Samba AD schema extensions: Difference between revisions

From SambaWiki
(Fixed link to Automount_template.ldif.txt. It now directly links to the latest version of the file, instead to the file's history page.)
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Schema extension in Samba 4 =
= Schema Extension in Samba Active Directory =


Samba 4 supports same kind of schema extensions as Microsoft Active Directory. Generally speaking schema update in AD is a sensitive action and you must be prepared to restore the DC holding the role of schema master if something goes wrong.
Samba AD supports the same kind of schema extensions as Microsoft Active Directory. Schema updates in AD are a sensitive action and you must be prepared to do a full restore of the DC holding the role of schema master if something goes wrong.


This is even more true in Samba 4 not always generate some critical attributes, that are generated on Microsoft AD, this lack of attribute could lead to a unstartable samba provision.
This is even more true in Samba 4 given it does not always generate some critical attributes that are generated on Microsoft AD and this lack of attributes can lead to a un-start-able samba provision.
That's why currently schema updates in Samba 4 are disabled by default.
This is why schema updates in Samba AD are currently disabled by default.


In order to allow them, the option ''dsdb:schema update allowed'' has to be set to true in the ''smb.conf'' or passed on the command line.
In order to allow them, the option ''dsdb:schema update allowed'' must be set to true in the ''smb.conf'' or passed on the command line.



= Verified Schema Extensions =


== Tested Schema extensions ==
As getting an LDIF that won't ruin the provision can be hard, this page will list LDIFs that are known not to break the database.
As getting an LDIF that won't ruin the provision can be hard, this page will list LDIFs that are known not to break the database.

Perform these updates only if you need them and if '''you know how to restore the provision on the schema master'''.
Perform these updates only if you need them and if '''you know how to restore the provision on the schema master'''.



=== Automounter ===

== NIS Extensions ==

See [[Setting_up_RFC2307_in_AD#Enabling_RFC2307_in_an_Existing_Active_Directory|Installing the NIS Extensions]].



== Automounter ==


This extension allow you to store automount information in LDAP. In order to add this extension, follow these steps:
This extension allow you to store automount information in LDAP. In order to add this extension, follow these steps:


* Download [[File:Automount_template.ldif.txt|automount_template.ldif.txt]], this is a template that will be transformed in the next steps
* Download [[Media:Automount_template.ldif.txt|Automount_template.ldif.txt]], this is a template that will be transformed in the next steps
* Locate the rootDN of your provision: ''ldbsearch -H ldap://ip_of_server -U administrator -s base dn
* Locate the rootDN of your provision: ''ldbsearch -H ldap://ip_of_server -U administrator -s base dn
* Run ''cat automount_template.ldif | sed 's/DOMAIN_TOP_DN/value_of_rootDN_obtained_in_previous_step/' > automount.ldif ''
* Run ''cat automount_template.ldif | sed 's/DOMAIN_TOP_DN/value_of_rootDN_obtained_in_previous_step/' > automount.ldif ''
* Split the resulting file into two, one containing the attributes, the other containing the objectclasses
* Name the two new files ''automount_attrs.ldif'' and ''automount_classes.ldif''
* Stop Samba4 on the schema master
* Stop Samba4 on the schema master
* Copy ''automount.ldif'' to the schema master server (if you were working on a different server)
* Copy ''automount_attrs.ldif'' and ''automount_classes.ldif'' to the schema master server (if you were working on a different server)
* Apply the ldif with a command similar to: ''ldbmodify -H path_to_sam_ldb automount.ldif --option="dsdb:schema update allowed"=true
* Apply the ldifs with commands similar to:
** ''ldbmodify -H path_to_sam_ldb automount_attrs.ldif --option="dsdb:schema update allowed"=true
** ''ldbmodify -H path_to_sam_ldb automount_classes.ldif --option="dsdb:schema update allowed"=true





----
[[Category:Active Directory]]

Revision as of 15:07, 21 August 2017

Schema Extension in Samba Active Directory

Samba AD supports the same kind of schema extensions as Microsoft Active Directory. Schema updates in AD are a sensitive action and you must be prepared to do a full restore of the DC holding the role of schema master if something goes wrong.

This is even more true in Samba 4 given it does not always generate some critical attributes that are generated on Microsoft AD and this lack of attributes can lead to a un-start-able samba provision. This is why schema updates in Samba AD are currently disabled by default.

In order to allow them, the option dsdb:schema update allowed must be set to true in the smb.conf or passed on the command line.


Verified Schema Extensions

As getting an LDIF that won't ruin the provision can be hard, this page will list LDIFs that are known not to break the database.

Perform these updates only if you need them and if you know how to restore the provision on the schema master.


NIS Extensions

See Installing the NIS Extensions.


Automounter

This extension allow you to store automount information in LDAP. In order to add this extension, follow these steps:

  • Download Automount_template.ldif.txt, this is a template that will be transformed in the next steps
  • Locate the rootDN of your provision: ldbsearch -H ldap://ip_of_server -U administrator -s base dn
  • Run cat automount_template.ldif | sed 's/DOMAIN_TOP_DN/value_of_rootDN_obtained_in_previous_step/' > automount.ldif
  • Split the resulting file into two, one containing the attributes, the other containing the objectclasses
  • Name the two new files automount_attrs.ldif and automount_classes.ldif
  • Stop Samba4 on the schema master
  • Copy automount_attrs.ldif and automount_classes.ldif to the schema master server (if you were working on a different server)
  • Apply the ldifs with commands similar to:
    • ldbmodify -H path_to_sam_ldb automount_attrs.ldif --option="dsdb:schema update allowed"=true
    • ldbmodify -H path_to_sam_ldb automount_classes.ldif --option="dsdb:schema update allowed"=true