Ldb-tools: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(11 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 2: Zeile 2:
 
*apt-get install ldb-tools
 
*apt-get install ldb-tools
 
=Zugriff über den /var/lib/samba/private/sam.ldb=
 
=Zugriff über den /var/lib/samba/private/sam.ldb=
=list all persons=
+
==list all persons==
 
*ldbsearch -H /var/lib/samba/private/sam.ldb  '(objectclass=person)'
 
*ldbsearch -H /var/lib/samba/private/sam.ldb  '(objectclass=person)'
=list all persons show sAMAccountName=
+
==list all persons show sAMAccountName==
 
*ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName
 
*ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName
=list all persons show sAMAccountName with grep=
+
==list all persons show sAMAccountName with grep==
 
*ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName
 
*ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName
 
<pre>
 
<pre>
Zeile 20: Zeile 20:
 
sAMAccountName: Guest
 
sAMAccountName: Guest
 
</pre>
 
</pre>
=list the entry with the name: xinux=
+
==list the entry with the name: xinux==
 
*ldbsearch -H /var/lib/samba/private/sam.ldb  '(name=xinux)'
 
*ldbsearch -H /var/lib/samba/private/sam.ldb  '(name=xinux)'
=change entry with name xinux=
+
==change entry with name hans.will==
*ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=xinux)'
+
*ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=hans.will)'
 +
<pre>
 +
# editing 1 records
 +
# record 1
 +
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
 +
objectClass: top
 +
objectClass: person
 +
objectClass: organizationalPerson
 +
objectClass: user
 +
cn: hans.will
 +
instanceType: 4
 +
whenCreated: 20161213112821.0Z
 +
uSNCreated: 3806
 +
name: hans.will
 +
objectGUID: 2daff74b-6b02-4c9d-b6ac-d3f4c0554671
 +
badPwdCount: 0
 +
codePage: 0
 +
countryCode: 0
 +
badPasswordTime: 0
 +
lastLogoff: 0
 +
lastLogon: 0
 +
primaryGroupID: 513
 +
objectSid: S-1-5-21-3092097079-3916867733-325602001-1109
 +
accountExpires: 9223372036854775807
 +
logonCount: 0
 +
sAMAccountName: hans.will
 +
sAMAccountType: 805306368
 +
userPrincipalName: hans.will@linuggs.lan
 +
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=linuggs,DC=lan
 +
userAccountControl: 512
 +
memberOf: CN=Metzger,CN=Users,DC=linuggs,DC=lan
 +
pwdLastSet: 131261038960000000
 +
whenChanged: 20161213115816.0Z
 +
uSNChanged: 3833
 +
distinguishedName: CN=hans.will,CN=Users,DC=linuggs,DC=lan
 +
</pre>
 +
==Modify an entry==
 +
===Add===
 +
*cat change.ldif
 +
<pre>
 +
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
 +
changetype: modify
 +
add: sn
 +
sn: Will
 +
-
 +
add: description
 +
description: Schlachter
 +
</pre>
 +
*ldbmodify -H /var/lib/samba/private/sam.ldb change.ldif
 +
===Replace===
 +
*cat metzger.ldif
 +
<pre>
 +
Modified 1 records successfully
 +
root@douglas:~# cat  metzger.ldif
 +
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
 +
changetype: modify
 +
replace: description
 +
description: Metzger
 +
</pre>
 +
*ldbmodify -H /var/lib/samba/private/sam.ldb metzger.ldif
 +
 
 +
=Zugriff über Ldap=
 +
*ldbsearch -H ldaps://localhost '(name=hans.will)'  -U Administrator
 +
TLS failed to missing crlfile  - with 'tls verify peer = as_strict_as_possible'
 +
Failed to connect to ldap URL 'ldaps://localhost' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
 +
Failed to connect to 'ldaps://localhost' with backend 'ldaps': (null)
 +
Failed to connect to ldaps://localhost - (null)
 +
==Problem untersuchen==
 +
*samba-tool testparm -v | grep "tls verify peer"
 +
tls verify peer = as_strict_as_possible
 +
==Werte ändern==
 +
*sed -ie '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf
 +
*sed -ie '/global/a\\tldap server require strong auth = no' /etc/samba/smb.conf
 +
 
