[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
steve at steve-ss.com
Sat Sep 28 10:02:17 MDT 2013
On Sat, 2013-09-28 at 16:22 +0100, Rowland Penny wrote:
> On 28/09/13 16:11, Marc Muehlfeld wrote:
> > Hello,
> > Am 28.09.2013 10:11, schrieb Rowland Penny:
> >>> Without the rfc2307 domain provision, will I have to add manually
> >>> uidNumber and guiNumber each time a new user is created from Windows
> >>> Management Console ?
> >> Even with RFC2307 domain provision, you will have to add the uidNumber &
> >> gidNumber manually, as Steve says, you can do this with samba-tool, but
> >> YOU have to supply these numbers, they are not incremented
> >> automatically.
> > If you use the MMC, the numbers are incremented automatically. You
> > simply select the NIS domain in the Unix tab and it shows the last
> > UID/GID + 1. So you don't have to track somewhere which was the last
> > UID/GID you've set.
> > Microsoft tracks this somewhere in the directory under System /
> > RpcServices.
> > Regards,
> > Marc
> Well, yes you are probably right, but as I have never used the MMC to
> add a Linux user, I did not know this, so thanks for the heads up.
> Having said that, I still think it would be quicker to add a user via a
> script on the Linux server.
> Do you know where exactly where Microsoft tracks the uidNumber?
Yeah, another good one.
Samba4 provisioned without rfc2307 takes the next uid/gidNumber from the
CN=CONFIG counter object in idmap.ldb, attribute: xidNumber
If we set:
idmap_ldb use:rfc2307 = Yes
the counter does not update and is ignored. This entry is added if we
provision with rfc2307 but it can be added to a provision without it
whereupon it has the same effect. The counter stops.
MMC introduces yet another way of guessing a uidNumber.
I think the advice must be, choose one method and stick to it. They are
Rowlands RID script seems the most bulletproof to me.
More information about the samba