Hi all, When provisionning a Samba 4 AD domain with --use-rfc2307 the option "idmap_ldb:use rfc2307 = yes" is added to our first DC's smb.conf. When joining a Samba4 to a domain to make it a DC we can't use --use-rfc2307 and "idmap_ldb:use rfc2307 = yes" is not automatically added to newly joined DC's smb.conf. Question 1: is this option useless on non-FSMO DC? Question 2: if this option is not useless on non-FSMO DC, don't you think smb.conf should be copied from working DC at "join" time? Question 3: as this could be a choice, is it advised to first copy smb.conf from working DC to newly joined DC then start Samba service on this newly joined DC or is it advised to first start Samba with default smb.conf then stop it, copy smb.conf from working DC and start Samba again? Thanks and regards, mathias
On 08/02/16 12:36, mathias dufresne wrote:> Hi all, > > When provisionning a Samba 4 AD domain with --use-rfc2307 the option > "idmap_ldb:use rfc2307 = yes" is added to our first DC's smb.conf. > > When joining a Samba4 to a domain to make it a DC we can't > use --use-rfc2307 and "idmap_ldb:use rfc2307 = yes" is not automatically > added to newly joined DC's smb.conf. > > Question 1: is this option useless on non-FSMO DC?No, if you have it on the first DC, you should also have it on any secondary DC.> > Question 2: if this option is not useless on non-FSMO DC, don't you think > smb.conf should be copied from working DC at "join" time?You already get the smb.conf created for you, you just don't get the 'idmap_ldb' line> > Question 3: as this could be a choice, is it advised to first copy smb.conf > from working DC to newly joined DC then start Samba service on this newly > joined DC or is it advised to first start Samba with default smb.conf then > stop it, copy smb.conf from working DC and start Samba again?No, before starting Samba on the secondary DC, add the 'idmap_ldb' line, then start Samba. Rowland
Thank you Rowland for your replies. Isn't it possible to forward during join time the content of the right smb.conf? This could make deployment easier which would help some of us... Just my two cents... 2016-02-08 14:03 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 08/02/16 12:36, mathias dufresne wrote: > >> Hi all, >> >> When provisionning a Samba 4 AD domain with --use-rfc2307 the option >> "idmap_ldb:use rfc2307 = yes" is added to our first DC's smb.conf. >> >> When joining a Samba4 to a domain to make it a DC we can't >> use --use-rfc2307 and "idmap_ldb:use rfc2307 = yes" is not automatically >> added to newly joined DC's smb.conf. >> >> Question 1: is this option useless on non-FSMO DC? >> > > No, if you have it on the first DC, you should also have it on any > secondary DC. > > >> Question 2: if this option is not useless on non-FSMO DC, don't you think >> smb.conf should be copied from working DC at "join" time? >> > > You already get the smb.conf created for you, you just don't get the > 'idmap_ldb' line > > >> Question 3: as this could be a choice, is it advised to first copy >> smb.conf >> from working DC to newly joined DC then start Samba service on this newly >> joined DC or is it advised to first start Samba with default smb.conf then >> stop it, copy smb.conf from working DC and start Samba again? >> > > No, before starting Samba on the secondary DC, add the 'idmap_ldb' line, > then start Samba. > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >