Hello Takahashi, I am using ADUC to manage UNIX attributes and have created the attributes for each test user.
Just to make sure I understand you correctly; you're saying there is no way to have S4 winbind use rfc2307 attributes for *nix authentication on a DC, but it will work on a member server? This is a "clean" provision test setup that I am running at home. In production (and testing at work) I will be performing a classicupgrade. I have 300+ users with existing accounts spread out across many servers. S3 (or it's LDAP backend) is used for auth & auth on all of our services, so I need to ensure these attributes stay the same. Worst case I can use NSS+LDAP, but I would prefer to use winbind if possible. Here I have NSS+LDAP configured and getent reports the correct uidNumber and gidNumber that I have specified in AD (rfc2307 attributes): root@ALW1:~# getent passwd | grep tuser tuser1:*:10005:10000:Test User1:/home/tuser1:/bin/sh tuser2:*:10006:10000:Test User2:/home/tuser2:/bin/sh tuser3:*:10007:10000:Test User3:/home/tuser3:/bin/sh Here (DC) I am using winbind for authentication, and getent does not report the correct uidNumber and gidNumber: [root@ADC1 ~]# getent passwd | grep tuser TESTDOM\tuser1:*:3000025:100:Test User1:/home/tuser1:/bin/sh TESTDOM\tuser2:*:3000026:100:Test User2:/home/tuser2:/bin/sh TESTDOM\tuser3:*:3000027:100:Test User3:/home/tuser3:/bin/sh On Sun, Dec 16, 2012 at 9:57 AM, TAKAHASHI Motonobu <mo...@monyo.com> wrote: > From: Thomas Simmons <twsn...@gmail.com> > Date: Sat, 15 Dec 2012 22:11:00 -0500 > > > After provisioning a domain (with rfc2307 attributes), what are the next > > steps to enable S4 winbind to use these attributes? > > As far as I know, winbind on S4 DC cannot use this attribute. This setting > affects only S4 domain member. > > You may manually set these attributes on S4 DC with the script: > http://lists.samba.org/archive/samba-technical/2012-November/089119.html > > --- > TAKAHASHI Motonobu <mo...@monyo.com> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba