[Samba] [samba] file server, AD client, no rfc2307
Rowland Penny
rpenny at samba.org
Wed Jul 26 21:12:33 UTC 2017
On Wed, 26 Jul 2017 22:42:48 +0200
mathias dufresne via samba <samba at lists.samba.org> wrote:
> Hi all,
>
> Am I right writing Winbindd needs to have RFC2307 set up in AD to work
> correctly when we want to use uidNumber, gidNumber & Co from AD?
>
> When I write "RFC2307 set up in AD" I mean what is described there:
> https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD#Enabling_RFC2307_in_an_Existing_Active_Directory
>
> I think it's the case, at least before 4.6.x as my tests last days
> tend to show that... but I can easily have misinterpreted things.
>
> I ask that because I'm working for a client who don't want to modify
> its AD schema (as described in the link before). Fortunately, thanks
> again to Rowland who told me that, RFC2307 attributes are already
> present into AD schema and so we can define uidNumber and other
> things with standard AD (without --with-rfc2307).
>
> So after making lot of test with winbind, after I tried to convince my
> client to change its AD schema, I finally set up SSSD as AD client and
> tomorrow I'll try to find how make Samba (file server and AD member)
> working well with SSSD.
>
> So if I'm wrong thinking winbindd needs AD schema modification to
> generate UNIX users with uid and gid taken from uidNumber and
> gidNumber, I would really appreciate to know it and how to set it up.
>
> Hoping I was clear enough in my issue's description, I wish you well,
>
> mathias
I am fairly sure that you only need to add what you are calling the
'schema modification' if you want to use the 'Unix Attributes' tab in
ADUC.
The RFC2307 attributes are part of the standard AD schema, so as you
are setting up a Unix domain member, winbind on one of these should
work without doing the schema modification.
Anything sssd can do on a Unix domain member, winbind can do.
I am fairly sure that your 'schema modification' is the same as adding
IDMU to a Windows DC and windbind works with a windows DC that
doesn't have IDMU installed.
Rowland
More information about the samba
mailing list