[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
Rowland Penny
rowlandpenny at googlemail.com
Sat Sep 28 08:49:03 MDT 2013
On 28/09/13 14:29, steve wrote:
> On Sat, 2013-09-28 at 09:11 +0100, Rowland Penny wrote:
>
>> Just a thought, Because all the RFC2307 attributes are already in Samba4
>> AD, does this mean that we are actually running at domain level 2003 R2
>> ? and if so, shouldn't the documentation etc show this.
> Hi
> Good question. I've always wondered about that. The output suggets that
> we are running at 2003:
>
> samba-tool domain level show
> Domain and forest function level for domain 'DC=hh3,DC=site'
>
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2008 R2
>
> Yet I'm old enough to remember that the 2003 server did not have the
> rfc2307 schema. It was introduced when sfu shipped as standard with
> 2003R2. Those joining Samba4 to a 2003 domain will NOT be able to use
> the 2307 attributes but those joining a 2003-R2 or above can [1]. If
> that's the case, then the output of the domain level show command is
> incorrect as we can and do use all the rfc2307 attributes. I can see
> that the 2008 R2 schema which ships with Samba4 also includes the
> attributes.
>
> [1] I wonder if the 2012 AD schema has rfc2307?
> Cheers,
> Steve
>
>
If you do a google search for 'uidNumber' for instance, you will find
this webpage:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680511%28v=vs.85%29.aspx
This plainly shows that the earliest windows server that had 'uidNumber'
was 2003R2 so as 'uidNumber' is in Samba4, samba4 function level should
be 2003R2, but Samba4 seems to be using the 2008 schema (at least that
is the only one that comes with samba 4) so should the function level be
2008?
Rowland
More information about the samba
mailing list