[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

steve steve at steve-ss.com
Sat Sep 28 07:29:52 MDT 2013

On Sat, 2013-09-28 at 09:11 +0100, Rowland Penny wrote:

> Just a thought, Because all the RFC2307 attributes are already in Samba4 
> AD, does this mean that we are actually running at domain level 2003 R2 
> ? and if so, shouldn't the documentation etc show this.

Good question. I've always wondered about that. The output suggets that
we are running at 2003:

samba-tool domain level show
Domain and forest function level for domain 'DC=hh3,DC=site'

Forest function level: (Windows) 2003
Domain function level: (Windows) 2003
Lowest function level of a DC: (Windows) 2008 R2

Yet I'm old enough to remember that the 2003 server did not have the
rfc2307 schema. It was introduced when sfu shipped as standard with
2003R2. Those joining Samba4 to a 2003 domain will NOT be able to use
the 2307 attributes but those joining a 2003-R2 or above can [1]. If
that's the case, then the output of the domain level show command is
incorrect as we can and do use all the rfc2307 attributes. I can see
that the 2008 R2 schema which ships with Samba4 also includes the

[1] I wonder if the 2012 AD schema has rfc2307?

More information about the samba mailing list