Ldb-tools

Aus xinux.net
Zur Navigation springen Zur Suche springen

installation

  • apt-get install ldb-tools

Zugriff über den /var/lib/samba/private/sam.ldb

list all persons

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)'

list all persons show sAMAccountName

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName

list all persons show sAMAccountName with grep

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName
sAMAccountName: DOUGLAS$
sAMAccountName: Administrator
sAMAccountName: hans.mueller
sAMAccountName: rudi.schmidt
sAMAccountName: SAMBA81$
sAMAccountName: erwin.zott
sAMAccountName: klaus.cewe
sAMAccountName: hans.will
sAMAccountName: krbtgt
sAMAccountName: Guest

list the entry with the name: xinux

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(name=xinux)'

change entry with name hans.will

  • ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=hans.will)'
# editing 1 records
# record 1
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: hans.will
instanceType: 4
whenCreated: 20161213112821.0Z
uSNCreated: 3806
name: hans.will
objectGUID: 2daff74b-6b02-4c9d-b6ac-d3f4c0554671
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3092097079-3916867733-325602001-1109
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: hans.will
sAMAccountType: 805306368
userPrincipalName: hans.will@linuggs.lan
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=linuggs,DC=lan
userAccountControl: 512
memberOf: CN=Metzger,CN=Users,DC=linuggs,DC=lan
pwdLastSet: 131261038960000000
whenChanged: 20161213115816.0Z
uSNChanged: 3833
distinguishedName: CN=hans.will,CN=Users,DC=linuggs,DC=lan

Modify an entry

Add

  • cat change.ldif
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
changetype: modify
add: sn
sn: Will
-
add: description
description: Schlachter
  • ldbmodify -H /var/lib/samba/private/sam.ldb change.ldif

Replace

  • cat metzger.ldif
Modified 1 records successfully
root@douglas:~# cat  metzger.ldif 
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
changetype: modify
replace: description
description: Metzger
  • ldbmodify -H /var/lib/samba/private/sam.ldb metzger.ldif

Zugriff über Ldap

  • ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator
TLS failed to missing crlfile  - with 'tls verify peer = as_strict_as_possible'
Failed to connect to ldap URL 'ldaps://localhost' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to 'ldaps://localhost' with backend 'ldaps': (null)
Failed to connect to ldaps://localhost - (null)

Problem untersuchen

  • samba-tool testparm -v | grep "tls verify peer"

tls verify peer = as_strict_as_possible

Werte ändern

  • sed -ie '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf
  • sed -ie '/global/a\\tldap server require strong auth = no' /etc/samba/smb.conf

Neustarten

  • systemctl restart samba-ad-dc.service

So gehts

  • ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator%sysadm
# record 1
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: hans.will
instanceType: 4
whenCreated: 20161213112821.0Z
uSNCreated: 3806
...
Abgerufen von „https://xinux.net/index.php?title=Ldb-tools&oldid=16288