[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
Stuart Naylor
stuartiannaylor at thursbygarden.org
Thu Jul 17 18:38:21 MDT 2014
Oh I think I must of misread what you and steve where discussing.
What is confusing me is the output of samba-tool domain level show
Forest function level: (Windows) 2003
Domain function level: (Windows) 2003
Lowest function level of a DC: (Windows) 2008 R2
I thought it might of been because rfc2307 schema included was of 2008r2 ilk.
Why does it always say the lowest function level is (Windows) 2008 R2
I just tried samba-tool domain provision --domain=SAMBA4 --adminpass=Mysamba4 --dns-backend=SAMBA_INTERNAL --server-role=dc --function-level=2003 --use-xattr=yes --realm=SAMBA4.LAN
The output is the same as above.
Always Lowest function level of a DC: (Windows) 2008 R2
Stuart
-----Original message-----
> From:Rowland Penny <rowlandpenny at googlemail.com>
> Sent: Thursday 17th July 2014 11:14
> To: samba at lists.samba.org
> Subject: Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
>
> On 17/07/14 00:26, Stuart Naylor wrote:
> > I have been reading through an old thread and to be honest confused.com
> >
> >
> > root at zent1:~# samba-tool domain level show
> > params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
> > ldb_wrap open of secrets.ldb
> > Domain and forest function level for domain 'DC=office,DC=zentyal,DC=lan'
> >
> > Forest function level: (Windows) 2003
> > Domain function level: (Windows) 2003
> > Lowest function level of a DC: (Windows) 2008 R2
> >
> > That for a start has me totally stumped as where is the 2008 R2 coming from?
> >
> > Does this mean that I can only use this DC with a minimum of 2008 R2 servers?
> >
> > If you include rfc2307 in Samba4 then the schema provided is from 2008 R2.
> >
> > That is definitely twisting my melon.
> >
> > Just to demonstrate my confusion
> >
> > root at zent1:~# samba-tool domain level raise --domain-level=2003_R2
> > Usage: samba-tool domain level (show|raise <options>) [options]
> >
> > samba-tool domain level: error: option --domain-level: invalid choice: '2003_R2' (choose from '2003', '2008', '2008_R2')
> >
> > Maybe I am being dumb:-
> >
> > A 2003 server is a 2003 server; rfc2307 is the schema in SFU (Services for Linux) http://www.microsoft.com/en-gb/download/details.aspx?id=274
> > A 2003R2 server is not a 2003 server as it has a modified SFU already installed.
> > Same goes for a 2008 and 2008R2.
> >
> > When you include the directive --use-rfc2307 on provision the schema used should match the one of the lowest function level.
> > Just banging on the 2008R2 schema means that the documentation should say if you want to use --use-rfc2307 then the server will be 2008R2.
> >
> > Also with the domain provision and domain level raise tools what does 2003 mean?
> > Is that 2003 or 2003R2 and why is one missing?
> >
> > Its probably me being cataclysmically dumb as it does happen often but could someone explain this slowly to me?
> >
> > Please as I am struggling a bit to get my head round this as Samba4 might as well be 2008R2 only in the documentation?
> Hi, adding '--use-rfc2307' on provision does not alter the schema used,
> what it does do, is add the ypServ30.ldif, you can actually add
> uidNumber's, gidNumber's etc without provisioning with '--use-rfc2307'.
>
> If you raise the domain level on samba4 you alter the
> 'msDS-Behavior-Version<http://msdn.microsoft.com/en-us/library/cc220262.aspx>'
> attribute, you do not alter the schema.
>
> Rowland
>
>
>
More information about the samba
mailing list