[Samba] What is --rfc2307-from-nss ??

[Rowland Penny]

On 28/11/14 07:46, Greg Zartman wrote:
> On Wed, Nov 26, 2014 at 4:10 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 26/11/14 05:43, Greg Zartman wrote:
>
>         I'm having a hard time figuring out what the samba-tool user
>         create
>         --rfc2307-from-nss does?  The documentation is a little skinny.
>
>
>
> After some testing on my development box, I can say --rfc2307-from-nss 
> is broken on the latest sernet packages.  Just throws errors when I 
> try and  use it.
>
>

It works with 4.1.11 from Debian backports, If you have a user in 
/etc/passwd, you can import the users info with the '--rfc2307-from-nss' 
option. The only problem is that you end up with two users with the same 
name (as far as Unix is concerned) i.e.

usertest:x:20000:10000:,,,:/home/usertest:/bin/bash
.............................
...........................
INTERNAL\usertest:*:20000:10000::/home/INTERNAL/usertest:/bin/false

This is newly created users object in AD (cruft removed)

dn: CN=usertest,CN=Users,DC=internal,DC=example,DC=com
cn: usertest
name: usertest
primaryGroupID: 513
objectSid: S-1-5-21-3948678125-793929683-1429333427-1111
sAMAccountName: usertest
userPrincipalName: usertest at internal.example.com
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=internal,DC=example,DC=com
uid: usertest
uidNumber: 20000
gidNumber: 10000
gecos: some text
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
pwdLastSet: 130616437280000000
userAccountControl: 512
distinguishedName: CN=usertest,CN=Users,DC=internal,DC=example,DC=com

So, yes you could use it, but it doesn't add all the required RFC2307 
attributes and you would have to delete the user from /etc/passwd, it 
would be easier to create the user correctly in the first place.

Rowland