rfc2307

David Schmitt david at dasz.at
Fri Feb 14 05:24:01 MST 2014 

Hi,

I've followed http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO on a 
Debian testing machine and had good success in provisioning a domain.

I've used --use-rfc2307 under the impression that this will allow me to 
use samba's ldap server and/or winbind to authenticate my linux clients. 
I've also had good success in using winbind to connect to the dc, 
including being able to kinit successfully on the domain member.

Sadly, I then noticed that the posix attributes were not populated and 
clients (specifically dc and domain member) did not agree on the UIDs of 
users.

I've tried to configure posix attributes by using ldapmodify, which 
worked only up to the point that the attributes were accepted by samba's 
ldap server, but the changes were not reflected in the actual responses 
in the system:

> root at samba:/etc/samba# id testuser
> uid=3000021(TEST\testuser) gid=100(users) groups=100(users)
> root at samba:/etc/samba# ldapsearch -LLL -h localhost -p 389 -D "Administrator at LAN.DASZ.AT" -w ... -b "CN=testuser,CN=Users,DC=lan,DC=dasz,DC=at"
> dn: CN=testuser,CN=Users,DC=lan,DC=dasz,DC=at
> cn: testuser
> instanceType: 4
> whenCreated: 20131205082329.0Z
> uSNCreated: 3784
> name: testuser
> objectGUID:: +4iQ6c5hXEacHox5tszkFg==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAlmuaiI1gpj3YWL63UAQAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: testuser
> sAMAccountType: 805306368
> userPrincipalName: testuser at lan.dasz.at
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=lan,DC=dasz,DC=at
> pwdLastSet: 130307054090000000
> userAccountControl: 512
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> whenChanged: 20140214120810.0Z
> uSNChanged: 3891
> distinguishedName: CN=testuser,CN=Users,DC=lan,DC=dasz,DC=at
>
> root at samba:/etc/samba#


Somehow I think I got sidetracked somewhere, but don't know how to recover.

I'd be glad for any help or hint.


Thanks, David

More information about the samba-technical mailing list