ADUC missing msNPAllowDialin and need vpn advice for ad setup.

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
Hai,
 
Im reading :
https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD 
 
I wanted to use the "msNPAllowDialin" , in ADUC tab "Dail-in"  but i notices this one was gone/
i was missing this one : https://wiki.samba.org/images/8/88/MsNPAllowDialin.jpg 
Admin pc, windows 7 64bit, samba 4.7.3.  AD
Reinstalled it with the needed dll's from a win2008R2.
 
Now my Dail in tab is shown in ADUC but when i try to open i get an error.
I had a look in the AD with my AD browser and i see im missing for example : msNPAllowDialin in the AD and possible more.

 
So my question, how can i add all needed properties back in the Ad like the  msNPAllowDialin .
Does samba have anything what can sort of restore these, samba-tool dbcheck and --cross-nc show 0 errors.
Or should i import the radius schema and use that?
 
The results where im going at is a strongswan server with user auth from ad/ldap with or without radius.
vpn is already up and tested with eap-mschapv2, with plain text username/passwords and im reading now into the ldap part.
 
so if anyone has some tips, that would be great.
 
 
Greetz,
 
Louis
 
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
On Thu, 14 Dec 2017 11:09:52 +0100
"L.P.H. van Belle via samba" <[hidden email]> wrote:

> Hai,
>  
> Im reading :
> https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD 
>  
> I wanted to use the "msNPAllowDialin" , in ADUC tab "Dail-in"  but i
> notices this one was gone/ i was missing this one :
> https://wiki.samba.org/images/8/88/MsNPAllowDialin.jpg Admin pc,
> windows 7 64bit, samba 4.7.3.  AD Reinstalled it with the needed
> dll's from a win2008R2.
> Now my Dail in tab is shown in ADUC but when i try to open i get an
> error. I had a look in the AD with my AD browser and i see im missing
> for example : msNPAllowDialin in the AD and possible more.
>
>  
> So my question, how can i add all needed properties back in the Ad
> like the  msNPAllowDialin . Does samba have anything what can sort of
> restore these, samba-tool dbcheck and --cross-nc show 0 errors. Or
> should i import the radius schema and use that?
> The results where im going at is a strongswan server with user auth
> from ad/ldap with or without radius. vpn is already up and tested
> with eap-mschapv2, with plain text username/passwords and im reading
> now into the ldap part. so if anyone has some tips, that would be
> great.
>  
> Greetz,
>  
> Louis
>  
>  

Hi Louis,

The 'msNPAllowDialin' is a standard AD attribute:

cn: msNPAllowDialin
ldapDisplayName: msNPAllowDialin
attributeId: 1.2.840.113556.1.4.1119
attributeSyntax: 2.5.5.8
omSyntax: 1
isSingleValued: TRUE
schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0
systemOnly: FALSE
searchFlags: fCOPY
attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
systemFlags: FLAG_SCHEMA_BASE_OBJECT

If you look here:

https://msdn.microsoft.com/en-us/library/ms678093(v=vs.85).aspx

it says:

Do not modify this value directly.

But I also found this:

http://www.wisesoft.co.uk/scripts/vbscript_write_msnpallowdialin_attribute.aspx

From which, it seems that if you don't have the attribute, you 'Control
access through remote access policy'
If you have the attribute, it can only be set to 'TRUE' or 'FALSE'

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
Hai Rowland,


Even that msNPAllowDialin is a standard attribute, its not in my AD anymore, at least not within the users fields.
I think in time this disapert wil fixing things..
This setup is running and upgraded as of samba 4.1. but thank for that info, reading that after my lunch.

If i have more questions, i'll mail again.
Thanks!

Greetz,

Louis



 

> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:[hidden email]]
> Verzonden: donderdag 14 december 2017 11:54
> Aan: [hidden email]
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> On Thu, 14 Dec 2017 11:09:52 +0100
> "L.P.H. van Belle via samba" <[hidden email]> wrote:
>
> > Hai,
> >  
> > Im reading :
> > https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD 
> >  
> > I wanted to use the "msNPAllowDialin" , in ADUC tab "Dail-in"  but i
> > notices this one was gone/ i was missing this one :
> > https://wiki.samba.org/images/8/88/MsNPAllowDialin.jpg Admin pc,
> > windows 7 64bit, samba 4.7.3.  AD Reinstalled it with the needed
> > dll's from a win2008R2.
> > Now my Dail in tab is shown in ADUC but when i try to open i get an
> > error. I had a look in the AD with my AD browser and i see
> im missing
> > for example : msNPAllowDialin in the AD and possible more.
> >
> >  
> > So my question, how can i add all needed properties back in the Ad
> > like the  msNPAllowDialin . Does samba have anything what
> can sort of
> > restore these, samba-tool dbcheck and --cross-nc show 0 errors. Or
> > should i import the radius schema and use that?
> > The results where im going at is a strongswan server with user auth
> > from ad/ldap with or without radius. vpn is already up and tested
> > with eap-mschapv2, with plain text username/passwords and im reading
> > now into the ldap part. so if anyone has some tips, that would be
> > great.
> >  
> > Greetz,
> >  
> > Louis
> >  
> >  
>
> Hi Louis,
>
> The 'msNPAllowDialin' is a standard AD attribute:
>
> cn: msNPAllowDialin
> ldapDisplayName: msNPAllowDialin
> attributeId: 1.2.840.113556.1.4.1119
> attributeSyntax: 2.5.5.8
> omSyntax: 1
> isSingleValued: TRUE
> schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0
> systemOnly: FALSE
> searchFlags: fCOPY
> attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
> systemFlags: FLAG_SCHEMA_BASE_OBJECT
>
> If you look here:
>
> https://msdn.microsoft.com/en-us/library/ms678093(v=vs.85).aspx
>
> it says:
>
> Do not modify this value directly.
>
> But I also found this:
>
> http://www.wisesoft.co.uk/scripts/vbscript_write_msnpallowdial
> in_attribute.aspx
>
> From which, it seems that if you don't have the attribute,
> you 'Control
> access through remote access policy'
> If you have the attribute, it can only be set to 'TRUE' or 'FALSE'
>
> Rowland
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
On Thu, 14 Dec 2017 12:23:43 +0100
"L.P.H. van Belle via samba" <[hidden email]> wrote:

> Hai Rowland,
>
>
> Even that msNPAllowDialin is a standard attribute, its not in my AD
> anymore, at least not within the users fields. I think in time this
> disapert wil fixing things.. This setup is running and upgraded as of
> samba 4.1. but thank for that info, reading that after my lunch.
>
> If i have more questions, i'll mail again.
> Thanks!
>
> Greetz,
>
> Louis
>

Go and have a look in:
 /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
Louis,
Take a look here:
https://windowsexplored.com/2012/10/23/installing-active-directory-and-all-those-other-little-tabs-in-windows-7-you-know-the-ones-you-used-to-have-in-windows-xp/

At the bottom of the page it tells you how to set the msNPAllowDialin attribute using Advanced  Features of ADUC and the Attribute Editor tab despite the missing Dial-In tab.

If you want to restore the Dial-In tab, the Microsoft have a workaround: https://support.microsoft.com/en-us/help/975448/the-dial-in-tab-is-not-available-in-the-active-directory-users-and-com 

But you need access to a Windows Server 2008, which you may not have available.

HTH,

Roy

> -----Original Message-----
> From: samba [mailto:[hidden email]] On Behalf Of Rowland
> Penny via samba
> Sent: 14 December 2017 11:38
> To: [hidden email]
> Subject: Re: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad
> setup.
>
> On Thu, 14 Dec 2017 12:23:43 +0100
> "L.P.H. van Belle via samba" <[hidden email]> wrote:
>
> > Hai Rowland,
> >
> >
> > Even that msNPAllowDialin is a standard attribute, its not in my AD
> > anymore, at least not within the users fields. I think in time this
> > disapert wil fixing things.. This setup is running and upgraded as of
> > samba 4.1. but thank for that info, reading that after my lunch.
> >
> > If i have more questions, i'll mail again.
> > Thanks!
> >
> > Greetz,
> >
> > Louis
> >
>
> Go and have a look in:
>  /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
Hai Roy,

Thanks for the reply.

The first link, i've tried that already.
In these steps:
1.Open ADUC or dsa.msc.
2.Go to View and check option for Advanced Features.
3.Right-click the user account and go to the Attribute Editor tab.
4.Locate and select the msNPAllowDialin attribute.
5.Select edit and change the value to the desired value

Im missing msNPAllowDailin.

Tried that from a Win 7, samba domain joined, nothing.
Tried that from a Win 2008R2, Not samba domain joined, again nothing.

After adding the Dail-in tab enable on my management pc (win7) im getting:
Dail-in Page error:
 Could not load the Dail-in profile for this user because: undefined errror.  

And this is on every user.

The second link, i've also tried that also, but tried also some extra things.
Now the following happens, i used workaround 2.

From the win2008R2, accessing its own, the win2008R2 AD, Dail-in tab is there, and everything looks ok.
Now i connect to the Samba AD, Dail-in tab is gone, but no errors.
Now i connect from my Win7 ( with the from 2008R2 added files to enable the dailin tab, error:
 Could not load the Dail-in profile for this user because: undefined errror.  

Rowland, do you know a way to validate my AD against /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
Im really not crazy, ;-) maybe sometimes a bit, but not now ;-)
Or a nifty search/edit, this is one i cant figure out.

I suspect this is a left over from an AD error about 2 years ago.
samba-tool fixed that but i think this is a left over, just not sure about it.

So anyone any other tips?

Greetz,

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens Roy
> Eastwood via samba
> Verzonden: donderdag 14 december 2017 13:13
> Aan: [hidden email]
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> Louis,
> Take a look here:
> https://windowsexplored.com/2012/10/23/installing-active-direc
tory-and-all-those-other-little-tabs-in-windows-7-you-know-the-> ones-you-used-to-have-in-windows-xp/

>
> At the bottom of the page it tells you how to set the
> msNPAllowDialin attribute using Advanced  Features of ADUC
> and the Attribute Editor tab despite the missing Dial-In tab.
>
> If you want to restore the Dial-In tab, the Microsoft have a
> workaround:
> https://support.microsoft.com/en-us/help/975448/the-dial-in-ta
> b-is-not-available-in-the-active-directory-users-and-com  
>
> But you need access to a Windows Server 2008, which you may
> not have available.
>
> HTH,
>
> Roy
>
> > -----Original Message-----
> > From: samba [mailto:[hidden email]] On
> Behalf Of Rowland
> > Penny via samba
> > Sent: 14 December 2017 11:38
> > To: [hidden email]
> > Subject: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad
> > setup.
> >
> > On Thu, 14 Dec 2017 12:23:43 +0100
> > "L.P.H. van Belle via samba" <[hidden email]> wrote:
> >
> > > Hai Rowland,
> > >
> > >
> > > Even that msNPAllowDialin is a standard attribute, its
> not in my AD
> > > anymore, at least not within the users fields. I think in
> time this
> > > disapert wil fixing things.. This setup is running and
> upgraded as of
> > > samba 4.1. but thank for that info, reading that after my lunch.
> > >
> > > If i have more questions, i'll mail again.
> > > Thanks!
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> >
> > Go and have a look in:
> >  /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list

Readin : https://wiki.samba.org/index.php/Samba_AD_schema_extensions 

Is it an option to make an ldiff for the  msNPAllowDialin  and others on that Dail-in Tab.
Im looking at the automount example.
Hints tips?


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> L.P.H. van Belle via samba
> Verzonden: donderdag 14 december 2017 13:44
> Aan: [hidden email]
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> Hai Roy,
>
> Thanks for the reply.
>
> The first link, i've tried that already.
> In these steps:
> 1.Open ADUC or dsa.msc.
> 2.Go to View and check option for Advanced Features.
> 3.Right-click the user account and go to the Attribute Editor tab.
> 4.Locate and select the msNPAllowDialin attribute.
> 5.Select edit and change the value to the desired value
>
> Im missing msNPAllowDailin.
>
> Tried that from a Win 7, samba domain joined, nothing.
> Tried that from a Win 2008R2, Not samba domain joined, again nothing.
>
> After adding the Dail-in tab enable on my management pc
> (win7) im getting:
> Dail-in Page error:
>  Could not load the Dail-in profile for this user because:
> undefined errror.  
>
> And this is on every user.
>
> The second link, i've also tried that also, but tried also
> some extra things.
> Now the following happens, i used workaround 2.
>
> From the win2008R2, accessing its own, the win2008R2 AD,
> Dail-in tab is there, and everything looks ok.
> Now i connect to the Samba AD, Dail-in tab is gone, but no errors.
> Now i connect from my Win7 ( with the from 2008R2 added files
> to enable the dailin tab, error:
>  Could not load the Dail-in profile for this user because:
> undefined errror.  
>
> Rowland, do you know a way to validate my AD against
> /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
> Im really not crazy, ;-) maybe sometimes a bit, but not now ;-)
> Or a nifty search/edit, this is one i cant figure out.
>
> I suspect this is a left over from an AD error about 2 years ago.
> samba-tool fixed that but i think this is a left over, just
> not sure about it.
>
> So anyone any other tips?
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:[hidden email]] Namens Roy
> > Eastwood via samba
> > Verzonden: donderdag 14 december 2017 13:13
> > Aan: [hidden email]
> > Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> > vpn advice for ad setup.
> >
> > Louis,
> > Take a look here:
> > https://windowsexplored.com/2012/10/23/installing-active-direc
> tory-and-all-those-other-little-tabs-in-windows-7-you-know-the
> -> ones-you-used-to-have-in-windows-xp/
> >
> > At the bottom of the page it tells you how to set the
> > msNPAllowDialin attribute using Advanced  Features of ADUC
> > and the Attribute Editor tab despite the missing Dial-In tab.
> >
> > If you want to restore the Dial-In tab, the Microsoft have a
> > workaround:
> > https://support.microsoft.com/en-us/help/975448/the-dial-in-ta
> > b-is-not-available-in-the-active-directory-users-and-com  
> >
> > But you need access to a Windows Server 2008, which you may
> > not have available.
> >
> > HTH,
> >
> > Roy
> >
> > > -----Original Message-----
> > > From: samba [mailto:[hidden email]] On
> > Behalf Of Rowland
> > > Penny via samba
> > > Sent: 14 December 2017 11:38
> > > To: [hidden email]
> > > Subject: Re: [Samba] ADUC missing msNPAllowDialin and need
> > vpn advice for ad
> > > setup.
> > >
> > > On Thu, 14 Dec 2017 12:23:43 +0100
> > > "L.P.H. van Belle via samba" <[hidden email]> wrote:
> > >
> > > > Hai Rowland,
> > > >
> > > >
> > > > Even that msNPAllowDialin is a standard attribute, its
> > not in my AD
> > > > anymore, at least not within the users fields. I think in
> > time this
> > > > disapert wil fixing things.. This setup is running and
> > upgraded as of
> > > > samba 4.1. but thank for that info, reading that after my lunch.
> > > >
> > > > If i have more questions, i'll mail again.
> > > > Thanks!
> > > >
> > > > Greetz,
> > > >
> > > > Louis
> > > >
> > >
> > > Go and have a look in:
> > >  
> /usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
> > >
> > > Rowland
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
On Thu, 14 Dec 2017 13:52:29 +0100
"L.P.H. van Belle via samba" <[hidden email]> wrote:

