[Samba] rfc2307 deprecated in Windows 2012 R2?

Thu Jan 29 15:56:28 MST 2015

Something went wrong and the message got sent before it was finished.
Here is the complete one:

Ok, it's here: http://pastebin.com/JEnr5wUq

The id_offset is that value because i initially didn't use rfc2307
attributes, but instead had

idmap config EXAMPLE : range = 300000-499999

in smb.conf.

To get identical uid/gids have to start with the same offset. If you
have a fresh domain and just starting with AD-integration on your
linux-boxes you can just pull out the logic for generating winbind
compatible uids/gids.

-
Regards,

Hans-Kristian

On 29 January 2015 at 23:53, Hans-Kristian Bakke <hkbakke at gmail.com> wrote:
> Ok, it's here: http://pastebin.com/JEnr5wUq
>
> The id_offset is that value because i initially didn't use rfc2307
> attributes, but instead
>
>
> On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote:
>> @Hans-Kristian:
>> I'd like to see it. How did you automate this?
>>
>> @Andrew:
>> In another thread I suggested to set the rfc2307 info automatically when a
>> domain is provisioned with --use-rfc2307. Possibly by an additional
>> parameter.
>> This would make things easier in my eyes.
>>
>> Thanks
>> Tim
>>
>> Am 29. Januar 2015 22:02:14 MEZ, schrieb Hans-Kristian Bakke
>> <hkbakke at gmail.com>:
>>>
>>> It is actually rather easy to set the attributes via powershell, and
>>> that is probably the best way to add them in a Server 2012 R2
>>> environment.
>>>
>>> I wrote a powershell script to do this automatically for users and
>>> groups in an entire domain that should be pretty generic to be reused.
>>> It also mirrors the logic used in automatic winbind UID/GID generation
>>> to be able to coexist in an environment where not all hosts are
>>> migrated to rfc2307 yet. If you want it I can give it to you, but as
>>> you proably would want to write your own powershell-script you would
>>> set properties for users and groups using these two cmdlets and some
>>> foreach-logic looping over your search bases, users and groups:
>>>
>>> Set-ADUser -Identity $username -Replace
>>>
>>> @{uidNumber=$uid;gidNumber=$primary_group_gid;unixHomeDirectory=$homedir;loginShell=$login_shell}
>>>
>>> Set-ADGroup -Identity $groupname -Replace @{gidNumber=$gid}
>>>
>>> On 29 January 2015 at 21:24, Lars Hanke <debian at lhanke.de> wrote:
>>>>
>>>>  Am 29.01.2015 um 21:12 schrieb Tim:
>>>>>
>>>>>
>>>>>  But if they take it away how to set them in future?
>>>>
>>>>
>>>>
>>>>  If you need NIS, you probably have POSIX systems attached. So you can
>>>> always
>>>>  set RFC2307 attributes from POSIX systems.
>>>>
>>>>
>>>>>  Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett
>>>>>  <abartlet at samba.org>:
>>>>>>
>>>>>>
>>>>>>  On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>>>>>>>
>>>>>>>
>>>>>>>  I got the chance to test samba 4 with windows 2012 R2 domain
>>>>>>>  controller on its highest functional level.
>>>>>>>
>>>>>>>  Possibly it's important to know that M$ says that the "server for NIS
>>>>>>>  Tools" which are needed to set rfc attributes are deprecated.
>>>>>>>  I could install them but I can't choose a NIS domain anymore in Unix
>>>>>>>  attributes.
>>>>>>>
>>>>>>>  Will we run into problems with samba4? Is it time for thinking about
>>>>>>
>>>>>>
>>>>>>  a
>>>>>>>
>>>>>>>
>>>>>>>  new idmapping backend? I have an idea for this (based on rid module)
>>>>>>>  but I like to know your thoughts.
>>>>>>
>>>>>>
>>>>>>
>>>>>>  Even if they take away the admin tools, the schema changes won't go
>>>>>>  away, so don't worry.
>>>>>>
>>>>>>  --
>>>>>>  Andrew Bartlett
>>>>>>   http://samba.org/~abartlet/
>>>>>>  Authentication Developer, Samba Team  http://samba.org
>>>>>>  Samba Developer, Catalyst IT
>>>>>>  http://catalyst.net.nz/services/samba
>>>>
>>>>
>>>>
>>>>  --
>>>>  To unsubscribe from this list go to the following URL and read the
>>>>  instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba