[Samba] Samba 4 Consistent uid gid mapping across servers.
Rowland Penny
rowlandpenny at googlemail.com
Mon Oct 21 13:05:55 MDT 2013
hi, just a thought, did you join the initial Samba 4 server as a second DC
to the windows 2003 server? and if so was it a 2003 or a 2003R2 server?
If it was just a 2003 server and did not have SFU added to it, then you
probably do not have the required ObjectClasses & Attributes in your schema.
Rowland
On 21 October 2013 13:57, Gints Neimanis <gintsn at gmail.com> wrote:
> On 10/19/2013 10:58 AM, steve wrote:
>
>> On Fri, 2013-10-18 at 18:09 -0600, Wayne L. Andersen wrote:
>>
>>> ...
>>>
>>> My question is, that since I did not specify rfc2307 when I originally
>>> provisioned the domain what is going to be the effect if I try to use it
>>> after the fact.
>>>
>>
>> No problem. You can use the full set of rfc2307 attributes perfectly
>> well without it.
>>
>>> ...
>>>
>> Not a big deal. You can use wbinfo -i to pull the info fr uidNumber and
>> gidNumber and ldbmodify. But be warned: do this on a _single_ DC and
>> add:
>> idmap_ldb use:rfc2307 = Yes
>> to smb.conf to all your DC's afterwards.
>>
>
> Can you please from this point give some more detailed steps?
>
> I have already migrated W2K3 AD -> Samba 4.0.7 -> Samba 4.1.0
>
> Now I wish to add uidNumber attribute to user object:
>
> 1) I have added idmap_ldb use:rfc2307 = Yes to smb.conf and restarted samba
>
> 2) prepared file ldbm.ldif with content:
> ==
> dn: CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv
> changetype: modify
> add: uidNumber
> uidNumber: 300999
> ==
>
> 3) ldbmodify -H /usr/local/samba/private/sam.**ldb ldbm.ldif
> .. and got:
>
> ERR: (No such attribute) "objectclass_attrs: attribute 'uidNumber' on
> entry 'CN=janis.ozols,OU=2009,DC=**xyz,DC=abc,DC=lv' was not found in the
> schema!" on DN CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv at block
> before line 5
> Modify failed after processing 0 records
>
> .. tried to add uidNumber with ldbedit -H /usr/local/samba/private/sam.**ldb
> sAMAccountName=janis.ozols
>
> ... and got:
>
> failed to modify CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv -
> objectclass_attrs: attribute 'uidNumber' on entry
> 'CN=janis.ozols,OU=2009,DC=**xyz,DC=abc,DC=lv' was not found in the
> schema!
>
> Then I tried to add posixAccount class bit without success:
>
> # cat ldbm.ldif
> dn: CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv
> changetype: modify
> add: objectClass
> objectClass: posixAccount
>
> ldbmodify -H /usr/local/samba/private/sam.**ldb ldbm.ldif
>
> ../source4/dsdb/common/util.c:**3130: WARNING: forestFunctionality not
> setup
> ERR: (Unwilling to perform) "objectclass: object class changes on objects
> under the standard name contexts not allowed!" on DN
> CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv at block before line 8
> Modify failed after processing 0 records
>
> (don't know if it is related but:
> # samba-tool domain level raise --domain-level=2003
> ERROR: Could not retrieve the actual domain, forest level and/or lowest DC
> function level! )
>
>
> current entries for this user are:
>
> ====
> dn: CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: janis.ozols
> sn: Janis
> description: tst
> givenName: ozols
> instanceType: 4
> whenCreated: 20130809130646.0Z
> whenChanged: 20130809130646.0Z
> displayName: ozols Janis
> uSNCreated: 7575
> name: janis.ozols
> objectGUID: 05af67f7-c5e0-439c-9cae-**cfe667cf19ea
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> homeDirectory: \\server\janis.ozols
> homeDrive: G:
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> scriptPath: all.bat
> primaryGroupID: 513
> profilePath: \\server\PROFILE\janis.ozols
> objectSid: S-1-5-21-2016371725-**1493893514-1541874228-20143
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: janis.ozols
> sAMAccountType: 805306368
> userPrincipalName: janis.ozols at xyz.abc.lv
> objectCategory: CN=Person,CN=Schema,CN=**Configuration,DC=xyz,DC=abc,**
> DC=lv
> pwdLastSet: 130205272060000000
> userAccountControl: 512
> uSNChanged: 7577
> distinguishedName: CN=janis.ozols,OU=2009,DC=xyz,**DC=abc,DC=lv
> ====
>
> Gints.
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>
More information about the samba
mailing list