[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

Jonathan Buzzard jonathan at buzzard.me.uk
Tue Oct 1 05:57:14 MDT 2013

On Tue, 2013-10-01 at 12:44 +0100, Rowland Penny wrote:


> Here we go again, your logic is flawed, just because you personally know 
> of lots of windows 2003 & 2000 servers that have 'uidNumbers' does not 
> mean Samba 4 is level 2003.

No my logic is not flawed. You can *NEVER* determine the AD server level
by looking at the schema.

> The 'uidNumber' did not become a fixed part of the windows schema until 
> 2003R2, before that it had to be added, but 'uidNumber' is a fixture of 
> Samba 4 therefore Samba4 cannot be level 2003

By that logic a Windows 2000 server with a uidNumber must really be
2003R2 server. Clearly that is not the case.

> Also, if Samba 4 is level 2003, why does it ship with the 2008 & 2008R2 
> schemas and no sign of the 2003 schema?

Because it depends on the version of the wire level protocol that Samba4
supports and has nothing to do with the schema. That is, there is a set
of MS-RPC calls that you need to support to be at level 2003R2 and
presumably Samba4 does not support them all so it reports itself as a
2003 server.

You could probably import a 2008 schema into a 2003 server, but it would
not make it a 2008 server. Lets face it you can have an AD domain with a
mixture of 2003 and 2003R2 servers in it, and clearly the 2003 servers
are not 2003R2.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list