On Fri, 2012-01-13 at 02:51 +0100, steve wrote: > On 12/01/12 23:02, Adam Tauno Williams wrote: > > Quoting steve <st...@steve-ss.com>: > >>>>> Samba4's winbind does not support RFC2307, so doing this is pretty > >>>>> rough. I think you need to either use CIFS + winbind everywhere or > >>>>> somehow maintain an external idmap. > >>>>> Yea, it is horrible. We are staring down the barrell of the same > >>>>> gun. > >>> As Jeremy said, they are discussing what needs to be done before > >>> releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba > >>> 4's winbind etc., so if something that is critical for you does not > >>> currently work, you should file a bug report. > >> Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone > >> with my issue. I think I should be easy to fix now before it goes beta. > >> https://bugzilla.samba.org/show_bug.cgi?id=8635 > > > > Holy awesome; it got better. I just tested an upgrade of our > > production domain and it appears that Samba4 took [and kept] the UID > > number from the existing account. > > Production > > ------------- > > [root@littleboy ~]# id adam > > uid=437(adam) gid=230(cis) groups=230(cis) > > Test Server > > ------------ > > barbel:~ # wbinfo -i adam > > BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false > > Home directory is a bit wierd, and the gidNumber didn't stick. But at > > least I have the uidNumber. > > 4.0.0alpha18-GIT-103c1cb [openSUSE 12.1 x86_64] transitioned via > > "samba-tool domain samba3upgrade" from Samba S3w/LDAPSAM. > Nice find you have there. Meanwhile I've got it working. Very rough. But > working for 10 hour Kerberos sessions at a time;) > http://linuxcostablanca.blogspot.com/2011/12/samba-4-linux-integration-first-i-want.html > Steve
What I'm puzzled by [and maybe this is a deficiency in Samba4 still] is that while the LDAP modify works the wbinfo output doesn't change. dn: CN=adam,CN=Users,DC=micore,DC=us changetype: modify add: objectclass objectclass: posixaccount - add: objectclass objectclass: shadowaccount - add: uidnumber uidnumber: 437 - add: gidnumber gidnumber: 230 - add:unixhomedirectory unixhomedirectory: /home/adam - add: loginshell loginshell: /bin/ksh barbel:~ # wbinfo -i adam BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false So obviously the gidNumber attribute is ignored. The uidNumber attribute didn't exist in the object - so that is obviously coming from elsewhere. Guess I need to dig into winbind. I'm currently *assuming* that these attributes are compatible with SFU for Windows and that they'd replicate to a Windows AD server. -- Adam Tauno Williams <awill...@whitemice.org> LPIC-1, Novell CLA <http://www.whitemiceconsulting.com> OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba