[Samba] rfc2307 deprecated in Windows 2012 R2?
Hans-Kristian Bakke
hkbakke at gmail.com
Thu Jan 29 15:56:28 MST 2015
Something went wrong and the message got sent before it was finished.
Here is the complete one:
Ok, it's here: http://pastebin.com/JEnr5wUq
The id_offset is that value because i initially didn't use rfc2307
attributes, but instead had
idmap config EXAMPLE : range = 300000-499999
in smb.conf.
To get identical uid/gids have to start with the same offset. If you
have a fresh domain and just starting with AD-integration on your
linux-boxes you can just pull out the logic for generating winbind
compatible uids/gids.
-
Regards,
Hans-Kristian
On 29 January 2015 at 23:53, Hans-Kristian Bakke <hkbakke at gmail.com> wrote:
> Ok, it's here: http://pastebin.com/JEnr5wUq
>
> The id_offset is that value because i initially didn't use rfc2307
> attributes, but instead
>
>
> On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote:
>> @Hans-Kristian:
>> I'd like to see it. How did you automate this?
>>
>> @Andrew:
>> In another thread I suggested to set the rfc2307 info automatically when a
>> domain is provisioned with --use-rfc2307. Possibly by an additional
>> parameter.
>> This would make things easier in my eyes.
>>
>> Thanks
>> Tim
>>
>> Am 29. Januar 2015 22:02:14 MEZ, schrieb Hans-Kristian Bakke
>> <hkbakke at gmail.com>:
>>>
>>> It is actually rather easy to set the attributes via powershell, and
>>> that is probably the best way to add them in a Server 2012 R2
>>> environment.
>>>
>>> I wrote a powershell script to do this automatically for users and
>>> groups in an entire domain that should be pretty generic to be reused.
>>> It also mirrors the logic used in automatic winbind UID/GID generation
>>> to be able to coexist in an environment where not all hosts are
>>> migrated to rfc2307 yet. If you want it I can give it to you, but as
>>> you proably would want to write your own powershell-script you would
>>> set properties for users and groups using these two cmdlets and some
>>> foreach-logic looping over your search bases, users and groups:
>>>
>>> Set-ADUser -Identity $username -Replace
>>>
>>> @{uidNumber=$uid;gidNumber=$primary_group_gid;unixHomeDirectory=$homedir;loginShell=$login_shell}
>>>
>>> Set-ADGroup -Identity $groupname -Replace @{gidNumber=$gid}
>>>
>>> On 29 January 2015 at 21:24, Lars Hanke <debian at lhanke.de> wrote:
>>>>
>>>> Am 29.01.2015 um 21:12 schrieb Tim:
>>>>>
>>>>>
>>>>> But if they take it away how to set them in future?
>>>>
>>>>
>>>>
>>>> If you need NIS, you probably have POSIX systems attached. So you can
>>>> always
>>>> set RFC2307 attributes from POSIX systems.
>>>>
>>>>
>>>>> Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett
>>>>> <abartlet at samba.org>:
>>>>>>
>>>>>>
>>>>>> On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>>>>>>>
>>>>>>>
>>>>>>> I got the chance to test samba 4 with windows 2012 R2 domain
>>>>>>> controller on its highest functional level.
>>>>>>>
>>>>>>> Possibly it's important to know that M$ says that the "server for NIS
>>>>>>> Tools" which are needed to set rfc attributes are deprecated.
>>>>>>> I could install them but I can't choose a NIS domain anymore in Unix
>>>>>>> attributes.
>>>>>>>
>>>>>>> Will we run into problems with samba4? Is it time for thinking about
>>>>>>
>>>>>>
>>>>>> a
>>>>>>>
>>>>>>>
>>>>>>> new idmapping backend? I have an idea for this (based on rid module)
>>>>>>> but I like to know your thoughts.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Even if they take away the admin tools, the schema changes won't go
>>>>>> away, so don't worry.
>>>>>>
>>>>>> --
>>>>>> Andrew Bartlett
>>>>>> http://samba.org/~abartlet/
>>>>>> Authentication Developer, Samba Team http://samba.org
>>>>>> Samba Developer, Catalyst IT
>>>>>> http://catalyst.net.nz/services/samba
>>>>
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list