[Samba] Odp: Re: Odp: Upgrade 4.2.14 --> 4.3.11

Grzegorz Bieniasz gbieniasz at wp.pl
Wed Aug 24 11:03:04 UTC 2016

I provision with:
/usr/local/samba/bin/samba-tool domain provision --realm=corp.example.com.pl --domain=EXAMPLE --adminpass="xxxxxx" --server-role=dc --dns-backend=SAMBA_INTERNAL

Now I know that I made a mistake. I did use lowcase in realm (Is this really problem?) and I did not use switches --use-rfc2307 --use-xattrs=yes.

I do not use AD for UNIX accounts authentication, but I would like to in near future, so I will have to extend schema (--use-rfc2307).

What does exactly do switch --use-xattrs=yes? Does it only add options to smb.conf or also modify ldap tree and others db files?

Going back to my main problem changing smb.conf like you suggested did not solve problem. I have noticed that I can connect to samba ldap via Active Directory Studio and data looks ok. It looks like "./configure; make; make install" broked kerberos authentication.


Dnia Środa, 24 Sierpnia 2016 09:51 Rowland Penny via samba <samba at lists.samba.org> napisał(a)  
> How did you provision ? I have had a look again at the smb.conf you
> posted and I have noticed that a line I expect to see was missing
> 'idmap_ldb:use rfc2307 = yes'. Did you provision with '--use-rfc2307
> --use-xattrs=yes' ?
> Your smb.conf should look like this:
> # Global parameters
> [global]
> 	workgroup = EXAMPLE
> 	server role = active directory domain controller
> 	dns forwarder =
> 	idmap_ldb:use rfc2307 = yes

More information about the samba mailing list