Vladimir
2018-Sep-14 17:40 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
Hy Guys, I am trying to migrate to samba 4 and I need some help. So, I have a samba running with samba 3 and LDAP. Today I use my samba for auth of my e-mail, file server and several other applications. I use a WEB based LDAP administration program called goSA. I have Installed samba 4.8.4 on a test machine and create some users, the problem is, to keep my email and all functionality that I have today, I need to create some classes and attributes in samba. Before you ask, I have set the 'dsdb:schema update allowed = true' on smb.conf, I could create the class and attribute using the MMC to update the schema on windows, and I added the classes that I created as subclasses of the 'User' class. The problem is, I cannot see my created atributes on RSAT ADUC. I have set the option to show advanced resources, but when I select the TAB with the attributes editor, my newly created attributes are not there. I have tried to create new users, but the result is the same. Am I missing something?? I know that I can set the values of the attributes using LDIF, and I have done it successfully, but I want a interface to my daily work, Is it possible to use custom atributes on samba 4.8.4, and make them visible on RSAT ADUC??? Thanks in Advance, Vladimir.
Rowland Penny
2018-Sep-14 18:04 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
On Fri, 14 Sep 2018 14:40:38 -0300 Vladimir via samba <samba at lists.samba.org> wrote:> Hy Guys, > > I am trying to migrate to samba 4 and I need some help. So, I have a > samba running with samba 3 and LDAP. Today I use my samba for auth > of my e-mail, file server and several other applications. I use a WEB > based LDAP administration program called goSA. >Gosa is old and I am not sure it is maintained any more, but there is a fork available: fusion directory.> I have Installed samba 4.8.4 on a test machine and create some users, > the problem is, to keep my email and all functionality that I have > today, I need to create some classes and attributes in samba. > > Before you ask, I have set the 'dsdb:schema update allowed = true' on > smb.conf, I could create the class and attribute using the MMC to > update the schema on windows, and I added the classes that I created > as subclasses of the 'User' class. > > The problem is, I cannot see my created atributes on RSAT ADUC. I > have set the option to show advanced resources, but when I select the > TAB with the attributes editor, my newly created attributes are not > there. I have tried to create new users, but the result is the same. > > Am I missing something?? I know that I can set the values of the > attributes using LDIF, and I have done it successfully, but I want a > interface to my daily work, Is it possible to use custom atributes on > samba 4.8.4, and make them visible on RSAT ADUC???Not as far as I am aware, ADUC was written around Active Directory and I doubt Microsoft really cares about any other package. You could try using something like zentyal. Rowland
Vladimir
2018-Sep-14 18:50 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
*Thanks for you help, *Rowland>Gosa is old and I am not sure it is maintained any more, but there is a >fork available: fusion directory.I know it is old, but as we decided to migrate from goSA, we are trying to migrate directly to samba 4, and as far as I know fusion directory does not support samba 4.>Not as far as I am aware, ADUC was written around Active Directory and >I doubt Microsoft really cares about any other package. >You could try using something like zentyal. > >RowlandThanks for the suggestion of the zentyal, but I dont want to change all my servers and configuration to a new environment. In fact I really just want to add some atributes and being able to change them. This is possible in Microsoft AD, and they have some documentation about this:https://social.technet.microsoft.com/wiki/contents/articles/51121.active-directory-how-to-add-custom-attribute-to-schema.aspx So, Is there something missing on samba 4?? Or there is something related to some windows GPO property, object or something like this???
