Re: [Samba] Extending Samba-4 Schema to get Microsoft LAPS working
- Date: Thu, 22 Nov 2018 11:21:14 +0530
- From: Ardos via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Extending Samba-4 Schema to get Microsoft LAPS working
I am using the command "ldbmodify -H path_to_sam_ldb
automount_classes.ldif --option="dsdb:schema update allowed"=true" as
given in the wiki. /
Using the above method I was able to add the two attributes. But I am
not able to add these attributes to computers class.
Hence looking for help to create the ldif file to add these two
attributes to computer class.
On 22/11/18 10:11 AM, Andrew Bartlett wrote:
On Thu, 2018-11-22 at 09:58 +0530, Ardos via samba wrote:
I am trying to get the Microsoft LAPS working in my samba-4 AD
environment. Microsoft LAPS requires us to extend the schema and add two
attributes "ms-Mcs-AdmPwd" (Stores the password in plain text) and
"ms-Mcs-AdmPwdExpirationTime" (Stores the time to reset the password).
I have added the Group Policy part of Microsoft LAPS to Windows RSAT (on
Windows Server 208 R2) and also been able to extend the samba-4 schema
by adding the two attributes. However, I am not able to add the above
two attributes to Computers (dn:
CN=Computers,CN=Schema,CN=Configuration,DC=sample,DC=com). I am not
finding a sample LDIF file to make this modification to computers.
Can some one help with this?
I have attached the two ldif files used to add the two attributes to
Have you set the magic smb.conf setting?
dsdb:schema update allowed=true
To unsubscribe from this list go to the following URL and read the