[Samba] rfc2037

Rowland Penny rpenny at samba.org
Fri Oct 26 19:58:32 UTC 2018


On Fri, 26 Oct 2018 12:29:38 -0700
Gregory Sloop via samba <samba at lists.samba.org> wrote:

> So, just wanting to verify - since I *think* I understand but am not
> sure.
> 
> [The Wiki article might be clarified re: rfc2037 - and avoid
> questions like this.]
> 
> 2037 only comes into play if you're interested in controlling local
> access for *nix users on the local file system. Thus, if you are, for
> example, setting up a [or a pair, or more] DC only, which won't have
> local users - than 2037 won't matter.
> 
> In my case, I'm setting up a new domain with two DC's and the DC's
> will only be used for Windows users/stations. Thus, it sure seems
> that I can ignore 2037 safely.
> 
> That said, I did provision the initial DC [accidentally] with
> --use-rfc2307 - is there any reason to re-provision and remove it?
> [Might it be good, if I eventually integrate Unix users on other
> member servers, but am not doing so now?]
> 
> TIA
> -Greg

You can safely ignore the rfc2307 attributes, adding '--use-rfc2307' to
provision just adds a bit of framework to AD, most of which is used by
nothing ;-)

The main rfc2307 attributes are part of the schema and you get them
whether you want them or not.

To sort of prove the point, if you create a Unix user with Samba tool,
it says this:

Example5 shows how to create an RFC2307/NIS domain enabled user account. If
--nis-domain is set, then the other four parameters are mandatory.

What it doesn't say is, you can add any permutation of the four, just
as long as you don't set '--nis-domain' i.e. you do not need the domain.

Rowland



More information about the samba mailing list