[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

Rowland Penny rowlandpenny at googlemail.com
Thu Jul 17 04:14:49 MDT 2014 

On 17/07/14 00:26, Stuart Naylor wrote:
> I have been reading through an old thread and to be honest confused.com
>
>
> root at zent1:~# samba-tool domain level show
> params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
> ldb_wrap open of secrets.ldb
> Domain and forest function level for domain 'DC=office,DC=zentyal,DC=lan'
>
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2008 R2
>
> That for a start has me totally stumped as where is the 2008 R2 coming from?
>
> Does this mean that I can only use this DC with a minimum of 2008 R2 servers?
>
> If you include rfc2307 in Samba4 then the schema provided is from 2008 R2.
>
> That is definitely twisting my melon.
>
> Just to demonstrate my confusion
>
> root at zent1:~# samba-tool domain level raise --domain-level=2003_R2
> Usage: samba-tool domain level (show|raise <options>) [options]
>
> samba-tool domain level: error: option --domain-level: invalid choice: '2003_R2' (choose from '2003', '2008', '2008_R2')
>
> Maybe I am being dumb:-
>
> A 2003 server is a 2003 server; rfc2307 is the schema in SFU (Services for Linux) http://www.microsoft.com/en-gb/download/details.aspx?id=274
> A 2003R2 server is not a 2003 server as it has a modified SFU already installed.
> Same goes for a 2008 and 2008R2.
>
> When you include the directive --use-rfc2307 on provision the schema used should match the one of the lowest function level.
> Just banging on the 2008R2 schema means that the documentation should say if you want to use --use-rfc2307 then the server will be 2008R2.
>
> Also with the domain provision and domain level raise tools what does 2003 mean?
> Is that 2003 or 2003R2 and why is one missing?
>
> Its probably me being cataclysmically dumb as it does happen often but could someone explain this slowly to me?
>
> Please as I am struggling a bit to get my head round this as Samba4 might as well be 2008R2 only in the documentation?
Hi, adding '--use-rfc2307' on provision does not alter the schema used, 
what it does do, is add the ypServ30.ldif, you can actually add 
uidNumber's, gidNumber's etc without provisioning with '--use-rfc2307'.

If you raise the domain level on samba4 you alter the 
'msDS-Behavior-Version<http://msdn.microsoft.com/en-us/library/cc220262.aspx>' 
attribute, you do not alter the schema.

Rowland

More information about the samba mailing list