GSOC cockpit samba ad dc: Difference between revisions

From SambaWiki
Line 187: Line 187:
• Transfer Roles
• Transfer Roles
== Group Policy Object Management ==
== Group Policy Object (GPO) Management ==


Creating a GPO
Create an empty GPO


• Deleting a GPO
• Deleting a GPO
Line 195: Line 195:
• Backing up a GPO
• Backing up a GPO


Deleting link
Delete GPO link from a container


• Downloading a GPO
• Fetching


• Get inheritance flag for a container
• Getting Inheritance


• List GPO Links for a container
• Getting Link


Listing GPOs
List GPOs for an account


Listing All GPOs
List all GPOs


• List all linked containers for a GPO
• Listing Containers


Restoring a GPO
Restore a GPO to a new container


• Set inheritance flag on a container
• Setting Inheritance


• Add or update a GPO link to a container
• Setting Link


Showing a GPO Object
Show information for a GPO


== Group Management ==
== Group Management ==

Revision as of 14:13, 27 August 2020

Cockpit Samba AD DC Plugin Documentation

What is Cockpit?

To work with the plugin, you need to have Cockpit installed. As per Cockpit’s documentation it’s an "easy-to-use, integrated, glanceable, and open web-based interface for your servers" (https://cockpit-project.org/) Cockpit helps you manage your Linux servers using a user interface that runs in a browser. It also lets developers develop their own plugins using an API cockpit provides for interacting with the server. This project sought to incorporate tasks done using the samba-tool command line utility for Samba AD DC in an intuitive UI for easier usage and administration.

Installation

Fedora 32 Installation

Prerequisite: Cockpit

1. Download the repository https://download.opensuse.org/repositories/home:/Hezekiah/Fedora_32/home:Hezekiah.repo

2. Place it to /etc/yum.repos.d/

3. Run the following command

# dnf install cockpit-samba-ad-dc

4. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090

5. Use your system user account and password to log in.

Ubuntu 20.04 Installation

Prerequisite: Cockpit

1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:

$ sudo apt update
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

2. Add Cockpit-Samba-AD-DC GPG key:

$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04/Release.key | sudo apt-key add -

3. Add the repository to the sources.list file

$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/xUbuntu_20.04 ./"

4. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.

$ sudo apt-get update
$ sudo apt-get install cockpit-samba-ad-dc

5. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090

6. Use your system user account and password to log in.

Debian 10 Installation

Prerequisite: Cockpit

1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:

$ sudo apt update
$ sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

2. Add Cockpit-Samba-AD-DC GPG key:

$ curl -fsSL https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10/Release.key | sudo apt-key add -

3. Add the repository to the sources.list file

$ sudo add-apt-repository "deb https://download.opensuse.org/repositories/home:/Hezekiah/Debian_10 ./"

4. Update the apt package index, and download the latest version of Cockpit-Samba-AD-DC plugin.

$ sudo apt-get update
$ sudo apt-get install cockpit-samba-ad-dc

5. If you already have Cockpit on your server, point your web browser to: https://ip-address-of-machine:9090

6. Use your system user account and password to log in

Using the Plugin

Provisioning an AD DC Domain

When you run the plugin in cockpit, it first checks the Samba Configuration file to make sure that the server is set as an Active Directory Domain Controller (AD DC). If the server is not, the user is prompted to setup one.

Cockpit-plugin provision AD DC.png

Once provisioned, a page with a list of actions you can perform with the plugin appears.

Cockpit-samba-ad-dc main page.png

Computer Management

Using the plugin you can:

• Create a computer

• Delete a computer

• Display a Computer Active Directory object

• List all computers

• Move a computer to an organizational unit/container.

Cockpit-plugin computer magement.png

Contact Management

• Creating a Contact

• Deleting a Contact

• Listing all Contacts

• Showing a Contact

Cockpit-plugin contact management.png

Delegation Management

Use the plugin to:

• Add a service principal as msDS-AllowedToDelegateTo

• Delete a service principal as msDS-AllowedToDelegateTo

• Show the delegation setting of an account

• Set/unset UF_TRUSTED_FOR_DELEGATION for an account

• Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account

Cockpit-plugin delegation management.png

DNS Management

• Creating a DNS record

• Deleting a DNS record

• Cleanup DNS records

• Query for server information

• Creating zones

• Deleting zones

• Showing zone information

Cockpit-plugin DNS management.png

Domain Management

Using the plugin, you can:

• Promote an existing domain member or NT4 PDC to an AD DC

• Get basic info about a domain

• Demote a Domain Controller

• Join domain as either member or backup domain controller

• Upgrade from Samba classic (NT4-like) database to Samba AD DC database

• Create a domain or forest trust

• Delete a domain trust

• List domain trusts

• Show trusted domain details

• Validate a domain trust

• Manage forest trust namespaces

• Copy a running DC's current DB into a backup tar file

• Backup the local domain directories safely into a tar file

• Copy a running DC's DB to backup file, renaming the domain in the process

• Restore the domain's DB from a backup-file

Cockpit-plugin domain management.png

Forest Management

• Show

• DSHeuristics

FSMO Management

• Seize Roles

• Show Roles

• Transfer Roles

Group Policy Object (GPO) Management

• Create an empty GPO

• Deleting a GPO

• Backing up a GPO

• Delete GPO link from a container

• Downloading a GPO

• Get inheritance flag for a container

• List GPO Links for a container

• List GPOs for an account

• List all GPOs

• List all linked containers for a GPO

• Restore a GPO to a new container

• Set inheritance flag on a container

• Add or update a GPO link to a container

• Show information for a GPO

Group Management

• Creating Groups

• Deleting Groups

• Listing Groups

• Listing Members

• Moving groups

• Removing members

• Showing a Group Object

Organization Unit (OU) Management

• Create an organizational unit

• Delete an organizational unit

• List all organizational units

• List all objects in an organizational unit

• Move an organizational unit

• Rename an organizational unit

Cockpit-plugin OU management.png

Sites Management

Use the plugin to:

• Create a new site

• Delete an existing site

• Create a new subnet

• Delete an existing subnet

• Assign a subnet to a site

Cockpit-plugin sites management.png

SPN Management

With the plugin, you can:

• Create a new spn

• Delete a spn

• List spns of a given user

Cockpit-plugin SPN Management.png

User Management

Using the plugin you can:

• Create a new user

• Delete a user

• Disable a user

• Enable a user

• List all users

• Move a user to an organizational unit/container

• Change password for a user account

• Set or reset the password of a user account

• Set the expiration of a user account

• Display a user AD object

Cockpit-plugin user management.png

Server Time

Retrieve the time on a server Cockpit-plugin time.png

DS ACLs manipulation

Using the plugin, you can:

• Get access list on a directory object

• Modify access list on a directory object

Cockpit-plugin DS ACLs manipulation.png

NT ACLs manipulation

Use the plugin to:

• Change the domain SID for ACLs

• Get ACLs of a file

• Get DOS info of a file from xattr

• Set ACLs on a file

• Check sysvol ACLs match defaults

• Reset sysvol ACLs to defaults

Cockpit-plugin NT ACLs manipulation.png