AD extension: no kopano tabs??

isol

Hello all, I installed the Kopano AD extension in a Domain with SAMBA4 and several Windows administration workstations where we have installed the RSAT tools. However, the kopano tabs are not showing up in the Active Directory User mmc.
One Workstation is Windows 7, the other is Windows 10 1809.

I know that this must work as we have another installation showing the kopano tabs without problems.

Have I missed a step? As I understand, the kopano schema extensions should be installed automatically by the AD extension installer?

Regards, Jakob

thctlo

Hai Jacob,
So you did extend the schema in the AD and you installed the MMC plugin?

the kopano schema extensions should be installed automatically by the AD extension installer?

yes for the client side, the AD side needs the the extention also.
see: https://stash.kopano.io/projects/KC/repos/kopano-ads-source/browse/samba/kopano-samba-ads

isol

Ah ok, are the LDF’s contained there still correct? OR how can I exctract the current ones from the MSI?

Perhaps the Samba4 installation steps should also be documented somewhere…

thctlo

@isol said in AD extension: no kopano tabs??:

Perhaps the Samba4 installation steps should also be documented somewhere…

whats the OS your using?
I can recommend Debian or Ubuntu for samba4.

Debian stretch, im building the 4.10.1 as we speak.
I’ve just release a Ubuntu samba 4.10.1 version and 4.9.5 version, see the notice on the samba list.

Repo info https://apt.van-belle.nl
https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-2.0-samba-minimal-ad.txt
The Debian stretch howto is bit old, but still ok and for Ubuntu 18.04.
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt

isol

Sorry, I meant the “Kopano with Samba4 installation steps”. I am running several Samba4 AD systems with Ubuntu 18.04. I will try to import the ldf files from the website now, hope these are still the correct ones.

thctlo

Ah, ok.

lets see… my steps.

apt-get install dos2unix
mkdir download-schema
cd download-schema

wget https://stash.kopano.io/projects/KC/repos/kopano-ads-source/raw/samba/kopano-samba-ads/kopano-ads.ldf?at=refs%2Fheads%2Fmaster -O kopano-ads.ldf
wget https://stash.kopano.io/projects/KC/repos/kopano-ads-source/raw/samba/kopano-samba-ads/kopano-display-ads.ldf?at=refs%2Fheads%2Fmaster -O kopano-display-ads.ldf 
wget https://stash.kopano.io/projects/KC/repos/kopano-ads-source/raw/samba/kopano-samba-ads/kopano_schema_add.sh?at=refs%2Fheads%2Fmaster -O kopano_schema_add.sh

fromdos *.*

# Note i have this in my smb.conf. the server with the FSMO roles. 

## KEEP THIS OFF !! Only used for modify-ing the AD Schema
## ONLY DONE ON THE DC WITH THE FSMO Roles
#        sdb:schema update allowed = no

 sed -i 's]sdb:schema update allowed = no]sdb:schema update allowed = yes]g' /etc/samba/smb.conf

systemctl restart samba-ad-dc
OUREALM="$(ls /var/lib/samba/private/sam.ldb.d/ | egrep -v  "metadata|FORESTDNSZONES|DOMAINDNSZONES|SCHEMA|CONFIGURATION" | cut -d. -f1)"

bash kopano_schema_add.sh $OUREALM /PATH_TO/YOUR_SCHEMA_FILES)/  -v -H /var/lib/samba/private/sam.ldb -writechanges

 sed -i 's]sdb:schema update allowed = yes]sdb:schema update allowed = no]g' /etc/samba/smb.conf

systemctl restart samba-ad-dc

should do it for part 1.

Part 2, add the needed indexing.

isol

It worked. So yes, you need to install the kopane ADS schema extension separately on the samba4 DC, as per the script mentioned. The ldf files seem to be “correct”, i.e. they install without error.

I used

bash kopano_schema_add.sh DC=XY,DC=ABC,DC=PRIVATE ./ -v -H /var/lib/samba/private/sam.ldb -writechanges
after having made a backup of the /var/lib/samba directory.

Note that the mmc snap in extension only works without flaws on windows 10 or equivalent. On my Windows 7 with RSAT, the RSAT mmc crashes after every change I make to a kopano tab. (The change seems to be recorded, though, before the crash…)

thctlo

Part 2, adding indexing.
you need root, no sudo… root here…

Look up what is indexed :
ldbsearch -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -s base -b @INDEXLIST

Lookup BaseDN :
YOURBASE=$(ldbsearch -H /$(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')/sam.ldb -s base -b "" defaultNamingContext | awk {' print $NF '}|grep DC)

Edit : ldbedit -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -b CN=SCHEMA,CN=CONFIGURATION,${YOURBASE}

Lookup what you want to edit, and set : searchFlags: 1
Tip, ldbedit -e nano -H… Gives you the nano editor.
And you need to run : samba-tool dbcheck --reindex on the server after the change’s
You need to run this on every DC once.

that should do it, have fun…

thctlo

@isol said in AD extension: no kopano tabs??:

ough, before the crash…)

yes, i’ve seen the crashes also on my Win7.
are you having the zarafa mmc also installed in the win7? that is my problem…
My fix, delegated some users, like myself to manage the users, ( win10 pc) here the kopano mmc extention works fine.

isol

Yes, but that is not a real problem for us, we are migrating all sytems to Win10 anyway.

isol

Hmmm, I now compared the current .ldf files (in the source tarball of the ads extension) with the ones downloaded from

https://stash.kopano.io/projects/KC/repos/kopano-ads-source/browse/samba/kopano-samba-ads

and they seem to be different.
Is that a problem? Can/should I just reapply the schema extension on the samba system?

thctlo

@isol said in AD extension: no kopano tabs??:

Hmmm, I now compared the current .ldf files (in the source tarball of the ads extension) with the ones downloaded from

https://stash.kopano.io/projects/KC/repos/kopano-ads-source/browse/samba/kopano-samba-ads

and they seem to be different.
Is that a problem? Can/should I just reapply the schema extension on the samba system?

Then i suggest, use this version.
https://download.kopano.io/community/adextension:/sourcecode/
that one should be most up2date.