samba - Nov 2013 - Enabling NIS after samba4 installation

I'm testing out our samba 4 migration process and when the initial 
forest/domain was created, it was created without using --use-rfc2307:

sudo samba-tool domain provision --domain netdirect 
--function-level=2008_R2 --realm=ad.netdirect.ca

Now that it's in place and we have machines joined, what do I need to do 
to add the unix attribute and NIS maps to an existing samba4 domain so 
that we can use the rfc2307 features?

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
?: +1 519 883 1172 x5106    | termination of their C programs.' - Firth

On 28/11/13 16:10, Michael Brown wrote:
> I'm testing out our samba 4 migration process and when the initial 
> forest/domain was created, it was created without using --use-rfc2307:
>
> sudo samba-tool domain provision --domain netdirect 
> --function-level=2008_R2 --realm=ad.netdirect.ca
>
> Now that it's in place and we have machines joined, what do I need to 
> do to add the unix attribute and NIS maps to an existing samba4 domain 
> so that we can use the rfc2307 features?
>
> M.
>
You need to add ypServ30.ldif, if you compiled Samba4 yourself it is 
usually in /usr/local/samba/share/setup/

copy this file somewhere, then edit it, changing ${DOMAINDN} to your AD 
base i.e. DC=example,DC=com
change ${NETBIOSNAME} to your workgroup name i.e. EXAMPLE
change ${NISDOMAIN} to your realm i.e. example.com

Now add it with something similar to this:

ldbmodify -H /usr/local/samba/private/sam.ldb /root/ypServ30.ldif 
--option="dsdb:schema update allowed"=true

Alter the above to match your setup.

Add to [global] section of smb.conf:

     idmap_ldb:use rfc2307 = yes

Restart samba and you should be good to go.

Rowland