[Samba] How to automatically store the macAddress in AD

Rowland Penny rpenny at samba.org
Mon Mar 18 13:28:40 UTC 2019


On Mon, 18 Mar 2019 09:16:01 +0100
Denis Cardon via samba <samba at lists.samba.org> wrote:

> Hi Pierre,
> 
> > Does someone know a way to automatically store the hwaddress in the
> > AD? I'm using Veyon in my school to manage the students PCs and if
> > the hwadress is populated in the AD, the Room configuration can be
> > set with AD otherwise i have to manage rooms manually.
> > I'm using samba4 with bind and isc-dhcp-server are on the same
> > server. Can we use scripts or some ways?  
> 
> There is nothing to do that directly integrated in Samba-AD. If you
> have WAPT installed on your network, you should check the following
> thread on the WAPT mailing list, the exact same topic on configuring
> Veyon and macAddress was covered with a simple solution (as long as
> you have WAPT installed): 
> https://lists.tranquil.it/pipermail/wapt/2019-January/003034.html
> 
> Cheers,
> 
> Denis

Hi Denis,
The only problem with your method is that it will only work for
Windows clients, having said that, if you only have Windows clients,
then it isn't a problem ;-)

If you are using Bind9 and updating dns via the script found here:

https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9

You can extend it to do the same thing and this will update all domain
members, Linux and Windows.

All you need to do is, replace the last line 'exit ${result}' with this:

Hostname=$(hostname -s)

# For this to work, you must add 'dhcpduser' to the 'Domain Admins' group
Computer_Object=$(ldbsearch -k yes -H ldap://"$Hostname" "(&(objectclass=computer)(objectclass=ieee802Device)(cn=$name))" | grep -v '#' | grep -v 'ref:')
if [ -z "$Computer_Object" ]; then
    # Computer object not found with the 'ieee802Device' objectclass,
    # does the computer actually exist, it should if it is joined to the domain.
    Computer_Object=$(ldbsearch -k yes -H ldap://"$Hostname" "(&(objectclass=computer)(cn=$name))" | grep -v '#' | grep -v 'ref:')
    if [ -z "$Computer_Object" ]; then
        logger "Computer '$name' not found. Exiting."
        result="${result}68"
        exit "${result}"
    else
        DN=$(echo "$Computer_Object" | grep 'dn:')
        objldif="$DN
changetype: modify
add: objectclass
objectclass: ieee802Device"

        attrldif="$DN
changetype: modify
add: macAddress
macAddress: $DHCID"

        # add the ldif
        echo "$objldif" | ldbmodify -k yes -H ldap://"$Hostname"
        ret="$?"
        if [ "$ret" -ne 0 ]; then
            logger "Error modifying Computer objectclass $name in AD."
            result="${result}${ret}"
            exit "${result}"
        fi
        sleep 2
        echo "$attrldif" | ldbmodify -k yes -H ldap://"$Hostname"
        ret="$?"
        if [ "$ret" -ne 0 ]; then
            logger "Error modifying Computer attribute $name in AD."
            result="${result}${ret}"
            exit "${result}"
        fi
        unset objldif
        unset attrldif
        logger "Successfully modified Computer $name in AD"
    fi
else
    DN=$(echo "$Computer_Object" | grep 'dn:')
   attrldif="$DN
changetype: modify
replace: macAddress
macAddress: $DHCID"

    echo "$attrldif" | ldbmodify -k yes -H ldap://"$Hostname"
        ret="$?"
        if [ "$ret" -ne 0 ]; then
        logger "Error modifying Computer attribute $name in AD."
        result="${result}${ret}"
        exit "${result}"
    fi
    unset attrldif
    logger "Successfully modified Computer $name in AD"
    result="${result}0"
fi

exit ${result}

Add 'dhcpduser' to the 'Domain Admins' group and it should just work.

There are a couple of 'gotchas', it will (obviously) only work for
clients that get their IP via DHCP and then only if they are joined to
the domain.

Finally, somebody should tell Veyon that their documentation is wrong,
there is a standard AD attribute to store a MAC address in.

Rowland



More information about the samba mailing list