows Server 208 R2) and also been able to extend the samba-4 schema
>> by adding the two attributes. However, I am not able to add the above
>> two attributes to Computers (dn:
>> CN=Computers,CN=Schema,CN=Configuration,DC=sample,DC=com). I am not
>> finding a sample LDIF file to make this modification to computers.
>>
>> Can some one help with this?
>>
>> I have attached the two ldif files used to add the two attributes to
>> Samba-4 schema.
> Have you set the magic smb.conf setting?
>
> dsdb:schema update allowed=true
>
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions
>
>
> Andrew Bartlett
More information about the samba
mailing list