samba - Jan 2015 - rfc2307 deprecated in Windows 2012 R2?

But if they take it away how to set them in future?

Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett <abartlet at
samba.org>:
>On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>> I got the chance to test samba 4 with windows 2012 R2 domain
>> controller on its highest functional level.
>> 
>> Possibly it's important to know that M$ says that the "server
for NIS
>> Tools" which are needed to set rfc attributes are deprecated.
>> I could install them but I can't choose a NIS domain anymore in
Unix
>> attributes.
>> 
>> Will we run into problems with samba4? Is it time for thinking about
>a
>> new idmapping backend? I have an idea for this (based on rid module)
>> but I like to know your thoughts.
>
>Even if they take away the admin tools, the schema changes won't go
>away, so don't worry.
>
>-- 
>Andrew Bartlett                       http://samba.org/~abartlet/
>Authentication Developer, Samba Team  http://samba.org
>Samba Developer, Catalyst IT         
>http://catalyst.net.nz/services/samba

Am 29.01.2015 um 21:12 schrieb Tim:
> But if they take it away how to set them in future?
If you need NIS, you probably have POSIX systems attached. So you can 
always set RFC2307 attributes from POSIX systems.
> Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett <abartlet at
samba.org>:
>> On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>>> I got the chance to test samba 4 with windows 2012 R2 domain
>>> controller on its highest functional level.
>>>
>>> Possibly it's important to know that M$ says that the
"server for NIS
>>> Tools" which are needed to set rfc attributes are deprecated.
>>> I could install them but I can't choose a NIS domain anymore in
Unix
>>> attributes.
>>>
>>> Will we run into problems with samba4? Is it time for thinking
about
>> a
>>> new idmapping backend? I have an idea for this (based on rid
module)
>>> but I like to know your thoughts.
>>
>> Even if they take away the admin tools, the schema changes won't go
>> away, so don't worry.
>>
>> --
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba

It is actually rather easy to set the attributes via powershell, and
that is probably the best way to add them in a Server 2012 R2
environment.

I wrote a powershell script to do this automatically for users and
groups in an entire domain that should be pretty generic to be reused.
It also mirrors the logic used in automatic winbind UID/GID generation
to be able to coexist in an environment where not all hosts are
migrated to rfc2307 yet. If you want it I can give it to you, but as
you proably would want to write your own powershell-script you would
set properties for users and groups using these two cmdlets and some
foreach-logic looping over your search bases, users and groups:

Set-ADUser -Identity $username -Replace
@{uidNumber=$uid;gidNumber=$primary_group_gid;unixHomeDirectory=$homedir;loginShell=$login_shell}

Set-ADGroup -Identity $groupname -Replace @{gidNumber=$gid}

On 29 January 2015 at 21:24, Lars Hanke <debian at lhanke.de>
wrote:
> Am 29.01.2015 um 21:12 schrieb Tim:
>>
>> But if they take it away how to set them in future?
>
>
> If you need NIS, you probably have POSIX systems attached. So you can
always
> set RFC2307 attributes from POSIX systems.
>
>
>> Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett
>> <abartlet at samba.org>:
>>>
>>> On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>>>>
>>>> I got the chance to test samba 4 with windows 2012 R2 domain
>>>> controller on its highest functional level.
>>>>
>>>> Possibly it's important to know that M$ says that the
"server for NIS
>>>> Tools" which are needed to set rfc attributes are
deprecated.
>>>> I could install them but I can't choose a NIS domain
anymore in Unix
>>>> attributes.
>>>>
>>>> Will we run into problems with samba4? Is it time for thinking
about
>>>
>>> a
>>>>
>>>> new idmapping backend? I have an idea for this (based on rid
module)
>>>> but I like to know your thoughts.
>>>
>>>
>>> Even if they take away the admin tools, the schema changes
won't go
>>> away, so don't worry.
>>>
>>> --
>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team  http://samba.org
>>> Samba Developer, Catalyst IT
>>> http://catalyst.net.nz/services/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On Thu, 2015-01-29 at 21:12 +0100, Tim wrote:
> But if they take it away how to set them in future?
You may have to use some other GUI tool to set them up.  Schema is
additive in general, there is no reason to take it away and good
technical reasons (existing databases) not to.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba