Hello, after stumbling in almost every thread, that it makes sense to have RFC2307 enabled, I wanted to switch an AD DC to it and follwed this wiki page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD When I try to import the modified ldif file, I get an error message: ERR: (Entry already exists) "Entry CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de already exists" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de at block before line 5 Modify failed after processing 0 records" Fortunately nothing seems to be broken, as it's still possible to start the Samba service again. Yes, I wonder about that message, I didn't find an error I did following that tutorial and I'm sure that the Samba Active Directory was provisioned without RFC2307. Searching if other people experienced the same error I found this discussion https://groups.google.com/g/mailing.unix.samba-technical/c/8vQIEkIQIiw mentioning that "rfc2307 is ALWAYS activated for a Samba4 DC". Unfortunately there is no explanation after "check the following, to find out, if RFC2307 is already enabled:", so I don't know how to check that. I don't have the need for an AD backend and am using rid at the moment, but as it could happen that we need to allow logins to Linux servers I would like to have the ability to do that if necessary. Anybody has an idea what could cause that error? Thanks a lot in advance Sinni
On 25.11.2023 18:58:09, mail at rhizomatic-nomad.net wrote:> Hello, > > after stumbling in almost every thread, that it makes sense to have > RFC2307 enabled, I wanted to switch an AD DC to it and follwed this wiki > page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD > > When I try to import the modified ldif file, I get an error message: > ERR: (Entry already exists) "Entry > CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de already exists" > on DN CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de at block > before line 5 > Modify failed after processing 0 records" > > Fortunately nothing seems to be broken, as it's still possible to start > the Samba service again. > > Yes, I wonder about that message, I didn't find an error I did following > that tutorial and I'm sure that the Samba Active Directory was > provisioned without RFC2307. > > Searching if other people experienced the same error I found this > discussion > https://groups.google.com/g/mailing.unix.samba-technical/c/8vQIEkIQIiw > mentioning that "rfc2307 is ALWAYS activated for a Samba4 DC". > Unfortunately there is no explanation after "check the following, to > find out, if RFC2307 is already enabled:", so I don't know how to check > that. > > I don't have the need for an AD backend and am using rid at the moment, > but as it could happen that we need to allow logins to Linux servers I > would like to have the ability to do that if necessary. > > Anybody has an idea what could cause that error? > > Thanks a lot in advance > SinniThe DC is running Samba Version 4.17.12 on Debian 12 Bookworm, if that matters. And is only the (first of two) DC with all FSMO roles.
On Sat, 25 Nov 2023 18:58:02 +0100 mail--- via samba <samba at lists.samba.org> wrote:> Hello, > > after stumbling in almost every thread, that it makes sense to have > RFC2307 enabled, I wanted to switch an AD DC to it and follwed this > wiki page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD > > When I try to import the modified ldif file, I get an error message: > ERR: (Entry already exists) "Entry > CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de already > exists" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de > at block before line 5 > Modify failed after processing 0 records" > > Fortunately nothing seems to be broken, as it's still possible to > start the Samba service again. > > Yes, I wonder about that message, I didn't find an error I did > following that tutorial and I'm sure that the Samba Active Directory > was provisioned without RFC2307.If 'CN=ypServ30' existst, it must have been initially provisioned with '--use-rfc2307'.> > Searching if other people experienced the same error I found this > discussion > https://groups.google.com/g/mailing.unix.samba-technical/c/8vQIEkIQIiwSheesh, that's going back a bit.> mentioning that "rfc2307 is ALWAYS activated for a Samba4 DC".Well, on a DC it is, a DC use the idmap_ldb backend.> Unfortunately there is no explanation after "check the following, to > find out, if RFC2307 is already enabled:", so I don't know how to > check that.You don't have to check anything, if it is a Samba AD DC (or a Windows DC) then it has the rfc2307 attributes in the schema.> > I don't have the need for an AD backend and am using rid at the > moment, but as it could happen that we need to allow logins to Linux > servers I would like to have the ability to do that if necessary.Where are you using 'rid' at the moment, because it sounds like you are using it on the DC, if so, then, even though you think you are, you aren't.> > Anybody has an idea what could cause that error? >Yes, as I said, you provisioned with '--use-rfc2307' Rowland