Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] LAM (ldap acc manager) with samba4
168 views
Skip to first unread message
Elias Pereira
Oct 14, 2014, 11:30:03 AM10/14/14
to
Hello guys,
Someone already configured the LAM to manage the Samba4?
--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Someone already configured the LAM to manage the Samba4?
--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mourik jan heupink - merit
Oct 15, 2014, 5:50:01 AM10/15/14
to
Hi Elias,
Yes, we have been using it. It basically works as advertised, except all
accounts that have been touched by it, generate a 'normalization error'.
(reported by samba-tool dbcheck)
Search the archives here to learn more. The errors are considered
harmless, but I don't like them. ADUC can do what lam does, for our
needs anyway. So basically we are not using lam very much anymore.
The only advantage (for us) it has over ADUC, it that it is easy to use
remotely.
Hope this answers your question.
Mourik Jan
On 10/14/2014 17:28, Elias Pereira wrote:
> Hello guys,
>
> Someone already configured the LAM to manage the Samba4?
>
--
Yes, we have been using it. It basically works as advertised, except all
accounts that have been touched by it, generate a 'normalization error'.
(reported by samba-tool dbcheck)
Search the archives here to learn more. The errors are considered
harmless, but I don't like them. ADUC can do what lam does, for our
needs anyway. So basically we are not using lam very much anymore.
The only advantage (for us) it has over ADUC, it that it is easy to use
remotely.
Hope this answers your question.
Mourik Jan
On 10/14/2014 17:28, Elias Pereira wrote:
> Hello guys,
>
> Someone already configured the LAM to manage the Samba4?
>
--
Elias Pereira
Oct 15, 2014, 9:20:01 AM10/15/14
to
Hello Mourik,
I've tried various settings for the LAM administer the Samba4, but without
success. With the RSAT can administer normally. But I would like to
configure the LAM.
I tried to follow the tips below of the link:
https://www.ldap-account-manager.org/static/doc/manual/ch03s02.html#idp57751376
Could you give me some basic settings as I set the LAM?
--
Elias Pereira
I've tried various settings for the LAM administer the Samba4, but without
success. With the RSAT can administer normally. But I would like to
configure the LAM.
I tried to follow the tips below of the link:
https://www.ldap-account-manager.org/static/doc/manual/ch03s02.html#idp57751376
Could you give me some basic settings as I set the LAM?
Elias Pereira
Андрей Черепанов
Oct 15, 2014, 9:20:03 AM10/15/14
to
15.10.2014 17:11, Elias Pereira пишет:
> Hello Mourik,
>
> I've tried various settings for the LAM administer the Samba4, but without
> success. With the RSAT can administer normally. But I would like to
> configure the LAM.
How do you use RSAT? I fail to connect to Samba AD DC from installed
RSAT on Windows (logged as Administrator). Unable to management remote
host. Are there any tricks for this process?
> Hello Mourik,
>
> I've tried various settings for the LAM administer the Samba4, but without
> success. With the RSAT can administer normally. But I would like to
> configure the LAM.
RSAT on Windows (logged as Administrator). Unable to management remote
host. Are there any tricks for this process?
--
Andrey Cherepanov
ALT Linux
c...@altlinux.ru
Sven Schwedas
Oct 15, 2014, 9:30:02 AM10/15/14
to
On 2014-10-15 15:18, Андрей Черепанов wrote:
> 15.10.2014 17:11, Elias Pereira пишет:
>> Hello Mourik,
>>
>> I've tried various settings for the LAM administer the Samba4, but without
>> success. With the RSAT can administer normally. But I would like to
>> configure the LAM.
> How do you use RSAT? I fail to connect to Samba AD DC from installed
> RSAT on Windows (logged as Administrator). Unable to management remote
> host. Are there any tricks for this process?
No real tricks, if you have a correct DNS/WINS setup, it should work
> 15.10.2014 17:11, Elias Pereira пишет:
>> Hello Mourik,
>>
>> I've tried various settings for the LAM administer the Samba4, but without
>> success. With the RSAT can administer normally. But I would like to
>> configure the LAM.
> How do you use RSAT? I fail to connect to Samba AD DC from installed
> RSAT on Windows (logged as Administrator). Unable to management remote
> host. Are there any tricks for this process?
(might need LDAPS? Dunno).
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.s...@tao.at | +43 (0)680 301 7167
http://software.tao.at
L.P.H. van Belle
Oct 15, 2014, 9:30:02 AM10/15/14
to
For rats..
The computer must be joined in the domain.
The user must have "Domain Admin" rights. ( or use DOMAIN\Administrator )
and you need to set the privileges on the server for the group/user
This needs to be done on all DC and/or member servers
I give "Domain Admins" all rights.
like this.
SETNTPASSWD="YOURpassWord!"
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeTakeOwnershipPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeBackupPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRestorePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRemoteShutdownPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SePrintOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeAddUsersPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSecurityPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemtimePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeShutdownPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDebugPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemEnvironmentPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemProfilePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeProfileSingleProcessPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseBasePriorityPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeLoadDriverPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreatePagefilePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseQuotaPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeChangeNotifyPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeUndockPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeManageVolumePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeImpersonatePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreateGlobalPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeEnableDelegationPrivilege -UAdministrator
Louis
>-----Oorspronkelijk bericht-----
>Van: c...@altlinux.ru [mailto:samba-...@lists.samba.org]
>Namens ???????????? ??????????????????
>Verzonden: woensdag 15 oktober 2014 15:18
>Aan: sa...@lists.samba.org
>Onderwerp: Re: [Samba] LAM (ldap acc manager) with samba4
>
>15.10.2014 17:11, Elias Pereira ??????????:
The computer must be joined in the domain.
