FW: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

FW: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - samba-technical mailing list
Hai,

I know everybody is very buzy, but a small question.

Somehow my ad structure is not correct.
I need to re-apply/validate  the MS-AD_Schema_2K8_R2_Attributes.txt to my AD. but i dont know if its possible.

Anyone a hint tips is it possible?

Greetz,

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> L.P.H. van Belle via samba
> Verzonden: donderdag 14 december 2017 16:41
> Aan: [hidden email]
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> Hai Rowland,
>
> Ok, cool, thanks for that.
> Thats good to have that confirmed, the search show the same here.
>
> Enabled that one, and yes, i can see the msNPAllowDailin but
> only in attribut editor, Dail-in tab still errors.
>
> Reappy-ing the file :  MS-AD_Schema_2K8_R2_Attributes.txt
> Is that possible, that "should" fix the missing parts.
> I suspect a failure in the structure of the AD. ( arg..  hard
> to discribe what i mean in english )
> I suspect some more parts, somewhere in 2015 i had a big ad
> problem, i think this is a left over.
>
> I looked up some thing about then, and i see i had to fix
> almost all my AD objects.
> That worked, everything runs fine., but i would really like
> my Dail-in tab working.
>
>
> Greetz,
>
> Louis
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: Rowland Penny [mailto:[hidden email]]
> > Verzonden: donderdag 14 december 2017 15:20
> > Aan: [hidden email]
> > CC: L.P.H. van Belle
> > Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> > vpn advice for ad setup.
> >
> > On Thu, 14 Dec 2017 13:52:29 +0100
> > "L.P.H. van Belle via samba" <[hidden email]> wrote:
> >
> > >
> > > Readin :
> > https://wiki.samba.org/index.php/Samba_AD_schema_extensions 
> > >
> > > Is it an option to make an ldiff for the  msNPAllowDialin  
> > and others
> > > on that Dail-in Tab. Im looking at the automount example.
> > > Hints tips?
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> >
> > OK, I take it back, I do have 'msNPAllowDialin' in AD:
> >
> > root@dc1:~# ldbsearch --cross-ncs -H
> > /var/lib/samba/private/sam.ldb -b
> > 'CN=Schema,CN=Configuration,DC=example,DC=com' -s sub
> > '(cn=msNPAllowDialin)'
> > # record 1
> > dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC=com
> > objectClass: top
> > objectClass: attributeSchema
> > cn: msNPAllowDialin
> > instanceType: 4
> > whenCreated: 20171206114944.0Z
> > whenChanged: 20171206114944.0Z
> > uSNCreated: 755
> > attributeID: 1.2.840.113556.1.4.1119
> > attributeSyntax: 2.5.5.8
> > isSingleValued: TRUE
> > uSNChanged: 755
> > showInAdvancedViewOnly: TRUE
> > adminDisplayName: msNPAllowDialin
> > adminDescription: msNPAllowDialin
> > oMSyntax: 1
> > searchFlags: 16
> > lDAPDisplayName: msNPAllowDialin
> > name: msNPAllowDialin
> > objectGUID: cf7b3ec9-7055-428b-826a-41a526cca483
> > schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0
> > attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939
> > systemOnly: FALSE
> > systemFlags: 16
> > objectCategory:
> > CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=c
> >  om
> > distinguishedName:
> > CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=example,DC
> >  =com
> >
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> >
> > I created an ldif:
> >
> > dn: CN=sysadmin,OU=itadmin,OU=personnel,OU=People,DC=example,DC=com
> > changetype: modify
> > add: msNPAllowDialin
> > msNPAllowDialin: TRUE
> >
> > Added the ldif with:
> >
> > ldbmodify --url=/var/lib/samba/private/sam.ldb msadd.ldif
> >
> > I now have a user with the 'msNPAllowDialin' attribute
> >
> > Rowland
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


Reply | Threaded
Open this post in threaded view
|

Re: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - samba-technical mailing list
On Fri, 15 Dec 2017 09:53:12 +0100
"L.P.H. van Belle via samba-technical"
<[hidden email]> wrote:

> Hai,
>
> I know everybody is very buzy, but a small question.
>
> Somehow my ad structure is not correct.
> I need to re-apply/validate  the MS-AD_Schema_2K8_R2_Attributes.txt
> to my AD. but i dont know if its possible.
>
> Anyone a hint tips is it possible?
>

What is wrong with your AD ?
You wouldn't want to use the .txt file, if anything you will need to
use the ldifs from a tarball 'setup/setup/'

Not sure which ldifs or how you would do this.

Rowland

Reply | Threaded
Open this post in threaded view
|

RE: [Samba] ADUC missing msNPAllowDialin and need vpn advice for ad setup.

Samba - samba-technical mailing list
I dont know exact whats it is and imo the only way to check this, is by verifing the complete AD.
All normal samba checks are ok, i now test with rsat w10 RSAT.
But a sort of validation on the complete ad, like how it should be, just after provisioning would be nice.

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:[hidden email]] Namens
> Rowland Penny via samba-technical
> Verzonden: vrijdag 15 december 2017 10:45
> Aan: [hidden email]
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] ADUC missing msNPAllowDialin and need
> vpn advice for ad setup.
>
> On Fri, 15 Dec 2017 09:53:12 +0100
> "L.P.H. van Belle via samba-technical"
> <[hidden email]> wrote:
>
> > Hai,
> >
> > I know everybody is very buzy, but a small question.
> >
> > Somehow my ad structure is not correct.
> > I need to re-apply/validate  the MS-AD_Schema_2K8_R2_Attributes.txt
> > to my AD. but i dont know if its possible.
> >
> > Anyone a hint tips is it possible?
> >
>
> What is wrong with your AD ?
> You wouldn't want to use the .txt file, if anything you will need to
> use the ldifs from a tarball 'setup/setup/'
>
> Not sure which ldifs or how you would do this.
>
> Rowland
>
>