search for: rfc2307

...> On Thu, 27 Jul 2017 08:36:51 +0100 >> > Rowland Penny via samba <samba at lists.samba.org> wrote: >> > >> > > >> > > I will have a look at the provision code for the Samba DC to see >> > > what it actually does when you use '--use-rfc2307', if it just adds >> > > 'ypServ30.ldif', I will setup a test domain without '--use-rfc2307' >> > > and see what happens ;-) >> > > >> > > Rowland >> > > >> > >> > OK, '--use-rfc2307' adds '...

On 14/06/16 17:31, Carlos A. P. Cunha wrote: > Understood, I leave dess form, or may have problems > As for examples, with fileserver (separately)? > But I already was using the RFC2307, because in both I am with the > option: > idmap_ldb: use RFC2307 = yes > ??? > > Thank you > > Just because you have 'idmap_ldb: use RFC2307 = yes' in smb.conf, doesn't mean you are using the RFC2307 attributes, it means you can use RFC2307 attributes. You need...

...ot;workstations" that travel between sites and have to be able to access the files on the file server (which is the DC) and occasionally login to the DC directly. The main issue that I'm having (there are plenty of little naggers too) is that the winbind nss on the DCs won't honor the rfc2307 entries consistently. One of the DCs (the newest one) is honoring the rfc2307 gid map entries, but the other ones are not. None of them seem to honor the rfc2307 login shell entries, but I've found adding the template shell = configuration option does allow the login shell to be set (although...

hi: I setup a small samba 4.0.5 AD DC server. my client is windows 7 and linux. and I use windows 7 with remote managment tools to manage rfc2307 account seetings of samba4 DC. I hope my users can use the same account to use windows and linux. samba4 DC provsion command as below: samba-tool domain provision --use-rfc2307 --function-level=2008_R2 --interactive and smb.conf global section for samba4 DC below: workgroup = DOM...

I see that on the page https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers that idmap_ldb:use rfc2307 = yes is required on all DC when wanting to use RFC2307, but I can not find any mention of this parameter in the man pages or any explanation of exactly what it does anywhere else. I am using RFC230...

On 25.11.2023 19:11:37, Rowland Penny via samba wrote: > On Sat, 25 Nov 2023 18:58:02 +0100 > mail--- via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > after stumbling in almost every thread, that it makes sense to have > > RFC2307 enabled, I wanted to switch an AD DC to it and follwed this > > wiki page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD > > > > When I try to import the modified ldif file, I get an error message: > > ERR: (Entry already exists) "Entry > > CN=ypServ30...

On Sat, 25 Nov 2023 18:58:02 +0100 mail--- via samba <samba at lists.samba.org> wrote: > Hello, > > after stumbling in almost every thread, that it makes sense to have > RFC2307 enabled, I wanted to switch an AD DC to it and follwed this > wiki page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD > > When I try to import the modified ldif file, I get an error message: > ERR: (Entry already exists) "Entry > CN=ypServ30,CN=RpcServices,CN=System...

Hi, http://tools.ietf.org/html/rfc2307 It is used to pull down UNIX information from active directory (namely uid, gid, homedir, shell). Support is partial on domain controller since shell & homedir can only be set through * template parameters in smb.conf despite rfc2307 being used. Shell & homedir are correctly fetched on...

..." that travel between sites and have to be able to access the > files on the file server (which is the DC) and occasionally login to the DC > directly. The main issue that I'm having (there are plenty of little > naggers too) is that the winbind nss on the DCs won't honor the rfc2307 > entries consistently. One of the DCs (the newest one) is honoring the > rfc2307 gid map entries, but the other ones are not. None of them seem to > honor the rfc2307 login shell entries, but I've found adding the template > shell = configuration option does allow the login shell...

...9:11:37, Rowland Penny via samba wrote: > > On Sat, 25 Nov 2023 18:58:02 +0100 > > mail--- via samba <samba at lists.samba.org> wrote: > > > > > Hello, > > > > > > after stumbling in almost every thread, that it makes sense to > > > have RFC2307 enabled, I wanted to switch an AD DC to it and > > > follwed this wiki page > > > https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD > > > > > > When I try to import the modified ldif file, I get an error > > > message: ERR: (Entry already exists...

Hello, after stumbling in almost every thread, that it makes sense to have RFC2307 enabled, I wanted to switch an AD DC to it and follwed this wiki page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD When I try to import the modified ldif file, I get an error message: ERR: (Entry already exists) "Entry CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de alrea...

...Hereafter my smb.conf: [global] #winbind enum groups = yes #winbind enum users = yes client ldap sasl wrapping = plain dedicated keytab file = /etc/krb5.keytab disable spoolss = yes host msdfs = no idmap config * : backend = tdb idmap config * : range = 30000-40000 idmap config * : schema_mode = rfc2307 idmap config 21C : range = 12000001-13000000 idmap config 21C : schema_mode = rfc2307 idmap config 21C: backend = ad idmap config ADMINMUC : backend = ad idmap config ADMINMUC : range = 3000001-4000000 idmap config ADMINMUC : schema_mode = rfc2307 idmap config BITINTRA : backend = ad idmap config B...

Hi all, I am deploying a new AD DC for our network using Ubuntu 18.04 and BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the recommended/correct way to use RFC2307 attributes on DC? At the wiki (1) it says: > For example, setting up an ID mapping back end, such as|ad|(RFC2307) > or|rid|, in the|smb.conf|file is not supported an can cause > the|samba|service to fail Indeed, I...

Can someone please clarify the scope of the remarks in this wiki page: https://wiki.samba.org/index.php/RFC2307_backend specifically, can you confirm that the following applies only to a Member Server, (not the DC)? https://wiki.samba.org/index.php/RFC2307_backend#Configuring_RFC2307_backend_for_Winbind > Configuring RFC2307 backend for Winbind > > Add the following to the [global] section of y...

Hi, I have now added rfc2307 to my domain - I extended the schema, have added UIDs to some (not all yet) of my users and groups, and have my smb.conf with this currently: idmap_ldb:use rfc2307 = yes winbind nss info = rfc2307 winbind use default domain = Yes winbind enum users = Yes wi...

...ned in AD for them, BUT it replaces the primary group GID with the GID I defined for the Domain Users group. Apparently, some genius decided that the best way to look up users in AD is by membership in "Domain Users" rather than iterating through the directory looking for users that have rfc2307 attributes defined, totally ignoring the rfc2307 group attribute on the user objects. The suspected bug is that it is not using the rfc2307 primary GID attribute, but rather is defaulting the "Domain Users" group as the primary group for all users regardless of the rfc2307 attributes. I...

IMHO the option "winbind nss info = rfc2307" does not fully conform to the rfc2307 spec to generate user and group data and is thus "incorrect". The way it is currently done does solve one issue related to group membership mapping, but if I understand the way permissions are checked it is a non-issue. I think it is broken...

Hi In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. The workarounds are to use the winbind [ho...

Hi, Just noticed, I am unable to use nested groups when relying on RFC2307 for filesystem permissions, am I wright? What have I missed? (Samba 4.12 on Buster, 2008R2 domain level) Any migration path to stop using RFC2307 and go to pure idmap without loosing all permissions on a 6T filesystem? Is that a solution? Regards, -- *Marcio Merlone*

Hi, We recently updated our domain to 2008R2 servers from 2000. I know the services for unix changed from the proprietary setup in 2000 to rfc2307 compliant around 2003 R2 I've updated samba to 3.5.4 (apparently most earlier versions don't play well with the changes in AD), and gotten things essentially working. The problem is users created since the old 2000 servers have been retired. Users with the old msSFU info in the schema...