[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Rowland Penny]

On 28/09/13 01:06, me at electronico.nc wrote:
>
> Without the rfc2307 domain provision, will I have to add manually 
> uidNumber and guiNumber each time a new user is created from Windows 
> Management Console ?
>
Even with RFC2307 domain provision, you will have to add the uidNumber & 
gidNumber manually, as Steve says, you can do this with samba-tool, but 
YOU have to supply these numbers, they are not incremented automatically.

You need to write a script around samba-tool and find somewhere to get 
the numbers from, you could create the user then get the number that 
samba4 allocates, then add this as the uidnumber with an ldif file. You 
could also use the script that Steve wrote and is, I believe, available  
on his blog.

I personally use the ' rIDNextRID' attribute from 'cn=RID 
Set,cn=SERVERNAME,OU=Domain Controllers,DC=example,DC=com'

Just add 1 to this and you have the value of the next RID that will be 
used when a user is created, you could then use this as the basis for 
your uidNumber.

incidentally, you do not have to provision with  '--use-rfc2307' to get 
the RFC2307 attributes, you do not even need the rfc2307 line in 
smb.conf on the server to use the rfc2307 attributes, as far as Unix is 
concerned, it seems to work without them. It probably will lead to 
problems elsewhere, but where I do not know and cannot advise not using 
the recommended way of provisioning.

Just a thought, Because all the RFC2307 attributes are already in Samba4 
AD, does this mean that we are actually running at domain level 2003 R2 
? and if so, shouldn't the documentation etc show this.

Rowland
Rowland