Sébastien Le Ray
2015-Jun-04 16:35 UTC
[Samba] What does idmap_ldb:use rfc2307 = yes do exactly?
Hi, http://tools.ietf.org/html/rfc2307 It is used to pull down UNIX information from active directory (namely uid, gid, homedir, shell). Support is partial on domain controller since shell & homedir can only be set through * template parameters in smb.conf despite rfc2307 being used. Shell & homedir are correctly fetched on member servers. Regards, Le 04/06/2015 18:30, buhorojo a ?crit :> On 04/06/15 02:12, Brady, Mike wrote: >> I see that on the page >> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers >> that >> >> idmap_ldb:use rfc2307 = yes >> >> is required on all DC when wanting to use RFC2307, but I can not find >> any mention of this parameter in the man pages or any explanation of >> exactly what it does anywhere else. >> >> I am using RFC2307 in my set up and do have this in all my server >> configuratiosn (both DC and member) and I think that everything is >> working, so just wanting understand what this actually does rather >> than having a problem. >> >> Regards >> >> Mike > Hi > It can be used to instruct winbind to look in the directory when uid > and gid sid mappings are required. Otherwise an external database is > consulted. rfc2307 support is not complete as only the two attributes > mentioned can be read. > HTH > >
On 04/06/15 18:35, S?bastien Le Ray wrote:> Shell & homedir are correctly fetched on member servers.Without: idmap_ldb:use rfc2307 = yes
Brady, Mike
2015-Jun-04 22:24 UTC
[Samba] What does idmap_ldb:use rfc2307 = yes do exactly?
On 2015-06-05 04:54, buhorojo wrote:> On 04/06/15 18:35, S?bastien Le Ray wrote: >> Shell & homedir are correctly fetched on member servers. > Without: > idmap_ldb:use rfc2307 = yesDoes idmap_ldb apply to both the internal winbind on a DC and the external winbindd on a file server? On a 4.1 DC using the internal winbind the only winbind related configuration that I have is idmap_ldb:use rfc2307 = yes But on my file servers I have always had additional winbind configuration along the lines of the following: idmap_ldb:use rfc2307 = yes idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config SAMBA:backend = ad idmap config SAMBA:schema_mode = rfc2307 idmap config SAMBA:range = 1000000-5000000 winbind nss info = rfc2307 On a 4.2 DC the external winbindd is now used by default. Should I now have this additional configuration on the DC as well? I have 2x 4.1 DC and 1x 4.1 file server and am just starting to work through upgrading to 4.2. I have added a 4.2 DC to the domain and wbinfo and getent all return the results that I expect on all four machines so I am just trying to make sure that I doing things correctly rather than having something that does not work. Thanks Mike