search for: adschema

Displaying 18 results from an estimated 18 matches for "adschema".

2019 Mar 03
3
Joining a DC, was (no subject)
...ook at this again before committing to the documentation change, which seems to diverge from the goal of making SAMBA work like a Windows AD DC. Here are some MS documents (contemporaneous with document linked in documentation prior to this change): https://docs.microsoft.com/en-us/windows/desktop/adschema/a-upnsuffixes https://docs.microsoft.com/en-us/windows/desktop/adschema/a-userprincipalname and in this one, https://docs.microsoft.com/en-us/windows/desktop/AD/naming-properties it is noted that: "A UPN suffix has the following restrictions: It must be the DNS name of a domain, but does not...
2019 Apr 23
2
How to get users last Login time
On Tue, 23 Apr 2019 17:12:37 +0200 Sven Schwedas via samba <samba at lists.samba.org> wrote: > https://docs.microsoft.com/en-us/windows/desktop/adschema/a-lastlogontimestamp > > Works on Samba AD as on Windows and can be queried by any LDAP client > and used in Bash/Powershell scripts. There's probably finished scripts > somewhere you can use. > Yes, you could use that attribute, but it isn't as accurate. Rowland
2019 Dec 05
1
Account locked and delayed user data propagation...
...elave... > Also have a look at the msDS-User-Account-Control-Computed attribute. > that will avoid you encoding this logic in your shell scripts as it is > what Samba uses internally. A-HA! Seems strange to me there's no such field... https://docs.microsoft.com/en-us/windows/win32/adschema/a-msds-user-account-control-computed so, i need to check for 'UF_LOCKOUT', i suppose... Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078...
2023 Apr 14
1
eduPerson schema on samba4
hi, I created a lab to test adding the eduPerson schema. I took the schema from the link below and followed the wiki to add the schema. hxxps:// github.com/REFEDS/eduperson/blob/master/schema/activedirectory/eduPerson.adschema.ldf I split the ldif into 3 parts. attrs.ldif classes.ldif auxiliaryClass.ldif At first there was no error when adding the ldifs with the commands given in the wiki. To make sure, I did a search with ldbsearch and verified that the schema was added. After that I added the class *eduPerson* to a...
2005 Feb 16
0
winbind fails to list all groups with adminCount not set
...sers without exception. To check if adminCount is set or not I used this command: ldapsearch -D <binddn> \ -w <password> -h <windows-ads> -x -b \ cn=<username>,cn=Users,dc=... Microsoft says in this article: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_admincount.asp "Indicates that a given object has had its ACL's changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively)." and this attribute is set "When an object is added to an administrat...
2024 Apr 18
1
ip attrs on computer object
...ct. >> >> What would be the objectClass to add? > ipNetwork >> >> Or is this a bad idea and should I better follow a different approach? > sorry i cant tell it looks that ipNetwork represents an abstraction of a network https://learn.microsoft.com/en-us/windows/win32/adschema/c-ipnetwork so it may not be the right class to use for a computer... may be you should follow a different approach... >> >> (samba 4.19.5 on bookworm) >> >> - Kees. >> >> -- Arnaud FLORENT IRIS Technologies
2019 Apr 23
4
How to get users last Login time
Hi We are using SAMBA4 As Active Directory We have a requirement to a) find out which user did not logging for more then 90 days and Delete those user by using script I am just wondering, is there any command to check in Samba4 to get user Last login time ? Thanks-- Regards -- Regards Fosiul Alam
2019 Dec 04
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > I think you are over thinking this ;-) I'm simply applying the policy... ;-) https://docs.microsoft.com/it-it/windows/win32/adschema/a-lockouttime say at the bottom: This attribute value is only reset when the account is logged onto successfully. This means that this value may be non zero, yet the account is not locked out. To accurately determine if the account is locked out, you must add the Lockout-Duration to this time...
2019 Jan 09
3
[Oddity] SAMAccountName and 20+ chars logins...
