jeudi 28 mars 2013

Bitlocker drive encryption and Samba4 ... Will it work ?

I've recently installed a Samba 4 server to handle the 30 windows PC lying around the office and while poking around with what the new toy could do, I wanted to know if it was possible to configure the drive encryption and have a recovery mechanism using the Samba / A.D. server...
It still a running story but here are my progress so far.

The schema needed for BitLocker is not present by default (samba 4.0.3), you can download it (BitLockerTPMSchemaExtension.ldf) from the Microsoft Website, since they are nice enough to provide it for "older" setup.
Then on the Samba server, you'll need to load the new schema using ldbmodify, although there's a couple of gotchas...
  • The file downloaded is in Windows (CR/LF) format and needs to be converted using dos2unix utility, if you don't you'll get "amusing" errors :-S
  • It then needs to be adapted to your need; cat BitLockerTPMSchemaExtension.ldf | sed 's/DC=X/DC=company,DC=com/' > bitlocker.ldif
  • and then loaded into Samba: /etc/init.d/samba4 stop ; ldbmodify -H /usr/local/samba/private/sam.ldb --option="dsdb:schema update allowed=true" bitlocker.ldif; /etc/init.d/samba4 start;
If all worked well; you should see something like this:
[ ok ] Stopping Samba 4 daemon: samba.
Modified 10 records successfully
[ ok ] Starting Samba 4 daemon: samba.

Now all I need is to configure the client PC to use the new schema ... 

Aucun commentaire:

Enregistrer un commentaire

Lessons learned building a big data solution oriented towards security logs AKA a "security data lake"

My company decided to give a go at the big data security log search , most information out there talks about implementing machine learning  ...