[Samba] winbind bug?
steve
steve at steve-ss.com
Fri Mar 28 08:43:49 MDT 2014
On Fri, 2014-03-28 at 13:34 +0000, Jonathan Buzzard wrote:
> On Fri, 2014-03-28 at 13:37 +0100, steve wrote:
> > On Thu, 2014-03-27 at 20:22 +0000, Rowland Penny wrote:
> > > >
> > > Do you have access to the Windows server ? if you do, give all your
> > > users and groups the required RFC2307 attributes. You can do this using
> > > ADUC provided that it is showing the UNIX Attributes tab for users &
> > > groups. You can then pull these attributes with winbind, nlscd or sssd
> > > on the linux machine, your problem will then go away.
> > >
> > +1
> > As already suggested, this would solve all your problems, forever. Your
> > windows admin simply needs to extend the schema:
> > http://www.microsoft.com/en-us/download/details.aspx?id=8260
> >
>
> It is highly unlikely that his Windows admins need to extend the schema.
> If your AD servers are at 2003R2 or above your AD schema has already
> been extended whether you wanted it or not. The critical sentence in the
> webpage you link to is
>
> The schema must also be extended before a domain controller
> running Windows Server 2003 R2 is added to a forest, either by
> upgrade or installation of Active Directory.
>
> So while it was true that with 2000 and 2003 you had to optionally
> extend the schema to get the RFC2307bis attributes, Microsoft helpfully
> made it mandatory with 2003R2. Any domain that started off life as
> 2003R2 or later has the schema extension by default.
The OP reports 2003, otherwise we wouldn't have suggested it;)
More information about the samba
mailing list