It still a running story but here are my progress so far.
Then on the Samba server, you'll need to load the new schema using ldbmodify, although there's a couple of gotchas...
- The file downloaded is in Windows (CR/LF) format and needs to be converted using dos2unix utility, if you don't you'll get "amusing" errors :-S
- It then needs to be adapted to your need; cat BitLockerTPMSchemaExtension.ldf | sed 's/DC=X/DC=company,DC=com/' > bitlocker.ldif
- and then loaded into Samba: /etc/init.d/samba4 stop ; ldbmodify -H /usr/local/samba/private/sam.ldb --option="dsdb:schema update allowed=true" bitlocker.ldif; /etc/init.d/samba4 start;
If all worked well; you should see something like this:
[ ok ] Stopping Samba 4 daemon: samba.
Modified 10 records successfully
[ ok ] Starting Samba 4 daemon: samba.
Now all I need is to configure the client PC to use the new schema ...