Ldb-tools: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 69: | Zeile 69: | ||
*samba-tool testparm -v | grep "tls verify peer" | *samba-tool testparm -v | grep "tls verify peer" | ||
tls verify peer = as_strict_as_possible | tls verify peer = as_strict_as_possible | ||
| − | = | + | =Werte ändern= |
*sed -e '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf | *sed -e '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf | ||
| + | *sed -ie '/global/a\\ldap server require strong auth = no' /etc/samba/smb.conf | ||
| + | |||
=Neustarten= | =Neustarten= | ||
*systemctl restart samba-ad-dc.service | *systemctl restart samba-ad-dc.service | ||
Version vom 13. Dezember 2016, 14:35 Uhr
installation
- apt-get install ldb-tools
Zugriff über den /var/lib/samba/private/sam.ldb
list all persons
- ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)'
list all persons show sAMAccountName
- ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName
list all persons show sAMAccountName with grep
- ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName
sAMAccountName: DOUGLAS$ sAMAccountName: Administrator sAMAccountName: hans.mueller sAMAccountName: rudi.schmidt sAMAccountName: SAMBA81$ sAMAccountName: erwin.zott sAMAccountName: klaus.cewe sAMAccountName: hans.will sAMAccountName: krbtgt sAMAccountName: Guest
list the entry with the name: xinux
- ldbsearch -H /var/lib/samba/private/sam.ldb '(name=xinux)'
change entry with name hans.will
- ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=hans.will)'
# editing 1 records # record 1 dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: hans.will instanceType: 4 whenCreated: 20161213112821.0Z uSNCreated: 3806 name: hans.will objectGUID: 2daff74b-6b02-4c9d-b6ac-d3f4c0554671 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-3092097079-3916867733-325602001-1109 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: hans.will sAMAccountType: 805306368 userPrincipalName: hans.will@linuggs.lan objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=linuggs,DC=lan userAccountControl: 512 memberOf: CN=Metzger,CN=Users,DC=linuggs,DC=lan pwdLastSet: 131261038960000000 whenChanged: 20161213115816.0Z uSNChanged: 3833 distinguishedName: CN=hans.will,CN=Users,DC=linuggs,DC=lan
Zugriff über Ldap
- ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator
TLS failed to missing crlfile - with 'tls verify peer = as_strict_as_possible' Failed to connect to ldap URL 'ldaps://localhost' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX Failed to connect to 'ldaps://localhost' with backend 'ldaps': (null) Failed to connect to ldaps://localhost - (null)
Problem untersuchen
- samba-tool testparm -v | grep "tls verify peer"
tls verify peer = as_strict_as_possible
Werte ändern
- sed -e '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf
- sed -ie '/global/a\\ldap server require strong auth = no' /etc/samba/smb.conf
Neustarten
- systemctl restart samba-ad-dc.service