[Samba] Samba 4 Consistent uid gid mapping across servers.
Gints Neimanis
gintsn at gmail.com
Mon Oct 21 06:57:16 MDT 2013
On 10/19/2013 10:58 AM, steve wrote:
> On Fri, 2013-10-18 at 18:09 -0600, Wayne L. Andersen wrote:
>> ...
>> My question is, that since I did not specify rfc2307 when I originally
>> provisioned the domain what is going to be the effect if I try to use it
>> after the fact.
>
> No problem. You can use the full set of rfc2307 attributes perfectly
> well without it.
>> ...
> Not a big deal. You can use wbinfo -i to pull the info fr uidNumber and
> gidNumber and ldbmodify. But be warned: do this on a _single_ DC and
> add:
> idmap_ldb use:rfc2307 = Yes
> to smb.conf to all your DC's afterwards.
Can you please from this point give some more detailed steps?
I have already migrated W2K3 AD -> Samba 4.0.7 -> Samba 4.1.0
Now I wish to add uidNumber attribute to user object:
1) I have added idmap_ldb use:rfc2307 = Yes to smb.conf and restarted samba
2) prepared file ldbm.ldif with content:
==
dn: CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv
changetype: modify
add: uidNumber
uidNumber: 300999
==
3) ldbmodify -H /usr/local/samba/private/sam.ldb ldbm.ldif
.. and got:
ERR: (No such attribute) "objectclass_attrs: attribute 'uidNumber' on
entry 'CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv' was not found in the
schema!" on DN CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv at block
before line 5
Modify failed after processing 0 records
.. tried to add uidNumber with ldbedit -H
/usr/local/samba/private/sam.ldb sAMAccountName=janis.ozols
... and got:
failed to modify CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv -
objectclass_attrs: attribute 'uidNumber' on entry
'CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv' was not found in the schema!
Then I tried to add posixAccount class bit without success:
# cat ldbm.ldif
dn: CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv
changetype: modify
add: objectClass
objectClass: posixAccount
ldbmodify -H /usr/local/samba/private/sam.ldb ldbm.ldif
../source4/dsdb/common/util.c:3130: WARNING: forestFunctionality not setup
ERR: (Unwilling to perform) "objectclass: object class changes on
objects under the standard name contexts not allowed!" on DN
CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv at block before line 8
Modify failed after processing 0 records
(don't know if it is related but:
# samba-tool domain level raise --domain-level=2003
ERROR: Could not retrieve the actual domain, forest level and/or lowest
DC function level! )
current entries for this user are:
====
dn: CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: janis.ozols
sn: Janis
description: tst
givenName: ozols
instanceType: 4
whenCreated: 20130809130646.0Z
whenChanged: 20130809130646.0Z
displayName: ozols Janis
uSNCreated: 7575
name: janis.ozols
objectGUID: 05af67f7-c5e0-439c-9cae-cfe667cf19ea
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: \\server\janis.ozols
homeDrive: G:
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
scriptPath: all.bat
primaryGroupID: 513
profilePath: \\server\PROFILE\janis.ozols
objectSid: S-1-5-21-2016371725-1493893514-1541874228-20143
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: janis.ozols
sAMAccountType: 805306368
userPrincipalName: janis.ozols at xyz.abc.lv
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=xyz,DC=abc,DC=lv
pwdLastSet: 130205272060000000
userAccountControl: 512
uSNChanged: 7577
distinguishedName: CN=janis.ozols,OU=2009,DC=xyz,DC=abc,DC=lv
====
Gints.
More information about the samba
mailing list