Reading here i've understod that for LDAP query it is better to use SAMAccountName as 'login', but today i've found: https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname so, 'SAMAccountName' is a compatibility field with NT mode, limited to 20 chars. Someone here use 21 chars logins? ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo...
2019 Jan 09
0
[Oddity] SAMAccountName and 20+ chars logins...
...> Onderwerp: [Samba] [Oddity] SAMAccountName and 20+ chars logins... > > > > Reading here i've understod that for LDAP query it is better to use > SAMAccountName as 'login', but today i've found: > > > https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-sa > maccountname > > so, 'SAMAccountName' is a compatibility field with NT mode, limited to > 20 chars. > > > Someone here use 21 chars logins? ;-) > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Fami...
2019 Apr 23
0
How to get users last Login time
https://docs.microsoft.com/en-us/windows/desktop/adschema/a-lastlogontimestamp Works on Samba AD as on Windows and can be queried by any LDAP client and used in Bash/Powershell scripts. There's probably finished scripts somewhere you can use. On 23.04.19 17:07, Fosiul Alam via samba wrote: > Hi > We are using SAMBA4 As Active Directory We have...
2019 Apr 24
0
How to get users last Login time
...for-and-how-it-works/ It was literally designed for *this exact use case*. On 23.04.19 17:35, Rowland Penny via samba wrote: > On Tue, 23 Apr 2019 17:12:37 +0200 > Sven Schwedas via samba <samba at lists.samba.org> wrote: > >> https://docs.microsoft.com/en-us/windows/desktop/adschema/a-lastlogontimestamp >> >> Works on Samba AD as on Windows and can be queried by any LDAP client >> and used in Bash/Powershell scripts. There's probably finished scripts >> somewhere you can use. >> > > Yes, you could use that attribute, but it isn't as...
2019 Dec 04
0
Account locked and delayed user data propagation...
On 04/12/2019 11:21, Marco Gaiarin via samba wrote: > Mandi! Rowland penny via samba > In chel di` si favelave... > >> I think you are over thinking this ;-) > I'm simply applying the policy... ;-) > > https://docs.microsoft.com/it-it/windows/win32/adschema/a-lockouttime > > say at the bottom: > > This attribute value is only reset when the account is logged onto successfully. > This means that this value may be non zero, yet the account is not locked out. > To accurately determine if the account is locked out, you must add the...
2023 Apr 13
1
eduPerson schema on samba4
hi, Does anyone on the list use the eduPerson schema in Samba4 as a DC? -- Elias Pereira
2024 Apr 16
1
ip attrs on computer object
Hi Le 16/04/2024 ? 17:08, Kees van Vloten via samba a ?crit?: > Hi team, > > I am trying to store some ip-data on the computer-account object in > ldap. I managed to store ip-address in 'ipHostNumber' and mac-address > in 'macAddress' (after adding objectClass: "ieee802Device"). > > The last attribute I want to store is 'ipNetmaskNumber'
2019 Dec 05
3
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > As I said, if 'lockoutTime' isn't set or it is set to '0', then the user > isn't locked out, anything else and it is, but I do not believe that you can > set it to anything else but '0' manually, only the system can do this. > This is where 'lockoutDuration' comes in, the account
2019 Mar 14
8
How to automatically store the macAddress in AD
Hi list, Does someone know a way to automatically store the hwaddress in the AD? I'm using Veyon in my school to manage the students PCs and if the hwadress is populated in the AD, the Room configuration can be set with AD otherwise i have to manage rooms manually. I'm using samba4 with bind and isc-dhcp-server are on the same server. Can we use scripts or some ways? thanks in advance
2019 Dec 03
4
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > Do you mean apart from '$((${LOT} + ${LOD}))' should really be > '$((LOT+LOD))' ? Apart bashism, this seems not the point: root at vdcsv1:~# bash -vx /tmp/test LOT=1 + LOT=1 LOD=1 + LOD=1 TMPF=$((${LOT} + ${LOD})) + TMPF=2 echo $TMPF + echo 2 2 TMPF=$((LOT+LOD)) + TMPF=2 echo $TMPF + echo 2