[Samba] NIS to SAMBA4 Migration

[Murray Fraser]

I am also struggling to find up to date information on using Samba 4 with
linux clients. I have managed to get the RFC 2307 fields by installing the
'NIS tools' feature on a W2k8 DC, and creating a 'NIS domain'. Previously I
could see the fields, but could not select a NIS domain in the ADUC tool to
make the RFC 2307 fields enabled.

I'm also trying to find out the correct way to add the autohome nis map. I
have tried:

ldbmodify -H /usr/local/samba/private/sam.ldb automount_template.ldif
--option="dsdb:schema update allowed"=true

But this seemed to fail. I have thought I might need to use the Microsoft
schema management tool to add the automount schema.


On Sat, Nov 24, 2012 at 4:01 PM, Gémes Géza <geza at kzsdabas.hu> wrote:

> Hi,
>
>  Hello Steve,
>>
>> The only way I have found to enable those options is to provision with
>> "--use-rfc2307". We are performing an upgrade from Samba3 and I noticed
>> that the options were not grayed out after performing a classicupgrade,
>> but
>> were grayed out after a "clean" provision. I finally figured out that the
>> classicupgrade always uses the "--use-rfc2307" flag. This flag will add
>> the
>> option "idmap_ldb:use rfc2307 = yes" to your smb.conf, however, it has
>> been
>> my experience that adding that to smb.conf post-provision does not enable
>> the UNIX Attributes options, so the provision option must do something
>> else. I would like to know if there is a way to enable this after the
>> fact,
>> but I've not come up with anything yet. I need to complete further testing
>> on the actual authentication of Linux clients, Apache, RADIUS and OpenVPN,
>> but have run into a show-stopper with DNS replication and have moved all
>> my
>> efforts to this for the time being. I was able to get Linux clients
>> authenticating via winbind, but this was before I found out about the
>> "--use-rfc2307" option and winbind was using auto-generated UIDs and GIDs.
>> Any notes you come up with would be greatly appreciated. Thanks, Thomas.
>>
>>  Provisioning with --use-rfc2307 also loads the "NIS" schema into AD and
> thus allows you to set that attributes via ADUC.
> To do the same after provision you would need to import the schema after
> provision. The skeleton of it is in /usr/local/samba/share/setup/**
> ypServ30.ldif
> on a default install.
>
> Regards
>
> Geza Gemes
>
>  On Fri, Nov 23, 2012 at 10:38 AM, Steve van Maanen <steve at starsphere.jp
>> >wrote:
>>
>>  Hello everyone,
>>>
>>> I am trying to figure out a way to migrate NIS maps to SAMBA4 (I want to
>>> replace NIS with SAMAB4 for a Linux domain. I have researched a fair bit
>>> on
>>> the web but have not found out any solutions and was hoping I could find
>>> some help here. What I have found so far pertains to Windows
>>> implementations of Active Directory.
>>>
>>> Here are my questions.
>>>
>>> 1) Is it possible with a default install of SAMBA4 or do I need to extend
>>> the schema?
>>> 2) I notice there is a Unix attributes tab for users, when using Active
>>> Directory users and groups to administer the Samba4 AD, but I am unable
>>> to
>>> change the properties. Is there any way I can enable this?
>>> 3) Has anyone done this and if so, can you offer me some pointers?
>>>
>>> Many thanks!
>>>
>>> Steve
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>>>
>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>