[Samba] samba-tool group add omits RFC2307 attributes (4.0.9 as AD DC)
Trent W. Buck
trentbuck at gmail.com
Sun Oct 27 17:55:20 MDT 2013
After a classicupgrade, I noticed some users and many groups were
missing from samba4, that had been in samba3's LDAP.
"No problem," I thought. "I'll just 'samba-tool group add' them."
Except that groups created that was don't have things like gidNumber and
objectClass: posixGroup, which means that nss_ldapd can't see them.
Can I tell samba-tool to manage RFC2307 attributes as well as AD
attributes? I can't find anything relevant in smb.conf(5) manpage.
I wouldn't even care about this, but nss_winbind sees fewer accounts
than wbinfo which in turn sees fewer accounts than samba-tool! So I
gave up and fell back to nss-ldapd, thinking I was saved -- but now it
seems workaround only works for classicupgraded accounts, not new ones.
I also thought about telling nslcd.conf to turn the SIDs into posix UIDs
and GIDs on its own, but I can't see how to do that. The AD schema
appears to store objectSid as a binary attr. I'm not even sure how to
dump the ad schema as I would have examined cn=config in OpenLDAP.
More information about the samba