[Samba] RFC2307 & Samba4 [Was: Linux users and Samba 4]

Adam Tauno Williams awilliam at whitemice.org
Fri Jan 13 08:32:33 MST 2012

On Fri, 2012-01-13 at 02:51 +0100, steve wrote:
> On 12/01/12 23:02, Adam Tauno Williams wrote:
> > Quoting steve <steve at steve-ss.com>:
> >>>>> Samba4's winbind does not support RFC2307,  so doing this is pretty
> >>>>> rough.  I think you need to either use CIFS + winbind everywhere or
> >>>>> somehow maintain an external idmap.
> >>>>> Yea, it is horrible.  We are staring down the barrell of the same 
> >>>>> gun.
> >>> As Jeremy said, they are discussing what needs to be done before
> >>> releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba
> >>> 4's winbind etc., so if something that is critical for you does not
> >>> currently work, you should file a bug report.
> >> Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone 
> >> with my issue. I think I should be easy to fix now before it goes beta.
> >> https://bugzilla.samba.org/show_bug.cgi?id=8635
> >
> > Holy awesome; it got better.  I just tested an upgrade of our 
> > production domain and it appears that Samba4 took [and kept] the UID 
> > number from the existing account.
> > Production
> > -------------
> > [root at littleboy ~]# id adam
> > uid=437(adam) gid=230(cis) groups=230(cis)
> > Test Server
> > ------------
> > barbel:~ # wbinfo -i adam
> > BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false
> > Home directory is a bit wierd, and the gidNumber didn't stick.  But at 
> > least I have the uidNumber.
> > 4.0.0alpha18-GIT-103c1cb [openSUSE 12.1 x86_64] transitioned via 
> > "samba-tool domain samba3upgrade" from Samba S3w/LDAPSAM.
> Nice find you have there. Meanwhile I've got it working. Very rough. But 
> working for 10 hour Kerberos sessions at a time;)
> http://linuxcostablanca.blogspot.com/2011/12/samba-4-linux-integration-first-i-want.html
> Steve

What I'm puzzled by [and maybe this is a deficiency in Samba4 still] is
that while the LDAP modify works the wbinfo output doesn't change.

dn: CN=adam,CN=Users,DC=micore,DC=us
changetype: modify
add: objectclass
objectclass: posixaccount
add: objectclass
objectclass: shadowaccount
add: uidnumber
uidnumber: 437
add: gidnumber
gidnumber: 230
unixhomedirectory: /home/adam
add: loginshell
loginshell: /bin/ksh

barbel:~ # wbinfo -i adam
BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false

So obviously the gidNumber attribute is ignored.  The uidNumber
attribute didn't exist in the object - so that is obviously coming from
elsewhere.  Guess I need to dig into winbind.

I'm currently *assuming* that these attributes are compatible with SFU
for Windows and that they'd replicate to a Windows AD server.
Adam Tauno Williams <awilliam at whitemice.org> LPIC-1, Novell CLA
OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20120113/08100082/attachment.pgp>

More information about the samba mailing list