Daniel Müller
2023-Oct-19 07:03 UTC
[Samba] Question about silos and Authentication policies
Hello,
You cannot use Active Directory Administrativ Center because samba has no ADWS
implented.
There where efforts and but ADWS did no reach production status. I think
Catalyst, Andrew Bartlett tried someting, did not finish it.
Yes you need to use the old RSAT.
Gretings
Daniel
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
-----Urspr?ngliche Nachricht-----
Von: Stefan Kania via samba [mailto:samba at lists.samba.org]
Gesendet: Mittwoch, 18. Oktober 2023 17:43
An: Samba List <samba at lists.samba.org>
Betreff: [Samba] Question about silos and Authentication policies
I just installed Samba 4.19.1 (Sernet-packages). Here is my smb.conf on my DC
-----------------
# Global parameters
[global]
ad dc functional level = 2016
netbios name = ADDC-01
realm = EXAMPLE.NET
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = EXAMPLE
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/example.net/scripts
read only = No
-----------------
I provisioned my DC with:
-----------
samba-tool domain provision --option="ad dc functional level = 2016"
--function-level=2016 --domain=example --realm=example.net
--host-ip=192.168.56.201 --backend-store=mdb --dns-backend=BIND9_DLZ
--adminpass=Gansgehe1m
-----------
Then I did:
---------
samba-tool domain schemaupgrade --schema=2019 samba-tool domain functionalprep
--function-level=2016 samba-tool domain level raise --domain-level=2016
--forest-level=2016
---------
I joined a Windows 10 client. I can start ADUC sites-and-services DNS-manager
from RSAT. But if I try to start "Active Directory Administrativ
Center" to manage auth-policies and silos I getting the
message:
--------
It's not possible to get a connection to any domain
--------
So even if I had switch to FL 2016 I still can't manage auth-policies and
silos via Windows RSAT?
Or did I forget something?
Stefan Kania
2023-Oct-19 09:48 UTC
[Samba] Question about silos and Authentication policies
Do you know wich of the RSAT I need to use to manage auth-policies and silos. With samba-tool I can't assign users and hosts to the policies. I can only create, delete, list and view policies and silos Am 19.10.23 um 09:03 schrieb Daniel M?ller via samba:> Hello, > > You cannot use Active Directory Administrativ Center because samba has no ADWS implented. > There where efforts and but ADWS did no reach production status. I think Catalyst, Andrew Bartlett tried someting, did not finish it. > Yes you need to use the old RSAT. > > Gretings > Daniel > > > EDV Daniel M?ller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > > > > -----Urspr?ngliche Nachricht----- > Von: Stefan Kania via samba [mailto:samba at lists.samba.org] > Gesendet: Mittwoch, 18. Oktober 2023 17:43 > An: Samba List <samba at lists.samba.org> > Betreff: [Samba] Question about silos and Authentication policies > > I just installed Samba 4.19.1 (Sernet-packages). Here is my smb.conf on my DC > ----------------- > # Global parameters > [global] > ad dc functional level = 2016 > netbios name = ADDC-01 > realm = EXAMPLE.NET > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = EXAMPLE > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/example.net/scripts > read only = No > ----------------- > > I provisioned my DC with: > > ----------- > samba-tool domain provision --option="ad dc functional level = 2016" > --function-level=2016 --domain=example --realm=example.net > --host-ip=192.168.56.201 --backend-store=mdb --dns-backend=BIND9_DLZ --adminpass=Gansgehe1m > ----------- > > Then I did: > --------- > samba-tool domain schemaupgrade --schema=2019 samba-tool domain functionalprep --function-level=2016 samba-tool domain level raise --domain-level=2016 --forest-level=2016 > --------- > > I joined a Windows 10 client. I can start ADUC sites-and-services DNS-manager from RSAT. But if I try to start "Active Directory Administrativ Center" to manage auth-policies and silos I getting the > message: > -------- > It's not possible to get a connection to any domain > -------- > So even if I had switch to FL 2016 I still can't manage auth-policies and silos via Windows RSAT? > > Or did I forget something? > > > > > >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html Download der root-Zertifikate: https://www.dgn.de/dgncert/downloads.html Neuer GPG-Key der public key befindet sich im Anhang -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20231019/1722e694/OpenPGP_signature.sig>