[Samba] schema enhancement recommandation?

Oliver Rath rath at mglug.de
Mon Sep 10 16:59:59 UTC 2018 

Hi list,

Im using Samba 4.x (x >=8) and Im excited about the new "samba-tool
computer" simplification of computer managment in AD mode.

Now I would like to use some more information tagsĀ  in the computer
section, i.e. partition information or macadress of the nic.

So I tried to enhance the schema (using 4.10.0pre1-GIT-8c00c017cb5) i.e.
simple with

>>> cat win.ldif

dn: CN=DEMO-01,CN=Computers,DC=dmiserver,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
CN: DEMO-01
name: DEMO-01
userAccountControl: 4096
sAMAccountName: DEMO-01$
operatingSystem: Windows 8.1 Professional Volume
operatingSystemVersion: 6.3 (9600)

which worked fine:

>>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldif
Added 1 records successfully

*BUT*

Using an attribute (which seems not to be in schema, I guess), it fails:

>>> cat win.ldif

dn: CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
CN: DEMO-02
name: DEMO-02
userAccountControl: 4096
sAMAccountName: DEMO-02$
operatingSystem: Windows 8.1 Professional Volume
operatingSystemVersion: 6.3 (9600)
macaddress: aa:bb:cc:dd:ee:ff

it fails with:

>>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldif
ERR: Object class violation : "objectclass_attrs: attribute 'macAddress'
on entry 'CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan' does not exist in
the specified objectclasses!" on DN
CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan at block before line 13
Add failed after processing 0 records

Is it difficult to enhance this part of information in Samba-database?
Is it possible, that some additional attributes breaks the samba ad
funcionality? Should I alternatively use another part of samba-tree? Or
is it better to use a complete different database independent from samba?

For me samba-db seems the perfect place, because my attributes staying
automatically at the right place to search and so I wouldnt have the
work for a complete new schema.

What is your recommendation? How should I enhance the scheme?
Unfortunatly, the ldbadd/ldbmodify part of the samba-documentation is
very terse.

Tfh!

Oliver

More information about the samba mailing list