On Fri, 2012-08-10 at 06:04 +0200, steve wrote:> Hi
> In Samba3, I have full rfc2307 compliance via winbind where all
> attributes can be obtained from AD.
>
> In Samba4 I only have partial rfc2307 compatibility with:
> idmap_ldb:use rfc2307 = yes
> uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory
> and loginShell are missing.
>
> The workarounds are to use the winbind [homes] share and link from there
> to the real unixHomeDirectory or else use nss-ldapd.
>
> Is it planned that Samba4 winbind will inherit all of rfc2307 at some
stage?
At this stage, we still don't recommend combining file server and DC
functions. By separating these functions onto different (virtual)
servers, you can avoid this issue.
In the very long term, it is clear that we will need to change the
winbindd implementation to avoid these issues, but that isn't something
we can even contemplate at this point.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org