Web lists-archives.com

Re: [Samba] Schema Update to store TPM data in AD DS




On Fri, 2018-09-07 at 18:14 +0200, Johannes Engel via samba wrote:
> Hi all,
> 
> has anyone here experience with storing BitLocker and TPM data in AD DS on
> Samba?
> I have stumbled across this Microsoft page (
> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj635854%28v%3dws.11%29)
> stating that Windows 2008 R2 needs a schema extension to handle this. Since
> this is not listed as a safe update in the wiki (
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions), I would like
> to know if anybody has already tried this, since I do not have any
> experience with restoring a schema after a failed import. ;)
> Thanks a lot for your input.

We actually have a fully tested (just not widely deployed) upgrade tool
for schema, and a fully tested upgrade to the 2012 schema.

>From the testsuite:

$BINDIR/samba-tool domain schemaupgrade -H
tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb --schema=2012_R2

I hope this helps,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba