[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

steve steve at steve-ss.com
Sat Sep 28 01:04:05 MDT 2013 

On Sat, 2013-09-28 at 11:06 +1100, me at electronico.nc wrote:
> Le 27/09/2013 20:36, steve a écrit :
> > On Fri, 2013-09-27 at 19:09 +1100, me at electronico.nc wrote:
> >> Hi all,
> >>
> >> (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)
> >>
> >> Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server.
> >> Compiled with : ./configure --enable-debug --enable-selftest
> >> Domain provision : /usr/local/samba/bin/samba-tool domain provision
> >>
> >> Despite my reads and tries, I'm unable to list the AD users from Linux.
> >> /usr/local/samba/bin/wbinfo -t
> >> /usr/local/samba/bin/wbinfo -u
> >> /usr/local/samba/bin/wbinfo -g
> >> are OK
> >>
> >> but : getent passwd
> >> only lists Linux users.
> >>
> >> AD works OK and lot of work has been done onto.
> >>
> >> If the rfc2307 option if required during domain provision, can I launch
> >> it without loosing the whole AD configuration ?
> > Hi
> > No. You don't need to provision with rfc2307 to be able to use it. You
> > simply need to add the rfc2307 attributes to the DN's of the users.
> >
> > e.g. use wbinfo to get the numbers:
> > wbinfo -i steve2
> > HH3\steve2:*:3000021:20513::/home/HH3/steve2:/bin/false
> >
> > Now add:
> > uidNumber: 3000021
> > gidNumber: 20513
> > to steve2
> >
> > An easy way to do that is with ldbedit. If you have a lot of users, use
> > a script and then add the attributes using ldbmodify.
> >
> > I'd recommend using nslcd or sssd so that getent will pull the
> > information from AD.
> > HTH
> > Steve
> >
> >
> Thanks Denis and Steve for the answers.
> 
> Without the rfc2307 domain provision, will I have to add manually 
> uidNumber and guiNumber each time a new user is created from Windows 
> Management Console ?
> 
If you want to use MMC then yes. But why not add new users and groups
using samba-tool? With 4.1.0 rc's you can add the user along with all
his rfc2307 from the command line. 

> Thanks to :
> http://linuxcostablanca.blogspot.com/2013/04/sssd-build-on-opensuse.html
> http://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
> I have been able to :
> getent passwd
> =====================
> 
> But I have tried previousely to install sssd from repository, then from 
> git ...
> I'll start over (thanks clonezilla ;-) ) and let you know.
> Nicolas
> 
If you want to run the AD backend with sssd, you'll need a minimum of
version 1.10. If you're gonna build it, I'd recommend 1.11 which was
released yesterday.
>

More information about the samba mailing list