[Samba] (properly formatted) Re: adman howto ? and is it safe to apply

Sérgio Basto sergio at serjux.com
Thu Jan 23 03:23:08 UTC 2020 

On Wed, 2020-01-22 at 22:42 +0000, Sérgio Basto via samba wrote:
> On Wed, 2020-01-22 at 16:12 -0500, Jonathon Reinhart wrote:
> > Hi Sérgio,
> > I renamed "adam" to "adman" upon request of another developer who
> > was
> > already using the name "adam" and wanted to use the package name on
> > PyPI.
> > 
> > Here is the project URL:
> > https://gitlab.com/JonathonReinhart/adman
> > 
> > Here is the PyPI URL:
> > https://pypi.org/project/adman
> > 
> > I need to update the README, since you only need to run "pip3
> > install
> > adman" now (no need to install from source).
> 
> On Centos 7.7
> 
> yum install gcc python3-devel openldap-devel
> yum install python3-setuptools python3-dns cyrus-sasl-gssapi
> 
> wget 
> https://gitlab.com/JonathonReinhart/adman/-/archive/v0.2.2/adman-v0.2.2.tar.gz
>  
> tar xvf adman-v0.2.2.tar.gz
> cd adman-v0.2.2
> 
> python3 setup.py install
> 
> cat /usr/local/lib/python3.6/site-packages/easy-install.pth 
> 
> ./adman-0.2.2-py3.6.egg
> ./PyYAML-5.3-py3.6-linux-x86_64.egg
> ./python_ldap-3.2.0-py3.6-linux-x86_64.egg
> ./pyasn1_modules-0.2.8-py3.6.egg
> ./pyasn1-0.4.8-py3.6.egg
> 
> and is installed , downloaded PyYAML, python_ldap, pyasn1_modules and
> pyasn1 I think it used pypi ...
> 
> in /etc/adman/config.yml , what is upn_suffixes section and
> password_expiry_notification ? , users of 
> this domain can not have email.
> How I disable emails notifications ?
> 
> Thank you for your support much appreciated.


 security = ads, backend = ad is working !!! 

but I don't have the bultin Administrator, can I add the Administrator
? 
other thing all user have the same  gidNumber, even user from OU=Admins
... , is this supposed to be like this ? 

Thank you 


> > Additional comments inline:
> > 
> > On Wed, Jan 22, 2020 at 2:19 PM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> > > On 22/01/2020 19:01, Sérgio Basto via samba wrote:
> > > 
> > > > Hi,
> > > > I'd like apply adam in samba 4.10 production environment , the
> > > > background came from [1] where I found we can't set security =
> > > ads,
> > > 
> > > > backend = ad without adman (users without uidNumber and
> > > gidNumber) .
> > > 
> > > 
> > > 
> > > This isn't a Samba product, I suggest you contact the author
> > > directory.
> > 
> > If you have questions about Adman, please open an issue on the
> > GitLab
> > project page. Chances are other users will have the same questions.
> >  
> > > I fixed my problem with his gitlab page, my adblocker was
> > > blocking
> > > parts 
> > > 
> > > of it ;-)
> > 
> > Rowland, I'm not sure what parts of the page your adblocker would
> > have picked up on... I'm using just regular markdown, so it's
> > GitLab's problem, not mine :-)
> >  
> > > > Is it safe to apply it ?
> > > 
> > > I do not know, I have never used it, but I can see no reason why
> > > it 
> > > 
> > > wouldn't be.
> > 
> > As safe as any other open-source project, I imagine. I'm currently
> > running it on a production domain without issues. Normal
> > disclaimers
> > apply.
> >  
> > > > Do we need apply this on PDC , or can be applied on a secondary
> > > DC ?
> > > 
> > > 
> > > 
> > > You do not have a PDC, you just have a number of DCs, so you
> > > should
> > > be 
> > > 
> > > able to install this on any of the DCs. In fact, provided the
> > > next 
> > > 
> > > uidNumber & gidNumber is stored in AD, you should be able to
> > > install it 
> > > 
> > > on all DCs.
> > 
> >  It uses DNS to locate a domain controller:
> > https://gitlab.com/JonathonReinhart/adman/blob/v0.2.2/adman/locate.py
> > 
> > So you don't need to run it directly on a DC; you can run it on any
> > Linux box. But you can run it directly on a DC -- I am running it
> > on
> > my "DC1" with the PDC Emulator role. (This DC is also special in my
> > setup due to the rsync sysvol replication).
> > 
> > I wouldn't recommend running multiple instances of it at the same
> > time, since there could be a race condition between the two.
> > There's
> > not really a point. But to Rowlands point, the "next
> > uidNumber/gidNumber" is stored in AD, so you could move it around
> > as
> > you wish.
> > 
> > Let me know if you have any problems or if you successfully deploy
> > it!
> > 
> > Jonathon
> -- 
> Sérgio M. B.
> 
> -- 
> Sérgio M. B.
> 
> 
-- 
Sérgio M. B.

More information about the samba mailing list