Full Microsoft schema in Samba4

Matthieu Patou mat+Informatique.Samba at matws.net
Wed Mar 11 18:44:23 GMT 2009 

On 03/05/2009 09:40 AM, Andrew Bartlett wrote:
> I've pushed a wspp-schema branch to my private git repo.  This contains
> a version of Samba4 that will use the full schema.
>
> It will be very slow on some operations (ldbsearch etc), as the schema
> takes some time to load, but this is only done once per process.
>
> I'll be fixing this, and making it work with the LDAP backend (needs
> some errors in the schema fixed) before pushing it to master.
>
> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=tree;hb=refs/heads/wspp-schema
>
> git://git.samba.org/abartlet/samba.git wspp-schema
>
> Hopefully we can bed this down, and cut another alpha with the full
> schema (to allow easy testing 'before' and 'after').
>
> Andrew Bartlett
>    
I tried it today on a test domain !
Well it works but ADCU is broken now in the way that in XP it starts but 
you can't manipulate your domain.
Here I guess the problem is that now that all the schema exists ADCU 
expects to be present in the configuration partition.
In the next days I'll try to dump some element from a w2k3 server and 
inject them into this new samba4 and see what's happening, btw I have a 
tcpdump of the dialog and I can provide it on request (with the keytab 
for decrypting the dialog as well).

For windows 2008 it still do not work saying that "namming information 
cannot be located ...", as it stops on the very first step and as samba4 
do not reply with all the attribute the server requested I would rather 
be inclined to say that windows2008 expects them in order to go further 
and that's the (one?) reason of the error.

The two missing attributes are:
* SupportedLDAPPolicy
* SupportedCapabilites

But it can also be that samba4 pretend to support far less control than 
w2k3 or due to the lack of some partitions (nammingcontexts).

How did you decide which controls should samba4 advertise as being 
supported ? (random ?).

One more time I'll try to dump data from a w2k3 server just to see if I 
can go further with more attributes.
I'll let you know.

Matthieu.

More information about the samba-technical mailing list