On Fri, 26 Oct 2018 12:29:38 -0700
Gregory Sloop via samba <samba at lists.samba.org> wrote:
> So, just wanting to verify - since I *think* I understand but am not
> sure.
>
> [The Wiki article might be clarified re: rfc2037 - and avoid
> questions like this.]
>
> 2037 only comes into play if you're interested in controlling local
> access for *nix users on the local file system. Thus, if you are, for
> example, setting up a [or a pair, or more] DC only, which won't have
> local users - than 2037 won't matter.
>
> In my case, I'm setting up a new domain with two DC's and the
DC's
> will only be used for Windows users/stations. Thus, it sure seems
> that I can ignore 2037 safely.
>
> That said, I did provision the initial DC [accidentally] with
> --use-rfc2307 - is there any reason to re-provision and remove it?
> [Might it be good, if I eventually integrate Unix users on other
> member servers, but am not doing so now?]
>
> TIA
> -Greg
You can safely ignore the rfc2307 attributes, adding '--use-rfc2307' to
provision just adds a bit of framework to AD, most of which is used by
nothing ;-)
The main rfc2307 attributes are part of the schema and you get them
whether you want them or not.
To sort of prove the point, if you create a Unix user with Samba tool,
it says this:
Example5 shows how to create an RFC2307/NIS domain enabled user account. If
--nis-domain is set, then the other four parameters are mandatory.
What it doesn't say is, you can add any permutation of the four, just
as long as you don't set '--nis-domain' i.e. you do not need the
domain.
Rowland