[Samba] (properly formatted) Re: adman howto ? and is it safe to apply

Sérgio Basto sergio at serjux.com
Wed Jan 22 22:42:30 UTC 2020 

On Wed, 2020-01-22 at 16:12 -0500, Jonathon Reinhart wrote:
> Hi Sérgio,
> I renamed "adam" to "adman" upon request of another developer who was
> already using the name "adam" and wanted to use the package name on
> PyPI.
> 
> Here is the project URL:
> https://gitlab.com/JonathonReinhart/adman
> 
> Here is the PyPI URL:
> https://pypi.org/project/adman
> 
> I need to update the README, since you only need to run "pip3 install
> adman" now (no need to install from source).

On Centos 7.7

yum install gcc python3-devel openldap-devel
yum install python3-setuptools python3-dns cyrus-sasl-gssapi

wget https://gitlab.com/JonathonReinhart/adman/-/archive/v0.2.2/adman-v0.2.2.tar.gz 
tar xvf adman-v0.2.2.tar.gz
cd adman-v0.2.2

python3 setup.py install

cat /usr/local/lib/python3.6/site-packages/easy-install.pth 

./adman-0.2.2-py3.6.egg
./PyYAML-5.3-py3.6-linux-x86_64.egg
./python_ldap-3.2.0-py3.6-linux-x86_64.egg
./pyasn1_modules-0.2.8-py3.6.egg
./pyasn1-0.4.8-py3.6.egg

and is installed , downloaded PyYAML, python_ldap, pyasn1_modules and pyasn1 I think it used pypi ...

in /etc/adman/config.yml , what is upn_suffixes section and password_expiry_notification ? , users of 
this domain can not have email.
How I disable emails notifications ?

Thank you for your support much appreciated.

> Additional comments inline:
> 
> On Wed, Jan 22, 2020 at 2:19 PM Rowland penny via samba <
> samba at lists.samba.org> wrote:
> > On 22/01/2020 19:01, Sérgio Basto via samba wrote:
> > 
> > > Hi,
> > > I'd like apply adam in samba 4.10 production environment , the
> > > background came from [1] where I found we can't set security =
> > ads,
> > 
> > > backend = ad without adman (users without uidNumber and
> > gidNumber) .
> > 
> > 
> > 
> > This isn't a Samba product, I suggest you contact the author
> > directory.
> 
> If you have questions about Adman, please open an issue on the GitLab
> project page. Chances are other users will have the same questions.
>  
> > I fixed my problem with his gitlab page, my adblocker was blocking
> > parts 
> > 
> > of it ;-)
> 
> Rowland, I'm not sure what parts of the page your adblocker would
> have picked up on... I'm using just regular markdown, so it's
> GitLab's problem, not mine :-)
>  
> > > Is it safe to apply it ?
> > 
> > I do not know, I have never used it, but I can see no reason why
> > it 
> > 
> > wouldn't be.
> 
> As safe as any other open-source project, I imagine. I'm currently
> running it on a production domain without issues. Normal disclaimers
> apply.
>  
> > > Do we need apply this on PDC , or can be applied on a secondary
> > DC ?
> > 
> > 
> > 
> > You do not have a PDC, you just have a number of DCs, so you should
> > be 
> > 
> > able to install this on any of the DCs. In fact, provided the next 
> > 
> > uidNumber & gidNumber is stored in AD, you should be able to
> > install it 
> > 
> > on all DCs.
> 
>  It uses DNS to locate a domain controller:
> https://gitlab.com/JonathonReinhart/adman/blob/v0.2.2/adman/locate.py
> 
> So you don't need to run it directly on a DC; you can run it on any
> Linux box. But you can run it directly on a DC -- I am running it on
> my "DC1" with the PDC Emulator role. (This DC is also special in my
> setup due to the rsync sysvol replication).
> 
> I wouldn't recommend running multiple instances of it at the same
> time, since there could be a race condition between the two. There's
> not really a point. But to Rowlands point, the "next
> uidNumber/gidNumber" is stored in AD, so you could move it around as
> you wish.
> 
> Let me know if you have any problems or if you successfully deploy
> it!
> 
> Jonathon
-- 
Sérgio M. B.

-- 
Sérgio M. B.

More information about the samba mailing list