Web lists-archives.com

[Samba] Extending Samba-4 Schema to get Microsoft LAPS working


I am trying to get the Microsoft LAPS working in my samba-4 AD environment. Microsoft LAPS requires us to extend the schema and add two attributes "ms-Mcs-AdmPwd" (Stores the password in plain text) and "ms-Mcs-AdmPwdExpirationTime" (Stores the time to reset the password).

I have added the Group Policy part of Microsoft LAPS to Windows RSAT (on Windows Server 208 R2) and also been able to extend the samba-4 schema by adding the two attributes. However, I am not able to add the above two attributes to Computers (dn: CN=Computers,CN=Schema,CN=Configuration,DC=sample,DC=com). I am not finding a sample LDIF file to make this modification to computers.

Can some one help with this?

I have attached the two ldif files used to add the two attributes to Samba-4 schema.

Best regards,


# Samba 4 Active Directory Schema Extension for Microsoft LAPS
# Attribute:ms-Mcs-AdmPwdExpirationTime
objectClass: top
objectClass: attributeSchema
attributeID: 1.2.840.113556.1.8000.2554.50051.45980.28112.18903.35903.6685103.1224907.2.2
cn: ms-Mcs-AdmPwdExpirationTime
name: ms-Mcs-AdmPwdExpirationTime
lDAPDisplayName: ms-Mcs-AdmPwdExpirationTime
Description: Local Administrator Password Expiry Time Parameter
oMSyntax: 65
isSingleValued: TRUE
searchFlags: 0
isMemberOfPartialAttributeSet: FALSE

# Samba 4 Active Directory Schema Extension for Microsoft LAPS
# Attribute:ms-Mcs-AdmPwd
objectClass: top
objectClass: attributeSchema
attributeID: 1.2.840.113556.1.8000.2554.50051.45980.28112.18903.35903.6685103.1224907.2.1
cn: ms-Mcs-AdmPwd
name: ms-Mcs-AdmPwd
lDAPDisplayName: ms-Mcs-AdmPwd
Description: Local Administrator Password parameter
oMSyntax: 19
isSingleValued: TRUE
searchFlags: 904
isMemberOfPartialAttributeSet: FALSE

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba