[Samba] Elements missing in LDAP for some users

Victor Rodriguez vrodriguez at soltecsis.com
Mon Nov 29 18:01:33 UTC 2021 

Initially, there was only a Windows 2003 Small Business Server DC. I
don't have the full story, but as far as they remember the domain was
created using this server at the time

I joined Samba as an additional DC to the domain using Zentyal's web UI.
I have checked the logs created when I joined the Samba DC and
unfortuntely Zentyal does not dump neither each command or its output
unless there is any error and the only relative output in the log is
"Provision.pm:898 EBox::Samba::Provision::checkRfc2307 - Checking
RFC2307 compliant schema..." and passes the check (please note: that log
is unrelated to Samba itself but to Zentyal). Then, I joined another
Zetyal server as an additional DC, moved all FSMO roles to dc-001 and
depromoted the Windows 2003 SBS.

Every other Samba domain that I have use Zentyal too and have RFC2037
extensions installed. Maybe in this case, that check didn't work as
expected and the schema was not that compliant, but given that some
users do have RFC2037 attibutes I don't really know what to think.

The schema was upgraded to Windows 2003 level both domain and forest
before migrating. After the migration, I upgraded to 2008R2 level
(objectVersion: 47).

The users created before the migration were created from Windows 2003
ADUC. The test users created after the migration are created using
Windows 10's RSAT ADUC console. I don't know if the users had such
attributes before the migration.

I understand that I might be able to add attributes like uidNumber or
gidNumber using something something as described at:

https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_using_samba-tool_and_ldb-tools

But how may I add other attributes like "userAccountControl"? New users
do not have such attribute (among others).

Many thanks in advance.


-- 

========================================
SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L.
Víctor Rodríguez Cortés
Departamento de I+D+I
Tel./Fax: 966 446 046
vrodriguez at soltecsis.com
www.soltecsis.com
========================================
---
La información contenida en este e-mail es confidencial,
siendo para uso exclusivo del destinatario arriba mencionado.
Le informamos que está totalmente prohibida cualquier
utilización, divulgación, distribución y/o reproducción de
esta comunicación sin autorización expresa en virtud de la
legislación vigente. Si ha recibido este mensaje por error,
le rogamos nos lo notifique inmediatamente por la misma vía
y proceda a su eliminación.
---

More information about the samba mailing list