AD extension: no kopano tabs??



  • Hello all, I installed the Kopano AD extension in a Domain with SAMBA4 and several Windows administration workstations where we have installed the RSAT tools. However, the kopano tabs are not showing up in the Active Directory User mmc.
    One Workstation is Windows 7, the other is Windows 10 1809.

    I know that this must work as we have another installation showing the kopano tabs without problems.

    Have I missed a step? As I understand, the kopano schema extensions should be installed automatically by the AD extension installer?

    Regards, Jakob



  • Hai Jacob,
    So you did extend the schema in the AD and you installed the MMC plugin?

    the kopano schema extensions should be installed automatically by the AD extension installer?

    yes for the client side, the AD side needs the the extention also.
    see: https://stash.kopano.io/projects/KC/repos/kopano-ads-source/browse/samba/kopano-samba-ads



  • Ah ok, are the LDF’s contained there still correct? OR how can I exctract the current ones from the MSI?

    Perhaps the Samba4 installation steps should also be documented somewhere…



  • @isol said in AD extension: no kopano tabs??:

    Perhaps the Samba4 installation steps should also be documented somewhere…

    whats the OS your using?
    I can recommend Debian or Ubuntu for samba4.

    Debian stretch, im building the 4.10.1 as we speak.
    I’ve just release a Ubuntu samba 4.10.1 version and 4.9.5 version, see the notice on the samba list.

    Repo info https://apt.van-belle.nl
    https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-2.0-samba-minimal-ad.txt
    The Debian stretch howto is bit old, but still ok and for Ubuntu 18.04.
    https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt



  • Sorry, I meant the “Kopano with Samba4 installation steps”. I am running several Samba4 AD systems with Ubuntu 18.04. I will try to import the ldf files from the website now, hope these are still the correct ones.



  • Ah, ok.

    lets see… my steps.

    apt-get install dos2unix
    mkdir download-schema
    cd download-schema
    
    wget https://stash.kopano.io/projects/KC/repos/kopano-ads-source/raw/samba/kopano-samba-ads/kopano-ads.ldf?at=refs%2Fheads%2Fmaster -O kopano-ads.ldf
    wget https://stash.kopano.io/projects/KC/repos/kopano-ads-source/raw/samba/kopano-samba-ads/kopano-display-ads.ldf?at=refs%2Fheads%2Fmaster -O kopano-display-ads.ldf 
    wget https://stash.kopano.io/projects/KC/repos/kopano-ads-source/raw/samba/kopano-samba-ads/kopano_schema_add.sh?at=refs%2Fheads%2Fmaster -O kopano_schema_add.sh
    
    fromdos *.*
    
    # Note i have this in my smb.conf. the server with the FSMO roles. 
    
    ## KEEP THIS OFF !! Only used for modify-ing the AD Schema
    ## ONLY DONE ON THE DC WITH THE FSMO Roles
    #        sdb:schema update allowed = no
    
     sed -i 's]sdb:schema update allowed = no]sdb:schema update allowed = yes]g' /etc/samba/smb.conf
    
    systemctl restart samba-ad-dc
    OUREALM="$(ls /var/lib/samba/private/sam.ldb.d/ | egrep -v  "metadata|FORESTDNSZONES|DOMAINDNSZONES|SCHEMA|CONFIGURATION" | cut -d. -f1)"
    
    bash kopano_schema_add.sh $OUREALM /PATH_TO/YOUR_SCHEMA_FILES)/  -v -H /var/lib/samba/private/sam.ldb -writechanges
    
     sed -i 's]sdb:schema update allowed = yes]sdb:schema update allowed = no]g' /etc/samba/smb.conf
    
    systemctl restart samba-ad-dc
    
    

    should do it for part 1.

    Part 2, add the needed indexing.



  • It worked. So yes, you need to install the kopane ADS schema extension separately on the samba4 DC, as per the script mentioned. The ldf files seem to be “correct”, i.e. they install without error.

    I used

    bash kopano_schema_add.sh DC=XY,DC=ABC,DC=PRIVATE ./ -v -H /var/lib/samba/private/sam.ldb -writechanges
    after having made a backup of the /var/lib/samba directory.

    Note that the mmc snap in extension only works without flaws on windows 10 or equivalent. On my Windows 7 with RSAT, the RSAT mmc crashes after every change I make to a kopano tab. (The change seems to be recorded, though, before the crash…)



  • Part 2, adding indexing.
    you need root, no sudo… root here…

    Look up what is indexed :
    ldbsearch -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -s base -b @INDEXLIST

    Lookup BaseDN :
    YOURBASE=$(ldbsearch -H /$(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')/sam.ldb -s base -b "" defaultNamingContext | awk {' print $NF '}|grep DC)

    Edit : ldbedit -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -b CN=SCHEMA,CN=CONFIGURATION,${YOURBASE}

    Lookup what you want to edit, and set : searchFlags: 1
    Tip, ldbedit -e nano -H… Gives you the nano editor.
    And you need to run : samba-tool dbcheck --reindex on the server after the change’s
    You need to run this on every DC once.

    that should do it, have fun…



  • @isol said in AD extension: no kopano tabs??:

    ough, before the crash…)

    yes, i’ve seen the crashes also on my Win7.
    are you having the zarafa mmc also installed in the win7? that is my problem…
    My fix, delegated some users, like myself to manage the users, ( win10 pc) here the kopano mmc extention works fine.



  • Yes, but that is not a real problem for us, we are migrating all sytems to Win10 anyway.



  • Hmmm, I now compared the current .ldf files (in the source tarball of the ads extension) with the ones downloaded from

    https://stash.kopano.io/projects/KC/repos/kopano-ads-source/browse/samba/kopano-samba-ads

    and they seem to be different.
    Is that a problem? Can/should I just reapply the schema extension on the samba system?



  • @isol said in AD extension: no kopano tabs??:

    Hmmm, I now compared the current .ldf files (in the source tarball of the ads extension) with the ones downloaded from

    https://stash.kopano.io/projects/KC/repos/kopano-ads-source/browse/samba/kopano-samba-ads

    and they seem to be different.
    Is that a problem? Can/should I just reapply the schema extension on the samba system?

    Then i suggest, use this version.
    https://download.kopano.io/community/adextension:/sourcecode/
    that one should be most up2date.


Log in to reply