[Samba] Enabling NIS after samba4 installation

Rowland Penny rowlandpenny at googlemail.com
Thu Nov 28 09:25:58 MST 2013

On 28/11/13 16:10, Michael Brown wrote:
> I'm testing out our samba 4 migration process and when the initial 
> forest/domain was created, it was created without using --use-rfc2307:
> sudo samba-tool domain provision --domain netdirect 
> --function-level=2008_R2 --realm=ad.netdirect.ca
> Now that it's in place and we have machines joined, what do I need to 
> do to add the unix attribute and NIS maps to an existing samba4 domain 
> so that we can use the rfc2307 features?
> M.
You need to add ypServ30.ldif, if you compiled Samba4 yourself it is 
usually in /usr/local/samba/share/setup/

copy this file somewhere, then edit it, changing ${DOMAINDN} to your AD 
base i.e. DC=example,DC=com
change ${NETBIOSNAME} to your workgroup name i.e. EXAMPLE
change ${NISDOMAIN} to your realm i.e. example.com

Now add it with something similar to this:

ldbmodify -H /usr/local/samba/private/sam.ldb /root/ypServ30.ldif 
--option="dsdb:schema update allowed"=true

Alter the above to match your setup.

Add to [global] section of smb.conf:

     idmap_ldb:use rfc2307 = yes

Restart samba and you should be good to go.


More information about the samba mailing list