[Samba] Adding users with ldif file

Sat Jul 18 17:16:48 UTC 2020

Sat, 18 Jul 2020 16:55:02 +0100 Rowland penny via samba <samba at lists.samba.org>:
> On 18/07/2020 16:51, RhineDevil wrote:
> > Sat, 18 Jul 2020 15:31:36 +0100 Rowland penny via samba <samba at lists.samba.org>:
> >> On 18/07/2020 15:19, RhineDevil wrote:
> >>> Sat, 18 Jul 2020 14:53:26 +0100 Rowland penny via samba <samba at lists.samba.org>:
> >>>> On 18/07/2020 14:47, RhineDevil wrote:
> >>>>> Sat, 18 Jul 2020 14:41:31 +0100 Rowland penny via samba <samba at lists.samba.org>:
> >>>>>> On 18/07/2020 14:30, RhineDevil wrote:
> >>>>>>> Sat, 18 Jul 2020 14:19:25 +0100 Rowland penny via samba <samba at lists.samba.org>:
> >>>>>>>> On 18/07/2020 13:52, RhineDevil wrote:
> >>>>>>>>> Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba <samba at lists.samba.org>:
> >>>>>>>>>> On 17/07/2020 19:31, RhineDevil via samba wrote:
> >>>>>>>>>>> And by that I mean, where are the dbs, what should I rm -rf?
> >>>>>>>>>> On Debian just remove /var/lib/samba and /var/cache/samba
> >>>>>>>>>>> By the way how do I obtain current machine netbios name?
> >>>>>>>>>> Depends on which netbios name, if you are referring to the one that is
> >>>>>>>>>> in smb.conf 'netbios name = ?????', that is just the short hostname in
> >>>>>>>>>> uppercase. If you are referring to the netbios domain name (aka
> >>>>>>>>>> workgroup) then you can find this with wbinfo:
> >>>>>>>>>>
> >>>>>>>>>> wbinfo --own-domain
> >>>>>>>>>>
> >>>>>>>>>> Rowland
> >>>>>>>>>>
> >>>>>>>>> I tried to add ypServ30 using ldapi socket "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said
> >>>>>>>>>
> >>>>>>>>> `ERR: insufficient access rights : "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block before line 5`
> >>>>>>>>>
> >>>>>>>>> Shouldn't give me access by default if I'm using the private system socket?
> >>>>>>>> No, you still need to authenticate as a user with the required
> >>>>>>>> permissions e.g. Administrator
> >>>>>>>>
> >>>>>>>> Also, as you are trying to update the schema, you will need to add
> >>>>>>>> '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/
> >>>>>>>>
> >>>>>>>> /Rowland/
> >>>>>>>>
> >>>>>>> Since I'm (g)root how could I avoid inputting any password at all?
> >>>>>>> Should be possible since samba-tool never asks you a password as root
> >>>>>> Then do what samba-tool does, fall back to the computers kerberos ticket
> >>>>>> and add '-P' to the ldbmodify command
> >>>>>>> Also what's the point of having a more private socket in /var/lib/samba/private/ldap_priv/ldapi if it asks auth credential like the "less private" socket /var/lib/samba/private/ldapi?
> >>>>>> Even more security ;-)
> >>>>>>
> >>>>>> Rowland
> >>>>>>
> >>>>> I've already added -P to ldbmodify, what am I missing, how should I do that?
> >>>> Sorry, I realised after I posted that, it only works for searching, you
> >>>> will have to authenticate, this is nothing to do with Samba, it is a
> >>>> Windows thing, anonymous searches/changes are not allowed.
> >>>>
> >>>> Rowland
> >>>>
> >>> Thanks for the clarification
> >>> But then how does samba-tool make changes without having to authenticate?
> >> It cheats, it directly modifies sam.ldb
> >>
> >> Rowland
> >>
> > It modifies the content of /var/lib/samba/private/sam.ldb.d? how does this folder work?
> 
> Just use ldapmodify or ldbmodify or samba-tool.
> 
> I am not going to help you possibly destroy your DB
> 
> Rowland
> 
my db just holds example data, also, if I recall correctly, ldb tools are able to read and modify dbs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: Firma digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20200718/92ffe8a1/attachment.sig>