[Samba] posixAccount objectClass

Andreas Gaiser/L info at multifake.net
Sat Feb 23 10:52:02 MST 2013

Hi Thomas, greeting to all readers,

>     Is there something I miss or is this to be considered a bug?
> If this is the problem I am thinking of, I originally noticed it in
> 4.0.0. I believe Andrew provided a patch, however I don't need this in
> my production environment and only stumbled onto the issue while testing
> something else, so I don't know if what I'm referring to was fixed in
> later releases. I'll see if I can find the thread and bug shortly.

I remember a thread which was about winbind ignoring objects without
posixAccount/posixGroup OCs. The conclusion was to change winbind to not
ignore them. But, actually, shouldn't S4 in DC mode really add them? Or
is ADUC the culprit here?

I didn't check out yet how recent Samba 3.6 winbind behaves as a member
here. When I tried against 4.0.0 I ended up using Wireshark to analyse
LDAP traffic and figured RFC2307 attrs weren't returned by the LDAP
server although requested by winbind, whereas they WERE returned to
Apache Directory Studio at the same time - logged in as
Administrator at sub.domain.tld; a permission issue I guess. Is this a
known issue? I blamed it to poor provisioning (without RFC2307 in the
beginning) that day. Will try again this part later this weekend.

At the moment, I'm working on a script that adds Unix Attributes
automatically to all relevant users (i.e. all that winbind shows on a
member. Btw. I would love to have a way to filter them, because most
groups I won't ever need and they're gonna make things look complicated
on the Unix side. Does anybody know anything about this?).

Andreas Gaiser, Berlin, Germany

More information about the samba mailing list