On 13/04/13 19:24, steve wrote:
On 13/04/13 18:49, François Lafont wrote:
Hi,
Le 11/04/2013 22:39, Gémes Géza a écrit :
The easiest way to test out rfc2307 would be to provision a new domain
with samba-tool domain provision --use-rfc2307
--the-other-options-of-your-choice, and test a rfc2307 client against
it. The difference is, that in this case the provisioning script
loads a
schema file (ypServ30.ldif) which makes it easier to administer the
rfc2307 attributes using ADUC. [...]
Ok. I try this in a wheezy server:
---------------------------------------------------
samba-tool domain provision --realm=CHEZMOI.PRIV \
--domain=CHEZMOI --server-role=dc --dns-backend=SAMBA_INTERNAL \
--adminpass='+toto123' --use-rfc2307
echo "nameserver 192.168.0.21" > /etc/resolv.conf
samba
samba-tool user add test1 "+test123"
---------------------------------------------------
Here is my smb.conf file after this commands:
---------------------------------------------------
# Global parameters
[global]
workgroup = CHEZMOI
realm = CHEZMOI.PRIV
netbios name = WHEEZY-1
server role = active directory domain controller
dns forwarder = 212.27.40.241
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
---------------------------------------------------
But when I run:
ldbedit --url=/usr/local/samba/private/sam.ldb cn=test1
---------------------------------------------------
# editing 1 records
# record 1
dn: CN=test1,CN=Users,DC=chezmoi,DC=priv
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test1
instanceType: 4
whenCreated: 20130413162647.0Z
whenChanged: 20130413162647.0Z
uSNCreated: 3769
name: test1
objectGUID: 0d95a85f-92d9-425c-8ddf-bcdb401a1c99
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3595212667-731548510-1075401445-1103
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: test1
sAMAccountType: 805306368
userPrincipalName: te...@chezmoi.priv
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=chezmoi,DC=priv
pwdLastSet: 130103440070000000
userAccountControl: 512
uSNChanged: 3771
distinguishedName: CN=test1,CN=Users,DC=chezmoi,DC=priv
---------------------------------------------------
I have no "objectClass: posixAccount" entry and then no "uidNumber",
"gidNumber" attribute. Is it normal?
I thought that "use-rfc2307" option allowed to create "posixaccount"
users. Isn't It the case?
Hi
You still have to add the objects. Yourself! I think provsioning with
the rfc2307 option allows you to use the windows tools instead of
using ldbedit or ldif's. If you just want uid:gid you can use ldbedit
like you have above and
add e.g.
objectClass: posixGroup
gidNumber: 20513
to Domain Users
then, e.g.
objectClass posixAccount
uidNumber: 3000100
gidNumber: 20513
to each of your users. With a different uid for each user of course.
You then decide how to get the uid:gid out of AD. There's another
thread here at the moment about how or how not to do that.
hth
Steve
Hi, You do not need the posix objectclasses, you can add the uidNumbers
etc without them.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
