[Samba] use of ‘idmap_ldb:use rfc2307 = yes’ in DCs

Olaf Frączyk olaf at navi.pl
Thu Jun 20 10:25:29 UTC 2024


Why is it said that it affects only if you have fileserver on DC?

I use uid, uidNumber, unixHomeDirectory for users and gid for groups. 
This attributes are defined in samba DC.

Then I have another samba server that works as fileserver, and I have 
this in config:

    idmap config * : backend = tdb
     idmap config * : range = 20000-20999
     idmap config NAVIDOM:backend = ad
     idmap config NAVIDOM:schema_mode = rfc2307
     idmap config NAVIDOM:range = 1000-9999
     idmap config NAVIDOM:unix_nss_info = yes
     idmap config NAVIDOM:unix_primary_group = yes
     winbind use default domain = yes
     winbind nss info = rfc2307

As I understand, to use it this way I need the "idmap_ldb:use rfc2307 = 
yes" on DC?

Or is there another way to directly map samba users and groups to linux 
users and groups?

Best regards,

Olaf Frączyk

NAVI Sp. z o.o.
Promienista 5/1
60-288 Poznań

mobile: +48609769035
phone: +48616622881
fax: +48616622882

On 2024-06-20 11:22, Luis Peromarta via samba wrote:
> I tried already, feedback welcome and this is all free to use anywhere else.
> http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307
> LP
> On Jun 20, 2024 at 10:19 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:
>> We should then document 'idmap_ldb:use rfc2307'
>> to say it allows the use of uidNumber & gidNumber attributes on a Samba
>> AD DC.

More information about the samba mailing list