[Samba] Switching to a RFC2307 Schema

mail at rhizomatic-nomad.net mail at rhizomatic-nomad.net
Sat Nov 25 18:13:45 UTC 2023

On 25.11.2023 18:58:09, mail at rhizomatic-nomad.net wrote:
> Hello,
> after stumbling in almost every thread, that it makes sense to have
> RFC2307 enabled, I wanted to switch an AD DC to it and follwed this wiki
> page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
> When I try to import the modified ldif file, I get an error message:
> ERR: (Entry already exists) "Entry
> CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de already exists"
> on DN CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de at block
> before line 5
> Modify failed after processing 0 records"
> Fortunately nothing seems to be broken, as it's still possible to start
> the Samba service again.
> Yes, I wonder about that message, I didn't find an error I did following
> that tutorial and I'm sure that the Samba Active Directory was
> provisioned without RFC2307.
> Searching if other people experienced the same error I found this
> discussion
> https://groups.google.com/g/mailing.unix.samba-technical/c/8vQIEkIQIiw
> mentioning that "rfc2307 is ALWAYS activated for a Samba4 DC".
> Unfortunately there is no explanation after "check the following, to
> find out, if RFC2307 is already enabled:", so I don't know how to check
> that. 
> I don't have the need for an AD backend and am using rid at the moment,
> but as it could happen that we need to allow logins to Linux servers I
> would like to have the ability to do that if necessary.
> Anybody has an idea what could cause that error?
> Thanks a lot in advance
> Sinni

The DC is running Samba Version 4.17.12 on Debian 12 Bookworm, if that
matters. And is only the (first of two) DC with all FSMO roles.

More information about the samba mailing list