[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[steve]

On Sat, 2013-09-28 at 16:22 +0100, Rowland Penny wrote:
> On 28/09/13 16:11, Marc Muehlfeld wrote:
> > Hello,
> >
> > Am 28.09.2013 10:11, schrieb Rowland Penny:
> >>> Without the rfc2307 domain provision, will I have to add manually
> >>> uidNumber and guiNumber each time a new user is created from Windows
> >>> Management Console ?
> >>>
> >> Even with RFC2307 domain provision, you will have to add the uidNumber &
> >> gidNumber manually, as Steve says, you can do this with samba-tool, but
> >> YOU have to supply these numbers, they are not incremented 
> >> automatically.
> >
> > If you use the MMC, the numbers are incremented automatically. You 
> > simply select the NIS domain in the Unix tab and it shows the last 
> > UID/GID + 1. So you don't have to track somewhere which was the last 
> > UID/GID you've set.
> >
> > Microsoft tracks this somewhere in the directory under System / 
> > RpcServices.
> >
> >
> > Regards,
> > Marc
> >
> >
> >
> >
> Well, yes you are probably right, but as I have never used the MMC to 
> add a Linux user, I did not know this, so thanks for the heads up. 
> Having said that, I still think it would be quicker to add  a user via a 
> script on the Linux server.
> 
> Do you know where exactly where Microsoft tracks the uidNumber?
> 
> Rowland

Yeah, another good one.
Samba4 provisioned without rfc2307 takes the next uid/gidNumber from the
CN=CONFIG counter object in idmap.ldb, attribute: xidNumber

If we set:
idmap_ldb use:rfc2307 = Yes
in smb.conf
the counter does not update and is ignored. This entry is added if we
provision with rfc2307 but it can be added to a provision without it
whereupon it has the same effect. The counter stops.

MMC introduces yet another way of guessing a uidNumber.

I think the advice must be, choose one method and stick to it. They are
not interchangeable.

Rowlands RID script seems the most bulletproof to me.
Cheers,
Steve