Ldb-tools
installation
- apt-get install ldb-tools
Zugriff über den /var/lib/samba/private/sam.ldb
list all persons
- ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)'
list all persons show sAMAccountName
- ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName
list all persons show sAMAccountName with grep
- ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName
sAMAccountName: DOUGLAS$ sAMAccountName: Administrator sAMAccountName: hans.mueller sAMAccountName: rudi.schmidt sAMAccountName: SAMBA81$ sAMAccountName: erwin.zott sAMAccountName: klaus.cewe sAMAccountName: hans.will sAMAccountName: krbtgt sAMAccountName: Guest
list the entry with the name: xinux
- ldbsearch -H /var/lib/samba/private/sam.ldb '(name=xinux)'
change entry with name hans.will
- ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=hans.will)'
# editing 1 records # record 1 dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: hans.will instanceType: 4 whenCreated: 20161213112821.0Z uSNCreated: 3806 name: hans.will objectGUID: 2daff74b-6b02-4c9d-b6ac-d3f4c0554671 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-3092097079-3916867733-325602001-1109 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: hans.will sAMAccountType: 805306368 userPrincipalName: hans.will@linuggs.lan objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=linuggs,DC=lan userAccountControl: 512 memberOf: CN=Metzger,CN=Users,DC=linuggs,DC=lan pwdLastSet: 131261038960000000 whenChanged: 20161213115816.0Z uSNChanged: 3833 distinguishedName: CN=hans.will,CN=Users,DC=linuggs,DC=lan
Modify an entry
Add
- cat change.ldif
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan changetype: modify add: sn sn: Will - add: description description: Schlachter
- ldbmodify -H /var/lib/samba/private/sam.ldb change.ldif
Replace
- cat metzger.ldif
Modified 1 records successfully root@douglas:~# cat metzger.ldif dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan changetype: modify replace: description description: Metzger
- ldbmodify -H /var/lib/samba/private/sam.ldb metzger.ldif
Zugriff über Ldap
- ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator
TLS failed to missing crlfile - with 'tls verify peer = as_strict_as_possible' Failed to connect to ldap URL 'ldaps://localhost' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX Failed to connect to 'ldaps://localhost' with backend 'ldaps': (null) Failed to connect to ldaps://localhost - (null)
Problem untersuchen
- samba-tool testparm -v | grep "tls verify peer"
tls verify peer = as_strict_as_possible
Werte ändern
- sed -ie '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf
- sed -ie '/global/a\\tldap server require strong auth = no' /etc/samba/smb.conf
Neustarten
- systemctl restart samba-ad-dc.service
So gehts
- ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator%sysadm
# record 1 dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: hans.will instanceType: 4 whenCreated: 20161213112821.0Z uSNCreated: 3806 ...