[Samba] Adding RFC2307 attributes to an existing Win2003 AD domain?

steve steve at steve-ss.com
Fri Sep 27 03:40:52 MDT 2013

On Fri, 2013-09-27 at 05:22 -0400, Thomas Harold wrote:
> Running Samba 4.0.9, we have added a pair of Samba4 domain controllers 
> to an existing Win2003 domain.
> How do we determine whether RFC2037 attributes already exist in the 
> domain?  And how would we go about adding them to an already existing 
> domain?

To check whether a user has rfc2307 run:
getent passwd username

To check 100% he hasn't use ldbsearch and look for uidNumber, gidNumber

To add them if they're not there:

e.g. use wbinfo to get the numbers:
wbinfo -i steve2

Now add:
uidNumber: 3000021
gidNumber: 20513
to steve2 in the directory.

An easy way to do that is with ldbedit. If you have a lot of users, use
a script and then add the attributes using ldbmodify.

You can add the whole of the rfc2307 user and group attributes using the
schema that comes with Samba4.

More information about the samba mailing list