 +
==Neustarten==
 +
*systemctl restart samba-ad-dc.service
 +
==So gehts==
 +
*ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator%sysadm
 +
<pre>
 +
# record 1
 +
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
 +
objectClass: top
 +
objectClass: person
 +
objectClass: organizationalPerson
 +
objectClass: user
 +
cn: hans.will
 +
instanceType: 4
 +
whenCreated: 20161213112821.0Z
 +
uSNCreated: 3806
 +
...
 +
</pre>

Aktuelle Version vom 19. Januar 2018, 11:45 Uhr

installation

  • apt-get install ldb-tools

Zugriff über den /var/lib/samba/private/sam.ldb

list all persons

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)'

list all persons show sAMAccountName

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' sAMAccountName

list all persons show sAMAccountName with grep

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=person)' | grep sAMAccountName
sAMAccountName: DOUGLAS$
sAMAccountName: Administrator
sAMAccountName: hans.mueller
sAMAccountName: rudi.schmidt
sAMAccountName: SAMBA81$
sAMAccountName: erwin.zott
sAMAccountName: klaus.cewe
sAMAccountName: hans.will
sAMAccountName: krbtgt
sAMAccountName: Guest

list the entry with the name: xinux

  • ldbsearch -H /var/lib/samba/private/sam.ldb '(name=xinux)'

change entry with name hans.will

  • ldbedit -e vim -H /var/lib/samba/private/sam.ldb '(name=hans.will)'
# editing 1 records
# record 1
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: hans.will
instanceType: 4
whenCreated: 20161213112821.0Z
uSNCreated: 3806
name: hans.will
objectGUID: 2daff74b-6b02-4c9d-b6ac-d3f4c0554671
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3092097079-3916867733-325602001-1109
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: hans.will
sAMAccountType: 805306368
userPrincipalName: hans.will@linuggs.lan
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=linuggs,DC=lan
userAccountControl: 512
memberOf: CN=Metzger,CN=Users,DC=linuggs,DC=lan
pwdLastSet: 131261038960000000
whenChanged: 20161213115816.0Z
uSNChanged: 3833
distinguishedName: CN=hans.will,CN=Users,DC=linuggs,DC=lan

Modify an entry

Add

  • cat change.ldif
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
changetype: modify
add: sn
sn: Will
-
add: description
description: Schlachter
  • ldbmodify -H /var/lib/samba/private/sam.ldb change.ldif

Replace

  • cat metzger.ldif
Modified 1 records successfully
root@douglas:~# cat  metzger.ldif 
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
changetype: modify
replace: description
description: Metzger
  • ldbmodify -H /var/lib/samba/private/sam.ldb metzger.ldif

Zugriff über Ldap

  • ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator
TLS failed to missing crlfile  - with 'tls verify peer = as_strict_as_possible'
Failed to connect to ldap URL 'ldaps://localhost' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to 'ldaps://localhost' with backend 'ldaps': (null)
Failed to connect to ldaps://localhost - (null)

Problem untersuchen

  • samba-tool testparm -v | grep "tls verify peer"

tls verify peer = as_strict_as_possible

Werte ändern

  • sed -ie '/global/a\\ttls verify peer = no_check' /etc/samba/smb.conf
  • sed -ie '/global/a\\tldap server require strong auth = no' /etc/samba/smb.conf

Neustarten

  • systemctl restart samba-ad-dc.service

So gehts

  • ldbsearch -H ldaps://localhost '(name=hans.will)' -U Administrator%sysadm
# record 1
dn: CN=hans.will,CN=Users,DC=linuggs,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: hans.will
instanceType: 4
whenCreated: 20161213112821.0Z
uSNCreated: 3806
...
Abgerufen von „http://wiki.ixheim.de/index.php?title=Ldb-tools&oldid=16288