[Samba] Elements missing in LDAP for some users
Rowland Penny
rpenny at samba.org
Mon Nov 29 16:59:10 UTC 2021
On Mon, 2021-11-29 at 17:43 +0100, Victor Rodriguez via samba wrote:
> > Hi -
> >
> > In order for this to work, you need to provision your domain with
> > RFC2307 extensions:
> >
> > # samba-tool domain provision --use-rfc2307 --interactive
> >
> > If you didn't have "--use-rfc2307" we need look no further.
>
> Wouldn't that mean that no user should have those records? Some do
> have
> them, others do not, as if there were two versions of the schema (if
> that's even possible, I mean).
There is only one schema in use but you could have a different version
of of the schema, see here:
https://wiki.samba.org/index.php/AD_Schema_Version_Support
>
> I'm 99% sure that "--use-rfc2307" was used during provision. Its the
> same OS and Samba version I have used for a few other domains and all
> worked correctly, so there might be something related to this very
> domain coming from such an old OS (Win2003 SBS).
>
> Reading https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD , I
> have checked that:
>
> - smb.conf has idmap_ldb:use rfc2307 = yes
>
> - NIS extensions do not seem to be installed in this domain:
>
> ---
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b
> CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=company,DC=local cn
>
> search error - No such Base DN:
> CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=company,DC=local
Then it looks like you didn't use '--use-rfc2307' during the provision.
Speaking of which, if you provisioned a NEW domain, how did you migrate
everything from the OLD domain ?
Rowland
More information about the samba
mailing list