[Samba] samba member logon.. question.

Andrey Repin anrdaemon at yandex.ru
Fri Apr 10 07:22:38 MDT 2015

Greetings, Rowland Penny!

> On 10/04/15 08:54, Luca Olivetti wrote:
>> El 09/04/15 a les 18:31, Rowland Penny ha escrit:
>>> If your tools rely on the posix objectclasses being there, then they are
>>> broken. The posix objectclasses are auxiliaries of other AD
>>> objectclasses and as such, no windows tools will add them.
>> but, e.g., samba-tool with --uid will:

> Yes, I know, but it shouldn't!

Ok, what other schema contains the following attributes:

> I believe it is this line in samdb.py that adds it:

> ldbmessage2["objectClass"] = ldb.MessageElement('posixAccount', 
> ldb.FLAG_MOD_ADD, 'objectClass')

> If I knew how to format a patch, I would propose its removal, because
> A) I think it shouldn't be there
> B) I know it works without it

> Also, the classicupgrade shouldn't add the posix objectclasses either.

> Why shouldn't you add the posix objectclasses ? Well consider this, you 
> have a domain with two admins, one who adds users from Unix using tools 
> that add the posix objectclasses and one that uses ADUC and the UNIX 
> Attributes tab. The Unix based admin uses tools that rely on the posix 
> objectclasses and can see all the users they added, but they will not 
> see any users that the ADUC based admin added.

> Or to put it another way, Samba 4 working in AD mode is trying to be 
> compatible with windows AD, so Samba shouldn't add anything that windows 
> doesn't.

You're making no sense whatsoever. How would your proposed Samba communicate
with POSIX system it is running on then?

With best regards,
Andrey Repin
Friday, April 10, 2015 15:51:04

Sorry for my terrible english...

More information about the samba mailing list