Hi list, Im using Samba 4.x (x >=8) and Im excited about the new "samba-tool computer" simplification of computer managment in AD mode. Now I would like to use some more information tagsĀ in the computer section, i.e. partition information or macadress of the nic. So I tried to enhance the schema (using 4.10.0pre1-GIT-8c00c017cb5) i.e. simple with>>> cat win.ldifdn: CN=DEMO-01,CN=Computers,DC=dmiserver,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer CN: DEMO-01 name: DEMO-01 userAccountControl: 4096 sAMAccountName: DEMO-01$ operatingSystem: Windows 8.1 Professional Volume operatingSystemVersion: 6.3 (9600) which worked fine:>>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldifAdded 1 records successfully *BUT* Using an attribute (which seems not to be in schema, I guess), it fails:>>> cat win.ldifdn: CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer CN: DEMO-02 name: DEMO-02 userAccountControl: 4096 sAMAccountName: DEMO-02$ operatingSystem: Windows 8.1 Professional Volume operatingSystemVersion: 6.3 (9600) macaddress: aa:bb:cc:dd:ee:ff it fails with:>>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldifERR: Object class violation : "objectclass_attrs: attribute 'macAddress' on entry 'CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan' does not exist in the specified objectclasses!" on DN CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan at block before line 13 Add failed after processing 0 records Is it difficult to enhance this part of information in Samba-database? Is it possible, that some additional attributes breaks the samba ad funcionality? Should I alternatively use another part of samba-tree? Or is it better to use a complete different database independent from samba? For me samba-db seems the perfect place, because my attributes staying automatically at the right place to search and so I wouldnt have the work for a complete new schema. What is your recommendation? How should I enhance the scheme? Unfortunatly, the ldbadd/ldbmodify part of the samba-documentation is very terse. Tfh! Oliver
On Mon, 10 Sep 2018 18:59:59 +0200 Oliver Rath via samba <samba at lists.samba.org> wrote:> Hi list, > > Im using Samba 4.x (x >=8) and Im excited about the new "samba-tool > computer" simplification of computer managment in AD mode. > > Now I would like to use some more information tagsĀ in the computer > section, i.e. partition information or macadress of the nic. > > So I tried to enhance the schema (using 4.10.0pre1-GIT-8c00c017cb5) > i.e. simple with > > >>> cat win.ldif > > dn: CN=DEMO-01,CN=Computers,DC=dmiserver,DC=lan > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > objectClass: computer > CN: DEMO-01 > name: DEMO-01 > userAccountControl: 4096 > sAMAccountName: DEMO-01$ > operatingSystem: Windows 8.1 Professional Volume > operatingSystemVersion: 6.3 (9600) > > which worked fine: > > >>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldif > Added 1 records successfully > > *BUT* > > Using an attribute (which seems not to be in schema, I guess), it > fails: > > >>> cat win.ldif > > dn: CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > objectClass: computer > CN: DEMO-02 > name: DEMO-02 > userAccountControl: 4096 > sAMAccountName: DEMO-02$ > operatingSystem: Windows 8.1 Professional Volume > operatingSystemVersion: 6.3 (9600) > macaddress: aa:bb:cc:dd:ee:ff > > it fails with: > > >>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldif > ERR: Object class violation : "objectclass_attrs: attribute > 'macAddress' on entry 'CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan' > does not exist in the specified objectclasses!" on DN > CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan at block before line 13 > Add failed after processing 0 records >The possible answer is in the error message. The attribute is actually 'macAddress' and its objectclass is 'ieee802Device', so if you add the objectclass and fix the syntax it may work. Rowland
Hi Rowland, thank you for your fast answer. More see below. On 10.09.2018 19:18, Rowland Penny via samba wrote:> [..] ERR: Object class violation : "objectclass_attrs: attribute >> 'macAddress' on entry 'CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan' >> does not exist in the specified objectclasses!" on DN >> CN=DEMO-02,CN=Computers,DC=dmiserver,DC=lan at block before line 13 >> Add failed after processing 0 records >> > The possible answer is in the error message. The attribute is actually > 'macAddress' and its objectclass is 'ieee802Device', so if you add the > objectclass and fix the syntax it may work.Hmm. Looking with google tells me, that ieee803Device ist part of nis.schema, which is already implemented on my ad with --rfc2307 via provisioning. But changing macaddress to ieee803Device: aa:bb:cc:dd:ee:ff results in:>>> ldbadd -H /var/lib/samba/private/sam.ldb < win.ldifERR: No such attribute : "objectclass_attrs: attribute 'ieee803Device' on entry 'CN=DEMO-03,CN=Computers,DC=dmiserver,DC=lan' was not found in the schema!" on DN CN=DEMO-03,CN=Computers,DC=dmiserver,DC=lan at block before line 13 Add failed after processing 0 records ieee803Device: aa:bb:cc:dd:ee:ff Any hints? Is there a compact list of supported attributes? Tfh! Oliver