Stuart Naylor
2014-Jul-16 23:26 UTC
[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
I have been reading through an old thread and to be honest confused.com root at zent1:~# samba-tool domain level show params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf" ldb_wrap open of secrets.ldb Domain and forest function level for domain 'DC=office,DC=zentyal,DC=lan' Forest function level: (Windows) 2003 Domain function level: (Windows) 2003 Lowest function level of a DC: (Windows) 2008 R2 That for a start has me totally stumped as where is the 2008 R2 coming from? Does this mean that I can only use this DC with a minimum of 2008 R2 servers? If you include rfc2307 in Samba4 then the schema provided is from 2008 R2. That is definitely twisting my melon. Just to demonstrate my confusion root at zent1:~# samba-tool domain level raise --domain-level=2003_R2 Usage: samba-tool domain level (show|raise <options>) [options] samba-tool domain level: error: option --domain-level: invalid choice: '2003_R2' (choose from '2003', '2008', '2008_R2') Maybe I am being dumb:- A 2003 server is a 2003 server; rfc2307 is the schema in SFU (Services for Linux) http://www.microsoft.com/en-gb/download/details.aspx?id=274 A 2003R2 server is not a 2003 server as it has a modified SFU already installed. Same goes for a 2008 and 2008R2. When you include the directive --use-rfc2307 on provision the schema used should match the one of the lowest function level. Just banging on the 2008R2 schema means that the documentation should say if you want to use --use-rfc2307 then the server will be 2008R2. Also with the domain provision and domain level raise tools what does 2003 mean? Is that 2003 or 2003R2 and why is one missing? Its probably me being cataclysmically dumb as it does happen often but could someone explain this slowly to me? Please as I am struggling a bit to get my head round this as Samba4 might as well be 2008R2 only in the documentation? -----Original message-----> From:samba-request at lists.samba.org <samba-request at lists.samba.org> > Sent: Wednesday 16th July 2014 19:00 > To: samba at lists.samba.org > Subject: samba Digest, Vol 139, Issue 20 > > Send samba mailing list submissions to > samba at lists.samba.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.samba.org/mailman/listinfo/samba > or, via email, send a message with subject or body 'help' to > samba-request at lists.samba.org > > You can reach the person managing the list at > samba-owner at lists.samba.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of samba digest..." > Today's Topics: > > 1. Re: samba4 replication issues | sam.ldb inconsistency > (Marc Muehlfeld) > 2. Re: samba4 replication issues | sam.ldb inconsistency > (heupink, mourik jan c) > 3. Re: samba4 replication issues | sam.ldb inconsistency > (Marc Muehlfeld) > 4. Replication and DNS issue (Donaldson Jeff) > 5. Win7 pro trust relationship failed (Dave Beach) > 6. Changing ownership of files on Windows (net rpc rights?) > (John Hixson) > 7. smbd's using up 100% of all cpu's and load avg slowly going > up (Sabuj Pattanayek) > 8. Re: smbd's using up 100% of all cpu's and load avg slowly > going up (Ray Van Dolson) > 9. samba4 replication issue : outbound neighbour (zhia chandra) > 10. Re: samba4 replication issues | sam.ldb inconsistency > (mourik jan heupink - merit) > 11. Re: samba4 replication issues | sam.ldb inconsistency > (mourik jan heupink - merit) > 12. Re: samba4 replication issues | sam.ldb inconsistency > (mourik jan heupink - merit) > 13. Re: samba4 replication issues | sam.ldb inconsistency > (Marc Muehlfeld) > 14. Samba4 as DC, idmapping with different backend? (George) > 15. FW: Samba4 and A-record file shares (Josh Bishir) > 16. DFS queries via rpcclient to Windows 2012 Server fails > (Sangster, Mark) > 17. W7 and Roaming Profiles on two different PDC > (Rechtsanwalt A. Winzer) > 18. Linux Client authentication (Mike Hamam) > 19. Fwd: samba4 joining issue to windows 2012 domain (????? ???????) > 20. DFS queries via rpcclient to Windows 2012 Server fails > (Sangster, Mark) > 21. Samba4 and Linux Client (Mike Hamam) > 22. Re: chown destroys ACLs (Harry Jede) > 23. Re: FW: Samba4 and A-record file shares (Daniel M?ller) > 24. net ads join fails in Ubuntu 14.04 in AWS (Alex Slynko) > 25. Re: Linux Client authentication (Rowland Penny) > 26. Re: Replication and DNS issue (steve) > 27. Re: Changing ownership of files on Windows (net rpc rights?) > (steve) > 28. Re: Samba4 as DC, idmapping with different backend? (steve) > 29. Re: Linux Client authentication (steve) > 30. Re: Samba4 and Linux Client (steve) > 31. Re: Possible winbind bugs. (steve) > 32. Re: Win7 pro trust relationship failed (Dave Beach) > 33. Re: smbd's using up 100% of all cpu's and load avg slowly > going up (Sabuj Pattanayek) > 34. Re: net ads join fails in Ubuntu 14.04 in AWS (Stefan Kania) > 35. Re: smbd's using up 100% of all cpu's and load avg slowly > going up (Sabuj Pattanayek) > 36. Re: smbd's using up 100% of all cpu's and load avg slowly > going up (Sabuj Pattanayek) > 37. preauthentication failure (Vaughn Clinton) > 38. Re: smbd's using up 100% of all cpu's and load avg slowly > going up (Ray Van Dolson) > 39. how to reset home directory ACLs? (Lorenzo Faleschini) > 40. Re: smbd's using up 100% of all cpu's and load avg slowly > going up (Sabuj Pattanayek) > _______________________________________________ > samba mailing list > samba at lists.samba.org > https://lists.samba.org/mailman/listinfo/samba >
Rowland Penny
2014-Jul-17 10:14 UTC
[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
On 17/07/14 00:26, Stuart Naylor wrote:> I have been reading through an old thread and to be honest confused.com > > > root at zent1:~# samba-tool domain level show > params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf" > ldb_wrap open of secrets.ldb > Domain and forest function level for domain 'DC=office,DC=zentyal,DC=lan' > > Forest function level: (Windows) 2003 > Domain function level: (Windows) 2003 > Lowest function level of a DC: (Windows) 2008 R2 > > That for a start has me totally stumped as where is the 2008 R2 coming from? > > Does this mean that I can only use this DC with a minimum of 2008 R2 servers? > > If you include rfc2307 in Samba4 then the schema provided is from 2008 R2. > > That is definitely twisting my melon. > > Just to demonstrate my confusion > > root at zent1:~# samba-tool domain level raise --domain-level=2003_R2 > Usage: samba-tool domain level (show|raise <options>) [options] > > samba-tool domain level: error: option --domain-level: invalid choice: '2003_R2' (choose from '2003', '2008', '2008_R2') > > Maybe I am being dumb:- > > A 2003 server is a 2003 server; rfc2307 is the schema in SFU (Services for Linux) http://www.microsoft.com/en-gb/download/details.aspx?id=274 > A 2003R2 server is not a 2003 server as it has a modified SFU already installed. > Same goes for a 2008 and 2008R2. > > When you include the directive --use-rfc2307 on provision the schema used should match the one of the lowest function level. > Just banging on the 2008R2 schema means that the documentation should say if you want to use --use-rfc2307 then the server will be 2008R2. > > Also with the domain provision and domain level raise tools what does 2003 mean? > Is that 2003 or 2003R2 and why is one missing? > > Its probably me being cataclysmically dumb as it does happen often but could someone explain this slowly to me? > > Please as I am struggling a bit to get my head round this as Samba4 might as well be 2008R2 only in the documentation?Hi, adding '--use-rfc2307' on provision does not alter the schema used, what it does do, is add the ypServ30.ldif, you can actually add uidNumber's, gidNumber's etc without provisioning with '--use-rfc2307'. If you raise the domain level on samba4 you alter the 'msDS-Behavior-Version<http://msdn.microsoft.com/en-us/library/cc220262.aspx>' attribute, you do not alter the schema. Rowland