[Samba] adam howto ? and is it safe to apply

Jonathon Reinhart jonathon.reinhart at gmail.com
Wed Jan 22 21:12:47 UTC 2020 

Hi Sérgio,

I renamed "adam" to "adman" upon request of another developer who was
already using the name "adam" and wanted to use the package name on PyPI.

Here is the project URL:
https://gitlab.com/JonathonReinhart/adman

Here is the PyPI URL:
https://pypi.org/project/adman

I need to update the README, since you only need to run "pip3 install
adman" now (no need to install from source).

Additional comments inline:

On Wed, Jan 22, 2020 at 2:19 PM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 22/01/2020 19:01, Sérgio Basto via samba wrote:
> > Hi,
> >
> > I'd like apply adam in samba 4.10 production environment , the
> > background came from [1] where I found we can't set security = ads,
> > backend = ad without adman (users without uidNumber and gidNumber) .
>
> This isn't a Samba product, I suggest you contact the author directory.
>

If you have questions about Adman, please open an issue on the GitLab
project page. Chances are other users will have the same questions.


> I fixed my problem with his gitlab page, my adblocker was blocking parts
> of it ;-)
>

Rowland, I'm not sure what parts of the page your adblocker would have
picked up on... I'm using just regular markdown, so it's GitLab's problem,
not mine :-)


> > Is it safe to apply it ?
> I do not know, I have never used it, but I can see no reason why it
> wouldn't be.
>

As safe as any other open-source project, I imagine. I'm currently running
it on a production domain without issues. Normal disclaimers apply.


> > Do we need apply this on PDC , or can be applied on a secondary DC ?
>
> You do not have a PDC, you just have a number of DCs, so you should be
> able to install this on any of the DCs. In fact, provided the next
> uidNumber & gidNumber is stored in AD, you should be able to install it
> on all DCs.
>

It uses DNS to locate a domain controller:
https://gitlab.com/JonathonReinhart/adman/blob/v0.2.2/adman/locate.py

So you don't need to run it directly on a DC; you can run it on any Linux
box. But you can run it directly on a DC -- I am running it on my "DC1"
with the PDC Emulator role. (This DC is also special in my setup due to the
rsync sysvol replication).

I wouldn't recommend running multiple instances of it at the same time,
since there could be a race condition between the two. There's not really a
point. But to Rowlands point, the "next uidNumber/gidNumber" is stored in
AD, so you could move it around as you wish.

Let me know if you have any problems or if you successfully deploy it!

Jonathon

More information about the samba mailing list