>
> Readin : https://wiki.samba.org/index.php/Samba_AD_schema_extensions 
>
> Is it an option to make an ldiff for the  msNPAllowDialin  and others
> on that Dail-in Tab. Im looking at the automount example.
> Hints tips?
>
>
> Greetz,
>
> Louis

OK, I take it back, I do have 'msNPAllowDialin' in AD:

root@dc1:~# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b 'CN=Schema,CN=Configuration,DC=example,DC=com' -s sub '(cn=msNPAllowDialin)'
# record 1
dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: msNPAllowDialin
instanceType: 4
whenCreated: 20171206114944.0Z
whenChanged: 20171206114944.0Z
uSNCreated: 755
attributeID: 1.2.840.113556.1.4.1119
attributeSyntax: 2.5.5.8
isSingleValued: TRUE
uSNChanged: 755
showInAdvancedViewOnly: TRUE
adminDisplayName: msNPAllowDialin
adminDescription: msNPAllowDialin
oMSyntax: 1
searchFlags: 16
lDAPDisplayName: msNPAllowDialin
name: msNPAllowDialin
objectGUID: cf7b3ec9-7055-428b-826a-41a526cca483
schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0
attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939
systemOnly: FALSE
systemFlags: 16
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=c
 om
distinguishedName: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC
 =com

# returned 1 records
# 1 entries
# 0 referrals

I created an ldif:

dn: CN=sysadmin,OU=itadmin,OU=personnel,OU=People,DC=example,DC=com
changetype: modify
add: msNPAllowDialin
msNPAllowDialin: TRUE

Added the ldif with:

ldbmodify --url=/var/lib/samba/private/sam.ldb msadd.ldif

I now have a user with the 'msNPAllowDialin' attribute

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
Hai Rowland,

Ok, cool, thanks for that.
Thats good to have that confirmed, the search show the same here.

Enabled that one, and yes, i can see the msNPAllowDailin but only in attribut editor, Dail-in tab still errors.

Reappy-ing the file :  MS-AD_Schema_2K8_R2_Attributes.txt
Is that possible, that "should" fix the missing parts.
I suspect a failure in the structure of the AD. ( arg..  hard to discribe what i mean in english )
I suspect some more parts, somewhere in 2015 i had a big ad problem, i think this is a left over.

I looked up some thing about then, and i see i had to fix almost all my AD objects.
That worked, everything runs fine., but i would really like my Dail-in tab working.


