[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

steve steve at steve-ss.com
Fri Sep 27 03:36:22 MDT 2013

On Fri, 2013-09-27 at 19:09 +1100, me at electronico.nc wrote:
> Hi all,
> (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)
> Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server.
> Compiled with : ./configure --enable-debug --enable-selftest
> Domain provision : /usr/local/samba/bin/samba-tool domain provision
> Despite my reads and tries, I'm unable to list the AD users from Linux.
> /usr/local/samba/bin/wbinfo -t
> /usr/local/samba/bin/wbinfo -u
> /usr/local/samba/bin/wbinfo -g
> are OK
> but : getent passwd
> only lists Linux users.
> AD works OK and lot of work has been done onto.
> If the rfc2307 option if required during domain provision, can I launch 
> it without loosing the whole AD configuration ?

No. You don't need to provision with rfc2307 to be able to use it. You
simply need to add the rfc2307 attributes to the DN's of the users.

e.g. use wbinfo to get the numbers:
wbinfo -i steve2

Now add:
uidNumber: 3000021
gidNumber: 20513
to steve2

An easy way to do that is with ldbedit. If you have a lot of users, use
a script and then add the attributes using ldbmodify.

I'd recommend using nslcd or sssd so that getent will pull the
information from AD.

More information about the samba mailing list