[Samba] Bitlocker
Rowland penny
rpenny at samba.org
Wed Jul 17 09:10:52 UTC 2019
On 17/07/2019 09:50, Christian Naumer via samba wrote:
> Hi,
> I am trying to implement bitlocker key management in samba4 ad. This has
> been posted a view times before:
>
> https://lists.samba.org/archive/samba/2015-December/196771.html
>
> https://lists.samba.org/archive/samba/2018-July/217168.html
>
> According to Andrew and this:
>
> https://docs.microsoft.com/en-us/previous-versions/orphan-topics/ws.10/cc722309(v=ws.10)
>
> the Schema should be ready for this. However it does not work for us.
> When I try to add "ms-FVE-RecoveryInformation – classSchema object" to a
> computer manually it says objectclass not related to computer.
> I think it should be. However I can't check this as
> "BitLockerTPMSchemaExtension.ldf" is nowhere to be found as a download.
> The links I have found are all dead.
>
> Has anybody tried this?
>
> Regards
>
> Christian
>
I thought Samba always used schema version 47, so you should have the
objectclass & attributes in AD, this is the ldif for the objectclass:
cn: ms-FVE-RecoveryInformation
ldapDisplayName: msFVE-RecoveryInformation
governsId: 1.2.840.113556.1.5.253
objectClassCategory: 1
rdnAttId: cn
subClassOf: top
systemMustContain: msFVE-RecoveryPassword, msFVE-RecoveryGuid
mayContain: msFVE-KeyPackage, msFVE-VolumeGuid
systemPossSuperiors: computer
schemaIdGuid:ea715d30-8f53-40d0-bd1e-6109186d782c
defaultSecurityDescriptor:
D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
defaultHidingValue: TRUE
systemOnly: FALSE
defaultObjectCategory:
CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,<RootDomainDN>
systemFlags: FLAG_SCHEMA_BASE_OBJECT
Rowland
More information about the samba
mailing list