Enabling idmap_ldb:use rfc2307 = yes on 2 DCs

Gémes Géza geza at kzsdabas.hu
Tue Sep 25 09:04:42 MDT 2012

2012-09-25 16:37 keltezéssel, steve írta:
> On 25/09/12 11:18, Daniele Dario wrote:
>> Hi Steve,
>> just to be sure I understood:
>> even if I provision with --use-rfc2307 I wont get it working without
>> using an external script to add users/groups which has to modify ldbs
>> adding the objectClass: posixAccount/posixGroup and the
>> uidNumber/gidNumber for every user/group added right?
> Correct. You have to make sure that the DC's use _only_ AD to pull the 
> rfc2307 stuff.
>> Said this it wont work from a windows box using the Admin tools (they
>> will invoke the basic samba tools so not the changed scripts (I was
>> looking at the examples you pointed me)
> It will not work from a windows box because there is no way to fill in 
> the rfc2307 attributes.
That is not completely true. If you provision your domain by a 
classicupgrade you will have the schema elements which allows you to 
manage rfc2307 attributes from ADUC (if you have the full RSAT installed 
(including management tools for NIS server)).
> I believe Géza has a a script for this however.
My scripts are quite domain specific (I planned writing a patch for 
samba-tool, but hadn't time to complete it yet)
> Samba4 will pull only uidNumber and gidNumber from AD. If you need the 
> whole of rfc2307 then you will need to use the scripts you quoted. (as 
> a basis: they are local to my domain only).
> You are nearly there:) Good luck,
> Steve

Geza Gemes

More information about the samba-technical mailing list