installation

• apt-get install ldb-tools

Zugriff über den /var/lib/samba/private/sam.ldb=

list all persons

• ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)'

list all persons show sAMAccountName

• ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName

list all persons show sAMAccountName with grep

• ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName

sAMAccountName: DOUGLAS$
sAMAccountName: Administrator
sAMAccountName: hans.mueller
sAMAccountName: rudi.schmidt
sAMAccountName: SAMBA81$
sAMAccountName: erwin.zott
sAMAccountName: klaus.cewe
sAMAccountName: hans.will
sAMAccountName: krbtgt
sAMAccountName: Guest

list the entry with the name: xinux

• ldbsearch -H /var/lib/samba/private/sam.ldb '(name=xinux)'

change entry with name hans.will

• ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=hans.will)'

# editing 1 records
# record 1
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: hans.will
instanceType: 4
whenCreated: 20161213112821.0Z
uSNCreated: 3806
name: hans.will
objectGUID: 2daff74b-6b02-4c9d-b6ac-d3f4c0554671
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3092097079-3916867733-325602001-1109
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: hans.will
sAMAccountType: 805306368
userPrincipalName: hans.will@linuggs.lan
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=linuggs,DC=lan
userAccountControl: 512
memberOf: CN=Metzger,CN=Users,DC=linuggs,DC=lan
pwdLastSet: 131261038960000000
whenChanged: 20161213115816.0Z
uSNChanged: 3833
distinguishedName: CN=hans.will,CN=Users,DC=linuggs,DC=lan

Modify an entry

• cat change.ldif

dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
changetype: modify
add: sn
sn: Will
-
add: description
description: Schlachter

• ldbmodify -H /var/lib/samba/private/sam.ldb change.ldif

Zugriff über Ldap

• ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator

TLS failed to missing crlfile  - with 'tls verify peer = as_strict_as_possible'
Failed to connect to ldap URL 'ldaps://localhost' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to 'ldaps://localhost' with backend 'ldaps': (null)
Failed to connect to ldaps://localhost - (null)

Problem untersuchen

• samba-tool testparm -v | grep "tls verify peer"

tls verify peer = as_strict_as_possible

Werte ändern

• sed -e '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf
• sed -ie '/global/a\\ldap server require strong auth = no' /etc/samba/smb.conf

Neustarten

• systemctl restart samba-ad-dc.service

So gehts

• ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator%sysadm

# record 1
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: hans.will
instanceType: 4
whenCreated: 20161213112821.0Z
uSNCreated: 3806
...