Rowland Penny
2018-Sep-14 19:36 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
On Fri, 14 Sep 2018 15:50:58 -0300 Vladimir via samba <samba at lists.samba.org> wrote:> *Thanks for you help, *Rowland > >Gosa is old and I am not sure it is maintained any more, but there > >is a fork available: fusion directory. > > I know it is old, but as we decided to migrate from goSA, we are > trying to migrate directly to samba 4, and as far as I know fusion > directory does not support samba 4.As I have never used either, fusion directory was just a suggestion, there are other similar programs available, LAM for instance.> > > >Not as far as I am aware, ADUC was written around Active Directory > >and I doubt Microsoft really cares about any other package. > >You could try using something like zentyal. > > > >Rowland > > Thanks for the suggestion of the zentyal, but I dont want to change > all my servers and configuration to a new environment. In fact I > really just want to add some atributes and being able to change them. > > This is possible in Microsoft AD, and they have some documentation > about > this:https://social.technet.microsoft.com/wiki/contents/articles/51121.active-directory-how-to-add-custom-attribute-to-schema.aspx > > So, Is there something missing on samba 4?? > Or there is something related to some windows GPO property, object or > something like this???You certainly can extend the schema on Samba 4 and you can also create individual classes and attributes, but I don't think you can do it in the way described on the page you linked to. You cannot run the VBScript on a Samba DC, so how would you get the OID ? What I was trying to suggest was, at the same time you upgrade to Samba AD, it may be a chance to upgrade to a more recent mailserver etc. Rowland
Jonathan Hunter
2018-Sep-17 18:07 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
Hi Vladimir, On Fri, 14 Sep 2018 at 18:41, Vladimir via samba <samba at lists.samba.org> wrote:> [....] > I have Installed samba 4.8.4 on a test machine and create some users, the > problem is, to keep my email and all functionality that I have today, I > need to create some classes and attributes in samba. >[...] > The problem is, I cannot see my created atributes on RSAT ADUC. I have set > the option to show advanced resources, but when I select the TAB with the > attributes editor, my newly created attributes are not there. I have tried > to create new users, but the result is the same.I have been running for the last few years with Samba4 (since 4.0.0, in fact) and my schema is also extended as you describe. I use ADUC for most of my administrative work, but as you have discovered, ADUC doesn't let you work very well with custom attributes. For that, I use ADSIEdit - it's not as user-friendly as ADUC but works just fine, for my use case I can right-click on an OU and create a new custom object; or I can edit an existing object and alter my custom attribute properties. However, if you just want to work with an existing object, and adjust custom attributes of that object, there is a way. From ADUC, first enable "View -> Advanced Features". Then, properties of your object will show an additional "Attribute Editor" tab, you might need to adjust the filter as I think by default it only shows attributes with values.. but this might suffice for your needs. I did once look into extending ADUC so as to show my custom attributes nicely.. I think this link below was the one I was looking at.. but I eventually gave it up as too much effort since it required distributing custom DLLs or code to client PCs (as I recall). Do please have a look yourself, though, and let me know if you manage it! https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727064(v=technet.10) -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
Chris
2018-Sep-18 04:40 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
On Fri, 14 Sep 2018 14:40:38 -0300 Vladimir via samba wrote:> the > problem is, to keep my email and all functionality that I have today, > I need to create some classes and attributes in samba.out of curiosity: which mailserver is this? - Chris
Vladimir
2018-Sep-18 16:48 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
I am using postfix and dovecot on a centos 7 machine. And I also use the gnarwl and a script I made, to take care of vacation messages. All the forward addresses, quota mailbox size, alternative addresses, vacation start and stop times are stored on openldap, and consequently to achieve the same structure, they must be in samba 4 ldap. Vladimir. Em ter, 18 de set de 2018 às 01:57, Chris via samba <samba at lists.samba.org> escreveu:> On Fri, 14 Sep 2018 14:40:38 -0300 > Vladimir via samba wrote: > > > the > > problem is, to keep my email and all functionality that I have today, > > I need to create some classes and attributes in samba. > > out of curiosity: which mailserver is this? > > - Chris > > -- >
Vladimir
2018-Sep-18 17:03 UTC
[Samba] Extending the AD schema - Cannot see attributes in RSAT
Hi Jonathan, thanks for the help.> I use ADUC for most of my administrative work, but as you have > discovered, ADUC doesn't let you work very well with custom > attributes. For that, I use ADSIEdit - it's not as user-friendly as > ADUC but works just fine, for my use case I can right-click on an OU > and create a new custom object; or I can edit an existing object and > alter my custom attribute properties. > > I have tried this before, but my attributes are not being shown in theADSIEdit either. However, if you just want to work with an existing object, and adjust> custom attributes of that object, there is a way. From ADUC, first > enable "View -> Advanced Features". Then, properties of your object > will show an additional "Attribute Editor" tab, you might need to > adjust the filter as I think by default it only shows attributes with > values.. but this might suffice for your needs. > > Thats the problem, my attributes are not being shown even when I enable"View -> Advanced Features". Can you send me the steps that you used to create a custom attribute?? I have tried differents approaches, but none of them have worked. I tried creating the attributes using the MMC schema editor, creating using a ldif on samba 4 and finally using a script on windows. None of them worked (the attributes and class were created, but they are not visible on my users attributes). Of course I added the class that I created as a subclass of "User" class. I did once look into extending ADUC so as to show my custom attributes> nicely.. I think this link below was the one I was looking at.. but I > eventually gave it up as too much effort since it required > distributing custom DLLs or code to client PCs (as I recall). Do > please have a look yourself, though, and let me know if you manage it! > > https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727064(v=technet.10) > -- > "If we knew what it was we were doing, it would not be called > research, would it?" > - Albert Einstein > >I know that for having a TAB on ADUC you need to create a custom DLL, but all I need is: make my attributes visible on advanced atributes editor on ADUC. Just this. As you have already done this, do you have any tip??? Thanks for your help. Vladimir.> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Possibly Parallel Threads
- Extending the AD schema - Cannot see attributes in RSAT
- Extending the AD schema - Cannot see attributes in RSAT
- Extending the AD schema - Cannot see attributes in RSAT
- Can't create users with RSAT - "An error occurred. Contact you system administrator"
- LDAP permissions - ldbedit/ldapmodify?