[Samba] Samba 4, Winbind & RFC2307
Thomas Simmons
twsnnva at gmail.com
Sun Dec 16 10:23:06 MST 2012
Hello Takahashi,
I am using ADUC to manage UNIX attributes and have created the attributes
for each test user.
Just to make sure I understand you correctly; you're saying there is no way
to have S4 winbind use rfc2307 attributes for *nix authentication on a DC,
but it will work on a member server? This is a "clean" provision test setup
that I am running at home. In production (and testing at work) I will be
performing a classicupgrade. I have 300+ users with existing accounts
spread out across many servers. S3 (or it's LDAP backend) is used for auth
& auth on all of our services, so I need to ensure these attributes stay
the same. Worst case I can use NSS+LDAP, but I would prefer to use winbind
if possible.
Here I have NSS+LDAP configured and getent reports the correct uidNumber
and gidNumber that I have specified in AD (rfc2307 attributes):
root at ALW1:~# getent passwd | grep tuser
tuser1:*:10005:10000:Test User1:/home/tuser1:/bin/sh
tuser2:*:10006:10000:Test User2:/home/tuser2:/bin/sh
tuser3:*:10007:10000:Test User3:/home/tuser3:/bin/sh
Here (DC) I am using winbind for authentication, and getent does not report
the correct uidNumber and gidNumber:
[root at ADC1 ~]# getent passwd | grep tuser
TESTDOM\tuser1:*:3000025:100:Test User1:/home/tuser1:/bin/sh
TESTDOM\tuser2:*:3000026:100:Test User2:/home/tuser2:/bin/sh
TESTDOM\tuser3:*:3000027:100:Test User3:/home/tuser3:/bin/sh
On Sun, Dec 16, 2012 at 9:57 AM, TAKAHASHI Motonobu <monyo at monyo.com> wrote:
> From: Thomas Simmons <twsnnva at gmail.com>
> Date: Sat, 15 Dec 2012 22:11:00 -0500
>
> > After provisioning a domain (with rfc2307 attributes), what are the next
> > steps to enable S4 winbind to use these attributes?
>
> As far as I know, winbind on S4 DC cannot use this attribute. This setting
> affects only S4 domain member.
>
> You may manually set these attributes on S4 DC with the script:
> http://lists.samba.org/archive/samba-technical/2012-November/089119.html
>
> ---
> TAKAHASHI Motonobu <monyo at monyo.com>
>
More information about the samba
mailing list