[Samba] What is --rfc2307-from-nss ??

Rowland Penny rowlandpenny at googlemail.com
Fri Nov 28 03:38:54 MST 2014

On 28/11/14 07:46, Greg Zartman wrote:
> On Wed, Nov 26, 2014 at 4:10 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>     On 26/11/14 05:43, Greg Zartman wrote:
>         I'm having a hard time figuring out what the samba-tool user
>         create
>         --rfc2307-from-nss does?  The documentation is a little skinny.
> After some testing on my development box, I can say --rfc2307-from-nss 
> is broken on the latest sernet packages.  Just throws errors when I 
> try and  use it.

It works with 4.1.11 from Debian backports, If you have a user in 
/etc/passwd, you can import the users info with the '--rfc2307-from-nss' 
option. The only problem is that you end up with two users with the same 
name (as far as Unix is concerned) i.e.


This is newly created users object in AD (cruft removed)

dn: CN=usertest,CN=Users,DC=internal,DC=example,DC=com
cn: usertest
name: usertest
primaryGroupID: 513
objectSid: S-1-5-21-3948678125-793929683-1429333427-1111
sAMAccountName: usertest
userPrincipalName: usertest at internal.example.com
uid: usertest
uidNumber: 20000
gidNumber: 10000
gecos: some text
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
pwdLastSet: 130616437280000000
userAccountControl: 512
distinguishedName: CN=usertest,CN=Users,DC=internal,DC=example,DC=com

So, yes you could use it, but it doesn't add all the required RFC2307 
attributes and you would have to delete the user from /etc/passwd, it 
would be easier to create the user correctly in the first place.


More information about the samba mailing list