Greetz,

Louis




> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:[hidden email]]
> Verzonden: donderdag 14 december 2017 15:20
> Aan: [hidden email]
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> On Thu, 14 Dec 2017 13:52:29 +0100
> "L.P.H. van Belle via samba" <[hidden email]> wrote:
>
> >
> > Readin :
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions 
> >
> > Is it an option to make an ldiff for the  msNPAllowDialin  
> and others
> > on that Dail-in Tab. Im looking at the automount example.
> > Hints tips?
> >
> >
> > Greetz,
> >
> > Louis
>
> OK, I take it back, I do have 'msNPAllowDialin' in AD:
>
> root@dc1:~# ldbsearch --cross-ncs -H
> /var/lib/samba/private/sam.ldb -b
> 'CN=Schema,CN=Configuration,DC=example,DC=com' -s sub
> '(cn=msNPAllowDialin)'
> # record 1
> dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC=com
> objectClass: top
> objectClass: attributeSchema
> cn: msNPAllowDialin
> instanceType: 4
> whenCreated: 20171206114944.0Z
> whenChanged: 20171206114944.0Z
> uSNCreated: 755
> attributeID: 1.2.840.113556.1.4.1119
> attributeSyntax: 2.5.5.8
> isSingleValued: TRUE
> uSNChanged: 755
> showInAdvancedViewOnly: TRUE
> adminDisplayName: msNPAllowDialin
> adminDescription: msNPAllowDialin
> oMSyntax: 1
> searchFlags: 16
> lDAPDisplayName: msNPAllowDialin
> name: msNPAllowDialin
> objectGUID: cf7b3ec9-7055-428b-826a-41a526cca483
> schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0
> attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939
> systemOnly: FALSE
> systemFlags: 16
> objectCategory:
> CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=c
>  om
> distinguishedName:
> CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC
>  =com
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
> I created an ldif:
>
> dn: CN=sysadmin,OU=itadmin,OU=personnel,OU=People,DC=example,DC=com
> changetype: modify
> add: msNPAllowDialin
> msNPAllowDialin: TRUE
>
> Added the ldif with:
>
> ldbmodify --url=/var/lib/samba/private/sam.ldb msadd.ldif
>
> I now have a user with the 'msNPAllowDialin' attribute
>
> Rowland
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
On Thu, 14 Dec 2017 16:40:57 +0100
"L.P.H. van Belle via samba" <[hidden email]> wrote:

> Hai Rowland,
>
> Ok, cool, thanks for that.
> Thats good to have that confirmed, the search show the same here.
>
> Enabled that one, and yes, i can see the msNPAllowDailin but only in
> attribut editor, Dail-in tab still errors.
>
> Reappy-ing the file :  MS-AD_Schema_2K8_R2_Attributes.txt
> Is that possible, that "should" fix the missing parts.
> I suspect a failure in the structure of the AD. ( arg..  hard to
> discribe what i mean in english ) I suspect some more parts,
> somewhere in 2015 i had a big ad problem, i think this is a left
> over.
>
> I looked up some thing about then, and i see i had to fix almost all
> my AD objects. That worked, everything runs fine., but i would really
> like my Dail-in tab working.
>

I think I understand what you mean, the objectclass for
'msNPAllowDialin' is 'user', but it might need a structure in AD
similar to the ypServ30.ldif that makes the ADUC Unix Attributes tabs
work. What you might need is unknown to me.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - General mailing list
Yes, :-)) that what i mean.

Now hope someone of the other samba devs knows.
So, i'll wait a bit or mail to technical in a week or so.
First the new release. :-/


Thanks Rowland,

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:[hidden email]]
> Verzonden: donderdag 14 december 2017 17:11
> Aan: [hidden email]
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> On Thu, 14 Dec 2017 16:40:57 +0100
> "L.P.H. van Belle via samba" <[hidden email]> wrote:
>
> > Hai Rowland,
> >
> > Ok, cool, thanks for that.
> > Thats good to have that confirmed, the search show the same here.
> >
> > Enabled that one, and yes, i can see the msNPAllowDailin but only in
> > attribut editor, Dail-in tab still errors.
> >
> > Reappy-ing the file :  MS-AD_Schema_2K8_R2_Attributes.txt
> > Is that possible, that "should" fix the missing parts.
> > I suspect a failure in the structure of the AD. ( arg..  hard to
> > discribe what i mean in english ) I suspect some more parts,
> > somewhere in 2015 i had a big ad problem, i think this is a left
> > over.
> >
> > I looked up some thing about then, and i see i had to fix almost all
> > my AD objects. That worked, everything runs fine., but i
> would really
> > like my Dail-in tab working.
> >
>
> I think I understand what you mean, the objectclass for
> 'msNPAllowDialin' is 'user', but it might need a structure in AD
> similar to the ypServ30.ldif that makes the ADUC Unix Attributes tabs
> work. What you might need is unknown to me.
>
> Rowland
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba