Proposal/Idea: Remove support for using rfc2307 attributes for s4 id-mapping?

steve steve at
Tue Oct 16 03:28:26 MDT 2012

On 16/10/12 02:13, simo wrote:
> On Mon, 2012-10-15 at 23:39 +0200, Michael Adam wrote:
>> Simo,
>> On 2012-10-15 at 11:46 -0400, simo wrote:
>>> On Mon, 2012-10-15 at 16:51 +0200, Michael Adam wrote:
>>>> Hi Simo,
>>>> On 2012-10-15 at 10:25 -0400, simo wrote:
>>>>> On Mon, 2012-10-15 at 15:17 +0200, Michael Adam wrote:

>>> for exporting stuff via NFS if it is needed.
>> I'd say omit serving NFS from a S4 AD DC by all means!
>> What is more, I'd suggest to not use the DC for
>> extensive file serving (SMB) if possible.
>> Rather stick to sysvol and netlogon and add member
>> file servers...

Maybe the OP does not know that for many of us, there is a growing 
number of Linux clients used as workstations in the domain.

We can't use cifs to serve the Linux clients as the file ownership is 
always that of the user who mounted the file system, not the 
authenticated user. We use NFS because it allows us to retain the 
rfc2307 attributes of the user by obtaining them from a DC.

OK, so we do no file serving from the DC. Fine. We have a separate file 
server. It still needs to obtain uidNumber and gidNumber from a DC. 
Those values must be identical no matter which DC they are pulled from.

We have fought hard to have everything in one place: AD. M$ have given 
us their schema, which allows for full rfc2307 compatibility. Now we 
have it, we want to rip it apart?
Just another fer cents.

More information about the samba-technical mailing list