I'm working with the Centos 7 packages for Samba 4.2.10 and I note that the stock packages don't include the ldb tools (eg, ldbmodify, ldbsearch, etc). I did find a stand along centos package that contains these tools from here: https://wiki.samba.org/index.php/LDB However, the stand along tools don't seem to be aware of the Active Directory schema. For example, if I try to use these tools to add an attribute to the Active Directory schema using : --option="dsdb:schema update allowed"=true' The stand alone tools say they don't know that this --options input means. Is there a difference syntax for these stand alone tools? -- Greg J. Zartman Board Member Koozali SME Server www.koozali.org SME Server user, contributor, and community member since 2000
Rowland Penny
2016-Oct-03 08:24 UTC
[Samba] ldb-tools stand alone different than built-in?
On Sun, 2 Oct 2016 15:52:50 -0700 Greg Zartman via samba <samba at lists.samba.org> wrote:> I'm working with the Centos 7 packages for Samba 4.2.10 and I note > that the stock packages don't include the ldb tools (eg, ldbmodify, > ldbsearch, etc). > > I did find a stand along centos package that contains these tools from > here: https://wiki.samba.org/index.php/LDB > > However, the stand along tools don't seem to be aware of the Active > Directory schema. For example, if I try to use these tools to add an > attribute to the Active Directory schema using : > --option="dsdb:schema update allowed"=true' > > The stand alone tools say they don't know that this --options input > means. > > Is there a difference syntax for these stand alone tools? >No, as there are no stand alone tools. There is just one code base and the various distro packages are built from this. it may be that the ldb-tools package you have found is meant for a different version of Samba than the one you have installed. The last time I looked, Centos didn't have packages from which you could create an AD domain, is this the reason you don't have ldb-tools that works with active directory ? Rowland
Rowland Penny
2016-Oct-03 17:19 UTC
[Samba] ldb-tools stand alone different than built-in?
On Mon, 3 Oct 2016 09:49:32 -0700 Greg Zartman <gzartman at koozali.org> wrote:> To clarify, the ldb tools I built work. The ones in the ltb-tools > package in the centos repos does not work >As I said, Centos doesn't (yet) have packages from which you can create an AD DC, it therefore seems likely that the ldb-tools package you found, do not have the code to connect to a Samba AD DC, this is just a guess on my part, perhaps somebody can confirm this either way. Rowland
On Sun, 2 Oct 2016, Greg Zartman via samba wrote:> I'm working with the Centos 7 packages for Samba 4.2.10 and I note that the > stock packages don't include the ldb tools (eg, ldbmodify, ldbsearch, etc). > > However, the stand along tools don't seem to be aware of the Active > Directory schema. For example, if I try to use these tools to add an > attribute to the Active Directory schema using : --option="dsdb:schema > update allowed"=true' > > The stand alone tools say they don't know that this --options input means. > > Is there a difference syntax for these stand alone tools?The standalone tools (as packaged by CentOS) don't have all of the extensions that are built when you build a Samba DC. If you have already rebuilt CentOS Samba packages with DC support, you need to add samba's ldb modules to ldb's module path. $ ldbadd --help | grep -- --option $ (no results) $ export LDB_MODULES_PATH="/usr/lib64/samba/ldb/" $ ldbadd --help | grep -- --option --option=name=value Set smb.conf option from command (results!) BTW, the help output is over twice as long when it finds samba's ldb module path, it contains quite a few additional commands.
On Mon, Oct 3, 2016 at 10:39 AM, Sketch <smblist at rednsx.org> wrote:> > The standalone tools (as packaged by CentOS) don't have all of the > extensions that are built when you build a Samba DC. If you have already > rebuilt CentOS Samba packages with DC support, you need to add samba's ldb > modules to ldb's module path. >This is what I suspected. Thanks for confirming. I was able to rebuild the COS 7 RPM with the ldb-tools that work fine with active directory. I just wanted to make sure that the upstream tools would not work, and you have confirmed they won't. Thank you -- Greg J. Zartman Board Member Koozali SME Server www.koozali.org SME Server user, contributor, and community member since 2000