Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2743
  • Last Modified:

samba4 view domain computers

I can list Active Directory users with `samba-tool user list`, but how do I list the workstations that are a member of the domain?
0
jmarkfoley
Asked:
jmarkfoley
  • 3
  • 3
1 Solution
 
Leon FesterIT Project Change ManagerCommented:
This tool does not support that function.
http://www.samba.org/samba/docs/man/manpages/samba-tool.8.html
http://www.samba.org/samba/docs/man/manpages/samba.7.html
https://wiki.samba.org/index.php/Samba-tool-external

You can however query AD via any LDAP tool using a custom LDAP query:
e.g. taken from the link below
$ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D 'jsmith@myaddomain.myinetdomain.net' -W '(objectclass=Computer)'

http://jrwren.wrenfam.com/blog/2006/11/17/querying-active-directory-with-unix-ldap-tools/
0
 
jmarkfoleyAuthor Commented:
Thanks. I checked out the http://jrwren.wrenfam.com/blog/2006/11/17/querying-active-directory-with-unix-ldap-tools/ link, but not having much luck. Here are the instructions:

Want to see all the computers in the domain?

 $ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D  'jsmith@myaddomain.myinetdomain.net' -W '(objectclass=Computer)'

For my system, I modified this to

$ ldapsearch -x -h 192.168.0.2 -b 'dc=hprs,dc=local' -s base -D 'Administrator@hprs.local' -W '(objectclass=Computer)'

and got:
# extended LDIF
#
# LDAPv3
# base <dc=hprs,dc=local> with scope baseObject
# filter: (objectclass=Computer)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

Open in new window


Are you familiar with ldapsearch usage? Can you see what I'm doing wrong?
0
 
Leon FesterIT Project Change ManagerCommented:
I'm not familiar with ldapsearch itself but Idap queries are standard for all ldap implementations.

Interesting note I found about ldapsearch limitations:
It is possible that LDAP returns no entries even when a proper bind_dn, password and base DN are provided. LDAP can be configured to prevent listing of entries starting at the root base, e.g. “dc=splunkers, dc=com”. In this case, you’ll have to provide a more specific base DN, for example:

http://blogs.splunk.com/2009/07/30/ldapsearch-is-your-friend/
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
jmarkfoleyAuthor Commented:
This LDAP stuff is way over my head without a lot more research. What is a "more specific DN"? I'll probably have to get more into this in the future, but at the moment I don't even know what LDAP does other than the manpage statement "provides access to X.500 directory services". I'm way down the mountain on this one. I am currently trying to get Samba4 DC/AC set up and was just looking for a "simple" command to list computers that have joined the domain.

Surely someone has a one-liner to do this?
0
 
Leon FesterIT Project Change ManagerCommented:
I've checked a few websites and cannot find a one liner for this function other than to query AD via a LDAP tool.
However, check out this post which seems to indicate that you can connect to the Samba AD via the Active Directory Users and Computers  snap-in. This is the standard tool used in Windows to manage active4 directory.
https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Administer_Unix_Attributes_in_Active_Directory

You'll need to install the RSAT tools on one of your Windows workstations.
Windows 7
http://www.microsoft.com/en-us/download/details.aspx?id=7887

Windows 8
http://www.microsoft.com/en-us/download/details.aspx?id=28972

Regarding the LDAP:

A more specific DN would include the Organizational Unit or Container from Active Directory.
e.g. you create a new Organizational Unit called 'Servers' on the root of AD the DN would be:
ou=servers,dc=hprs,dc=local

If your computers are in the Built-in Computer container then the DN would be:
cn=computers,dc=hprs,dc=local
0
 
jmarkfoleyAuthor Commented:
Thanks - I think I'll move on and revisit this later.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now