On 13/04/13 18:49, François Lafont wrote:
Hi,
Le 11/04/2013 22:39, Gémes Géza a écrit :
The easiest way to test out rfc2307 would be to provision a new domain
with samba-tool domain provision --use-rfc2307
--the-other-options-of-your-choice, and test a rfc2307 client against
it. The difference is, that in this case the provisioning script loads a
schema file (ypServ30.ldif) which makes it easier to administer the
rfc2307 attributes using ADUC. [...]
Ok. I try this in a wheezy server:
---------------------------------------------------
samba-tool domain provision --realm=CHEZMOI.PRIV \
--domain=CHEZMOI --server-role=dc --dns-backend=SAMBA_INTERNAL \
--adminpass='+toto123' --use-rfc2307
echo "nameserver 192.168.0.21" > /etc/resolv.conf
samba
samba-tool user add test1 "+test123"
---------------------------------------------------
Here is my smb.conf file after this commands:
---------------------------------------------------
# Global parameters
[global]
workgroup = CHEZMOI
realm = CHEZMOI.PRIV
netbios name = WHEEZY-1
server role = active directory domain controller
dns forwarder = 212.27.40.241
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
---------------------------------------------------
But when I run:
ldbedit --url=/usr/local/samba/private/sam.ldb cn=test1
---------------------------------------------------
# editing 1 records
# record 1
dn: CN=test1,CN=Users,DC=chezmoi,DC=priv
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test1
instanceType: 4
whenCreated: 20130413162647.0Z
whenChanged: 20130413162647.0Z
uSNCreated: 3769
name: test1
objectGUID: 0d95a85f-92d9-425c-8ddf-bcdb401a1c99
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3595212667-731548510-1075401445-1103
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: test1
sAMAccountType: 805306368
userPrincipalName: te...@chezmoi.priv
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=chezmoi,DC=priv
pwdLastSet: 130103440070000000
userAccountControl: 512
uSNChanged: 3771
distinguishedName: CN=test1,CN=Users,DC=chezmoi,DC=priv
---------------------------------------------------
I have no "objectClass: posixAccount" entry and then no "uidNumber",
"gidNumber" attribute. Is it normal?
I thought that "use-rfc2307" option allowed to create "posixaccount" users.
Isn't It the case?
Hi
You still have to add the objects. Yourself! I think provsioning with
the rfc2307 option allows you to use the windows tools instead of using
ldbedit or ldif's. If you just want uid:gid you can use ldbedit like you
have above and
add e.g.
objectClass: posixGroup
gidNumber: 20513
to Domain Users
then, e.g.
objectClass posixAccount
uidNumber: 3000100
gidNumber: 20513
to each of your users. With a different uid for each user of course. You
then decide how to get the uid:gid out of AD. There's another thread
here at the moment about how or how not to do that.
hth
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
