[Samba] Samba4 member of an another « Samba4 » domain

François Lafont flafdivers at free.fr
Sat Apr 13 10:49:43 MDT 2013


Le 11/04/2013 22:39, Gémes Géza a écrit :

> The easiest way to test out rfc2307 would be to provision a new domain
> with samba-tool domain provision --use-rfc2307
> --the-other-options-of-your-choice, and test a rfc2307 client against
> it. The difference is, that in this case the provisioning script loads a
> schema file (ypServ30.ldif) which makes it easier to administer the
> rfc2307 attributes using ADUC. [...]

Ok. I try this in a wheezy server:

samba-tool domain provision --realm=CHEZMOI.PRIV \
    --domain=CHEZMOI --server-role=dc --dns-backend=SAMBA_INTERNAL \
    --adminpass='+toto123' --use-rfc2307
echo "nameserver" > /etc/resolv.conf
samba-tool user add test1 "+test123"

Here is my smb.conf file after this commands:

# Global parameters
        workgroup = CHEZMOI
        realm = CHEZMOI.PRIV
        netbios name = WHEEZY-1
        server role = active directory domain controller
        dns forwarder =
        idmap_ldb:use rfc2307 = yes

        path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts
        read only = No

        path = /usr/local/samba/var/locks/sysvol
        read only = No

But when I run:
ldbedit --url=/usr/local/samba/private/sam.ldb cn=test1

# editing 1 records
# record 1
dn: CN=test1,CN=Users,DC=chezmoi,DC=priv
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test1
instanceType: 4
whenCreated: 20130413162647.0Z
whenChanged: 20130413162647.0Z
uSNCreated: 3769
name: test1
objectGUID: 0d95a85f-92d9-425c-8ddf-bcdb401a1c99
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3595212667-731548510-1075401445-1103
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: test1
sAMAccountType: 805306368
userPrincipalName: test1 at chezmoi.priv
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=chezmoi,DC=priv
pwdLastSet: 130103440070000000
userAccountControl: 512
uSNChanged: 3771
distinguishedName: CN=test1,CN=Users,DC=chezmoi,DC=priv

I have no "objectClass: posixAccount" entry and then no "uidNumber", "gidNumber" attribute. Is it normal?

I thought that "use-rfc2307" option allowed to create "posixaccount" users. Isn't It the case?

François Lafont

More information about the samba mailing list