samba - Apr 2019 - Fwd: Re: Ressources needed (cpus, ram, etc.) for a Samba server

I see, yes the unix attributes are set on the AD DC (RFC2307) for each 
users and each groups.

And that's a question, because I am using a Windows Server 2012 R2 as AD DC.
Does the unix attibutes will be still available in the Windows Server 
2019 version ?
I don't talk about the ADUC and how to set unix attributes tab, I ask 
about the attributes on the AD schema
because I know that NIS and unix attributes tab  in ADUC is deprecated 
in Windows server 2016, but it can still be set via a powershell script.

EdG

Le 10/04/2019 à 13:41, Rowland Penny via samba a écrit :
> On Wed, 10 Apr 2019 13:14:35 -0300
> Edouard Guigné via samba <samba at lists.samba.org> wrote:
>
>> Log level to 10 was for debug reasons, I can now surely set to 1 now.
>> Concerning idmap config IPGAD, I don't see why is the reason to
start
>> at 1... I will set to 10000 as according to the documentation, thank
>> you.
>>
>> What do you mean by "
>> You are also using the winbind 'ad' backend, so have you added
>> anything to AD ?
>> " ?
> Just what it says. I don't remember if you said what the AD DC is, but
> it doesn't really matter, if you create a user using ADUC or
> samba-tool, the user will just be a Windows user. That is unless you
> also use the UNIX Attributes tab on ADUC or specify the RFC2307
> attributes with 'samba-tool user add'.
> The minimum requirement for a Unix AD user is that they must have a
> uidNumber attribute containing a unique number inside the range you
> set in smb.conf (now do you see why I asked about the range starting
> at '1' ?) AND 'Domain Users'(the default user primary
group) must have
> a gidNumber attribute inside the same range. You are also using
> 'unix_primary_group = yes', so your users should also have
gidNumber
> attribute containing the gidNumber of a group.
>
> It take it you haven't done any of the above, so you may want to
> consider using the 'rid' backend instead. I would suggest you read
> the wiki pages I pointed you to earlier.
>
> Rowland
>

On Wed, 10 Apr 2019 13:53:30 -0300
Edouard Guigné via samba <samba at lists.samba.org> wrote:
> I see, yes the unix attributes are set on the AD DC (RFC2307) for
> each users and each groups.
And are these 'numbers' inside the range you set in smb.conf ?
> 
> And that's a question, because I am using a Windows Server 2012 R2 as
> AD DC. Does the unix attibutes will be still available in the Windows
> Server 2019 version ?
As far as I am aware, yes they are and I don't think they will be
removed, they are part of the main schema. If they were removed, then
it would probably be very easy to put them back.
> I don't talk about the ADUC and how to set unix attributes tab, I ask 
> about the attributes on the AD schema
> because I know that NIS and unix attributes tab  in ADUC is
> deprecated in Windows server 2016, but it can still be set via a
> powershell script.
What has been removed is the 'scaffolding' for the ADUC UNIX Attributes
tab.

Rowland

Yes, I checked the range and UID starts from 10000 in the unix 
attributes set on the AD DC

That's a good news about attributes in Windows Server 2019

Thanks you very much


Le 10/04/2019 à 14:35, Rowland Penny via samba a écrit :
> On Wed, 10 Apr 2019 13:53:30 -0300
> Edouard Guigné via samba <samba at lists.samba.org> wrote:
>
>> I see, yes the unix attributes are set on the AD DC (RFC2307) for
>> each users and each groups.
> And are these 'numbers' inside the range you set in smb.conf ?
>
>> And that's a question, because I am using a Windows Server 2012 R2
as
>> AD DC. Does the unix attibutes will be still available in the Windows
>> Server 2019 version ?
> As far as I am aware, yes they are and I don't think they will be
> removed, they are part of the main schema. If they were removed, then
> it would probably be very easy to put them back.
>
>> I don't talk about the ADUC and how to set unix attributes tab, I
ask
>> about the attributes on the AD schema
>> because I know that NIS and unix attributes tab  in ADUC is
>> deprecated in Windows server 2016, but it can still be set via a
>> powershell script.
> What has been removed is the 'scaffolding' for the ADUC UNIX
Attributes
> tab.
>
> Rowland
>
>