To get the automount schema to work with the git checkout of samba 4 I had to modify the automount schema files and separate the attributes from the classes. I also discovered that it's required to have the ntSecurityDescriptor , instanceType, and objectCategory attributes. Without these it will crash whenever you try to browse... I did alot of stopping samba, tarring of /usr/local/samba and untarring to finally get here...
Here's the ldif for the automount attributes I used: dn: CN=automountMapName,CN=Schema,CN=Configuration,<DOMAIN> objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.1.1.1.31 cn: automountMapName name: automountMapName lDAPDisplayName: automountMapName description: automount Map Name attributeSyntax: 2.5.5.5 oMSyntax: 22 isSingleValued: TRUE systemOnly: FALSE dn: CN=automountKey,CN=Schema,CN=Configuration,<DOMAIN> objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.1.1.1.32 cn: automountKey name: automountKey lDAPDisplayName: automountKey description: Automount Key value attributeSyntax: 2.5.5.5 oMSyntax: 22 isSingleValued: TRUE systemOnly: FALSE dn: CN=automountInformation,CN=Schema,CN=Configuration,<DOMAIN> objectClass: top objectClass: attributeSchema attributeID: 1.3.6.1.1.1.1.33 cn: automountInformation name: automountInformation lDAPDisplayName: automountInformation description: Automount information attributeSyntax: 2.5.5.5 oMSyntax: 22<DOMAIN> isSingleValued: TRUE systemOnly: FALSE Here's the ldif for the automount classes: dn: CN=automountMap,CN=Schema,CN=Configuration,<DOMAIN> objectClass: top objectClass: classSchema governsID: 1.3.6.1.1.1.2.16 cn: automountMap name: automountMap lDAPDisplayName: automountMap subClassOf: top objectClassCategory: 1 mustContain: automountMapName mayContain: description mustContain: instanceType mustContain: ntSecurityDescriptor mustContain: objectCategory defaultObjectCategory: CN=automountMap,CN=Schema,CN=Configuration,<DOMAIN> defaultHidingValue: TRUE systemOnly: FALSE dn: CN=automount,CN=Schema,CN=Configuration,<DOMAIN> objectClass: top objectClass: classSchema governsID: 1.3.6.1.1.1.2.17 cn: automount name: automount lDAPDisplayName: automount subClassOf: top objectClassCategory: 1 description: Automount information mustContain: automountKey mustContain: automountInformation mayContain: description mustContain: instanceType mustContain: ntSecurityDescriptor mustContain: objectCategory defaultObjectCategory: CN=automount,CN=Schema,CN=Configuration,<DOMAIN> defaultHidingValue: TRUE systemOnly: FALSE These were added to the directory using the following commands: ldbmodify -H /usr/local/samba/private/sam.ldb /root/SAMBA4/automount/01_attr.ldif --option="dsdb:schema update allowed"=true ldbmodify -H /usr/local/samba/private/sam.ldb /root/SAMBA4/automount/02_class.ldif --option="dsdb:schema update allowed"=true Now here's what I did for the actual records. First I created a new OU tree called Automounts and then three OU's beneath that for Mac, Linux, Homeless. Mac uses auto_master and linux uses auto.master but I prefer to have them in separate branches. Here's a sample record: dn: automountMapName=auto_master,OU=Mac,OU=Automounts,<DOMAIN> objectClass: automountMap objectClass: top automountMapName: auto_master description: Mac OS X Master Autofs map ntSecurityDescriptor:O:BAG:SYD:(A;;0xf01ff;;;S-1-5-21-1698313198-1485347608-3860200556-500)(A;;0xf01ff;;;SY)(A;;0x20094;;;AU) ObjectCategory: CN=automountMap,CN=Schema,CN=Configuration,<DOMAIN> instanceType: 4 These couldn't be added with the above string so instead I used the following: ldbmodify -H /usr/local/samba/private/sam.ldb.d/DC\=<DOMAIN>.ldb -U administrator 03_smb_maps.ldif To understand the ntSecurityDescriptor attribute I had to learn all about SDDL syntax and then by trial and error realize I needed to use hex format. The following links were invaluable. http://www.netid.washington.edu/documentation/domains/sddl.aspxhttp://networkadminkb.com/KB/a152/how-to-read-a-sddl-string.aspxhttp://www.windowsitpro.com/article/security/defining-an-ad-object-s-default-security-descriptor Further... this little python snippet helped me remember how to add hex .... #!/usr/bin/python GA=int('0x10000000',0) GR=int('0x10000000',0) GW=int('0x10000000',0) GX=int('0x10000000',0) RC=int('0x20000',0) SD=int('0x10000',0) WD=int('0x40000',0) WO=int('0x80000',0) RP=int('0x00000010',0) WP=int('0x00000020',0) CC=int('0x00000001',0) DC=int('0x00000002',0) LC=int('0x00000004',0) SW=int('0x00000008',0) LO=int('0x00000080',0) DT=int('0x00000040',0) CR=int('0x00000100',0) PERMS = { 'All Perms ': RC+SD+WD+WO+RP+WP+CC+DC+LC+SW+LO+DT+CR, 'Read Only ': RP+LC+LO+RC } for key,value in PERMS.items(): print key, value, hex(value) I hope this helps others to avoid frustration. Rob On Wed, Jan 9, 2013 at 2:23 PM, Robert Moggach <r...@dashing.tv> wrote: > I have a little more information about the issues I'm having: > > When I try to create automountMap or automount objects in the directory > using Apache Directory Studio it fails because I need to add the following > attributes: > > instanceType > ntSecurityDescriptor > objectCategory > > Can someone enlighten me on the correct value for these attributes? > > thanks, > > Rob > > > > On Tue, Jan 8, 2013 at 6:43 PM, Robert Moggach <r...@dashing.tv> wrote: > >> I've solved getting the schema into the directory... and I thought I >> populated my automount maps... >> but the directory is unbrowseable - >> >> Getting closer... I keep getting the following error: >> >> *acl_read: cannot get descriptor of automountMap... etc. etc.* >> >> >> Steps I took... >> 1) I had changed the Default-First-Site-Name to something more >> appropriate and changing that back seemed like a good place to start even >> though fsmo was showing me as the SchemaMaster - >> >> 2) At this point I was able to get the schema loaded... almost... ldapadd >> didn't like attributes and class in the same ldif... and then I had to >> restart samba to add the class file... ugh... use ldbmodify! I edited the >> automount.ldif schema file to be two files - one for the attributes and a >> second for the classes >> >> I added the schema using the following two commands: >> >> ldbmodify -H /usr/local/samba/private/sam.ldb >> /root/SAMBA4/automount/autofs_attr.ldif --option="dsdb:schema update >> allowed"=true >> >> ldbmodify -H /usr/local/samba/private/sam.ldb >> /root/SAMBA4/automount/autofs_class.ldif --option="dsdb:schema update >> allowed"=true >> >> 4) I then tried to add the automount records with ldbmodify with no luck >> ... >> ldbmodify -H /usr/local/samba/private/sam.ldb >> /root/SAMBA4/automount/03_autofs_maps.ldif >> ... >> Sorting rpmd with attid exception 3 rDN=CN >> DN=CN=linux,CN=autofs,CN=Services,DC=MYDOMAIN >> ERR: (Naming violation) "objectclass: Invalid RDN 'AUTOMOUNTMAPNAME' for >> objectclass 'automountMap'!" on DN >> automountMapName=auto_master,CN=mac,CN=autofs,CN=Services,DC=MYDOMAIN at >> block before line 41 >> Modify failed after processing 5 records >> >> Weird... solved that by doing the following, but now i have all kinds of >> acl_read errors >> >> ldbmodify -H /usr/local/samba/private/sam.ldb.d/DC\=MYDOMAIN.ldb >> 03_autofs_maps.ldif >> >> ldapsearch gives me the following: >> >> result: 1 Operations errorsearch: 5 >> result: 1 Operations error >> text: acl_read: cannot get descriptor of automountMapName=... >> >> weird? how do I add acls? >> >> The following shows the whole directory as expected... but I need ldap to >> work for autofs! >> >> ldbsearch -H /usr/local/samba/private/sam.ldb >> >> So can someone tell me how to get acls added for my objects? >> >> >> >> >> Samba version: 4.1.0pre1-GIT-94f11e9 >> Build environment: >> Build host: Linux crawford 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec >> 19 07:05:20 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux >> >> >> >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba