[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

Rowland Penny rowlandpenny at googlemail.com
Tue Oct 1 04:27:53 MDT 2013

On 01/10/13 11:07, Jonathan Buzzard wrote:
>       A. On Sat, 2013-09-28 at 15:49 +0100, Rowland Penny wrote:
> [SNIP]
>> If you do a google search for 'uidNumber' for instance, you will find
>> this webpage:
>> http://msdn.microsoft.com/en-us/library/windows/desktop/ms680511%28v=vs.85%29.aspx
>> This plainly shows that the earliest windows server that had 'uidNumber'
>> was 2003R2 so as 'uidNumber' is in Samba4, samba4 function level should
>> be 2003R2, but Samba4 seems to be using the 2008 schema (at least that
>> is the only one that comes with samba 4) so should the function level be
>> 2008?
> Wrong, the uidNumber etc. where available in Server 2003 (and Server 200
> for that matter) however it was an *optional* schema extension. I know I
> was working somewhere at the time where the AD admins where like many AD
> admins very reluctant to extend the schema.
> In the upgrade to 2003R2 the schema extension was made mandatory. That
> is you upgraded your domain controllers to 2003R2 and the rfc2307 schema
> extension was applied to your AD whether you liked it or not.
> Very useful as the biggest hurdle into getting rfc2307 working on an AD
> was often getting the AD admins to agree to the schema extension. Once
> it's there getting it populated was much easier.
> JAB.
Wrong, the first windows server that had 'uidNumber' as standard was 
2003R2 .

So, if it was first installed 'de-facto' in 2003R2 and Samba 4 has it as 
standard, then samba4 should be 'level 2003R2', but then again it seems 
to be using the 2008 schema (at least that is the earliest I can find in 


More information about the samba mailing list