Rowland penny
2021-Jan-03 14:53 UTC
[Samba] Verify if Samba AD was provisioned with RFC2037
On 03/01/2021 14:32, Marco Shmerykowsky via samba wrote:> Is there a way to confirm whether a samba AD was > provisioned using RFC2307?All that provisioning with '--use-rfc2307' does is to put 'idmap_ldb:use rfc2307' into the first DC's smb.conf (a 'join' doesn't do this) and adds the 'ypServ30.ldif' to AD. The first makes DC's use uidNumber & gidNumber attributes from AD instead of the xidNumber attributes from idmap.ldb. The second makes the Unix attributes tabs work in ADUC, only problem is, they no longer exist ? All of the RFC2307 attributes are in the AD schema by default, even if you provision without '--use-rfc2307'. Rowland
Marco Shmerykowsky
2021-Jan-03 15:05 UTC
[Samba] Verify if Samba AD was provisioned with RFC2037
On 2021-01-03 9:53 am, Rowland penny via samba wrote:> On 03/01/2021 14:32, Marco Shmerykowsky via samba wrote: >> Is there a way to confirm whether a samba AD was >> provisioned using RFC2307? > > All that provisioning with '--use-rfc2307' does is to put > 'idmap_ldb:use rfc2307' into the first DC's smb.conf (a 'join' doesn't > do this) and adds the 'ypServ30.ldif' to AD. The first makes DC's use > uidNumber & gidNumber attributes from AD instead of the xidNumber > attributes from idmap.ldb. The second makes the Unix attributes tabs > work in ADUC, only problem is, they no longer exist ? > > All of the RFC2307 attributes are in the AD schema by default, even if > you provision without '--use-rfc2307'. > > RowlandI see. The reason I ask is that I'm trying to use an extended query in a pfsense/openvpn setup and the query seems to fail. I'm fairly certain I have the query correct (although I could be wrong). In googling I came across some discussion that RFC2307 can create issues with the extended query (https://redmine.pfsense.org/issues/9527)