[Samba] Adding RFC2307 attributes to an existing Win2003 AD domain?
Jonathan Buzzard
jonathan at buzzard.me.uk
Fri Sep 27 08:45:55 MDT 2013
On Fri, 2013-09-27 at 05:22 -0400, Thomas Harold wrote:
> Running Samba 4.0.9, we have added a pair of Samba4 domain controllers
> to an existing Win2003 domain.
>
> How do we determine whether RFC2037 attributes already exist in the
> domain? And how would we go about adding them to an already existing
> domain?
If you have genuinely got a 2003 domain then by default rfc2307
attributes don't exist because they will not be in the schema. If your
Windows controllers however are actually 2003R2 then the process of
upgrading your domain to the R2 version introduced the rfc2307 schema
extension whether you liked it or not.
Some links that cover this
http://blog.scottlowe.org/2005/12/22/complete-linux-ad-authentication-details/
http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/
http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
Assuming it is really a 2003R2 domain then you need to populate the
rfc2307 attributes in the directory as by default they are not
populated. You can populate the entries in a variety of ways probably
the simplest is to generate an ldif of the form for every user and load
it into the domain.
dn: CN=joeblogs,OU=users,DC=ds,DC=mycorp,DC=com
uid: joeblogs
msSFU30Name: joeblogs
msSFU30NisDomain: ds
uidNumber: 5252
gidNumber: 8000
unixHomeDirectory: /home/joeblogs
loginShell: /bin/bash
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list