[Samba] Verify if Samba AD was provisioned with RFC2037

Marco Shmerykowsky marco at sce-engineers.com
Sun Jan 3 15:05:35 UTC 2021

On 2021-01-03 9:53 am, Rowland penny via samba wrote:
> On 03/01/2021 14:32, Marco Shmerykowsky via samba wrote:
>> Is there a way to confirm whether a samba AD was
>> provisioned using RFC2307?
> All that provisioning with '--use-rfc2307' does is to put
> 'idmap_ldb:use rfc2307' into the first DC's smb.conf (a 'join' doesn't
> do this) and adds the 'ypServ30.ldif' to AD. The first makes DC's use
> uidNumber & gidNumber attributes from AD instead of the xidNumber
> attributes from idmap.ldb. The second makes the Unix attributes tabs
> work in ADUC, only problem is, they no longer exist 🙁
> All of the RFC2307 attributes are in the AD schema by default, even if
> you provision without '--use-rfc2307'.
> Rowland

I see.  The reason I ask is that I'm trying to use an extended query
in a pfsense/openvpn setup and the query seems to fail. I'm fairly
certain I have the query correct (although I could be wrong).

In googling I came across some discussion that RFC2307 can create issues
with the extended query (https://redmine.pfsense.org/issues/9527)

More information about the samba mailing list