The user must have "Domain Admin" rights. ( or use DOMAIN\Administrator )
and you need to set the privileges on the server for the group/user
This needs to be done on all DC and/or member servers
I give "Domain Admins" all rights.
like this.
SETNTPASSWD="YOURpassWord!"
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeTakeOwnershipPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeBackupPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRestorePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRemoteShutdownPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SePrintOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeAddUsersPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSecurityPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemtimePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeShutdownPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDebugPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemEnvironmentPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemProfilePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeProfileSingleProcessPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseBasePriorityPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeLoadDriverPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreatePagefilePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseQuotaPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeChangeNotifyPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeUndockPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeManageVolumePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeImpersonatePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreateGlobalPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeEnableDelegationPrivilege -UAdministrator
Louis
>-----Oorspronkelijk bericht-----
>Van: c...@altlinux.ru [mailto:samba-...@lists.samba.org]
>Namens ???????????? ??????????????????
>Verzonden: woensdag 15 oktober 2014 15:18
>Aan: sa...@lists.samba.org
>Onderwerp: Re: [Samba] LAM (ldap acc manager) with samba4
>
>15.10.2014 17:11, Elias Pereira ??????????:
L.P.H. van Belle
Oct 15, 2014, 9:40:02 AM10/15/14
to
And, what i forgot to mention.
If you have win 7 and win 8.(x)
always use the highest windows to with rats.
in case of setting up GPO and you dont want to miss some policies.
Louis
>-----Oorspronkelijk bericht-----
>Van: be...@bazuin.nl [mailto:samba-...@lists.samba.org]
>Namens L.P.H. van Belle
>Verzonden: woensdag 15 oktober 2014 15:29
>Aan: ???????????? ??????????????????
>CC: sa...@lists.samba.org
If you have win 7 and win 8.(x)
always use the highest windows to with rats.
in case of setting up GPO and you dont want to miss some policies.
Louis
>-----Oorspronkelijk bericht-----
>Van: be...@bazuin.nl [mailto:samba-...@lists.samba.org]
>Namens L.P.H. van Belle
>Verzonden: woensdag 15 oktober 2014 15:29
>Aan: ???????????? ??????????????????
>CC: sa...@lists.samba.org
mourik jan heupink - merit
Oct 15, 2014, 10:10:03 AM10/15/14
to
Hi Elias,
> I've tried various settings for the LAM administer the Samba4, but
> without success. With the RSAT can administer normally. But I would like
> to configure the LAM.
Could you explain better what your problem is? What does "without
success" mean? Any errors?
You have lam installed? Can you access the lam configuration pages? Have
you created a profile for your AD server?
Mourik Jan
> I've tried various settings for the LAM administer the Samba4, but
> without success. With the RSAT can administer normally. But I would like
> to configure the LAM.
success" mean? Any errors?
You have lam installed? Can you access the lam configuration pages? Have
you created a profile for your AD server?
Mourik Jan
Elias Pereira
Oct 15, 2014, 10:10:03 AM10/15/14
to
For the LAM work with Samba4 I need to have LDAP installed?
--
Elias Pereira
Elias Pereira
mourik jan heupink - merit
Oct 15, 2014, 10:20:02 AM10/15/14
to
On 10/15/2014 16:02, Elias Pereira wrote:
> For the LAM work with Samba4 I need to have LDAP installed?
asking...)
Elias Pereira
Oct 15, 2014, 10:40:02 AM10/15/14
to
First of all I say, I'm new in this world of samba. Take it easy. :D
Tell me what would be the "profile for your AD server"? That would be
dc=samba4test,dc=intra?
--
Elias Pereira
Tell me what would be the "profile for your AD server"? That would be
dc=samba4test,dc=intra?
Elias Pereira
mourik jan heupink - merit
Oct 15, 2014, 11:10:01 AM10/15/14
to
Take a look here:
https://www.ldap-account-manager.org/lam/templates/config/index.php
Click 'edit server profiles' and use the password 'lam' to logon.
Take a look at the settings there. That is what a profile should look like.
You need to create a profile specific to your AD server.
MJ
On 10/15/2014 16:34, Elias Pereira wrote:
> First of all I say, I'm new in this world of samba. Take it easy. :D
>
> Tell me what would be the "profile for your AD server"? That would be
> dc=samba4test,dc=intra?
>
> On Wed, Oct 15, 2014 at 11:09 AM, mourik jan heupink - merit
> <heu...@merit.unu.edu <mailto:heu...@merit.unu.edu>> wrote:
>
>
>
> On 10/15/2014 16:02, Elias Pereira wrote:
>
> For the LAM work with Samba4 I need to have LDAP installed?
>
> Samba4 is your LDAP, so: no. (unless I don't understand what you're
> asking...)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/__mailman/options/samba
https://www.ldap-account-manager.org/lam/templates/config/index.php
Click 'edit server profiles' and use the password 'lam' to logon.
Take a look at the settings there. That is what a profile should look like.
You need to create a profile specific to your AD server.
MJ
On 10/15/2014 16:34, Elias Pereira wrote:
> First of all I say, I'm new in this world of samba. Take it easy. :D
>
> Tell me what would be the "profile for your AD server"? That would be
> dc=samba4test,dc=intra?
>
> On Wed, Oct 15, 2014 at 11:09 AM, mourik jan heupink - merit
> <heu...@merit.unu.edu <mailto:heu...@merit.unu.edu>> wrote:
>
>
>
> On 10/15/2014 16:02, Elias Pereira wrote:
>
> For the LAM work with Samba4 I need to have LDAP installed?
>
> Samba4 is your LDAP, so: no. (unless I don't understand what you're
> asking...)
>
> --
> To unsubscribe from this list go to the following URL and read the
0 new messages