Web lists-archives.com

Re: [Samba] [samba] file server, AD client, no rfc2307




On Thu, 27 Jul 2017 08:47:28 +0200
mathias dufresne <infractory@xxxxxxxxx> wrote:


> 
> You're right. The 'Unix Attributes' tab in ADUC needs what I called
> 'schema modification'. Without that change the 'NIS Domain' dropdown
> menu propose only "<none>" as an option, no NIS domain which is
> coherent.
> 
> Yes they're here, we can set them using ldapmodify or using ADSI
> console from RSAT.
> But I was never able to make winbindd work without the 'schema
> modification'.
> 
> 
> >
> > Anything sssd can do on a Unix domain member, winbind can do.
> >
> 
> Here please understand I don't to say one's better than the other but
> I did was able to make sssd working without the schema modification.
> In addition sssd offers something to choose which AD attribute will
> be use to fill each part of UNIX user (ex: ldap_user_uid_number =
> sAMAccountName, these option come from sssd-ldap man page but are
> usable with sssd-ad module).
> 
> This is useful for stubborn clients as mine who do not want to modify
> their AD...
> 
> 
> >
> > I am fairly sure that your 'schema modification' is the same as
> > adding IDMU to a Windows DC and windbind works with a windows DC
> > that doesn't have IDMU installed.
> >
> 
> I'm fairly sure too they are the same (IDMU and what I called 'schema
> modification') and I believe you when you say winbind can deal RFC2307
> attributes without IDMU/schema mod. Simply I wasn't able to make it
> work. What can I say? I will try again : )

It should work without --use-rfc2307, if it doesn't, then I personally
would class it as a bug.

I will have a look at the provision code for the Samba DC to see what
it actually does when you use '--use-rfc2307', if it just adds
'ypServ30.ldif', I will setup a test domain without '--use-rfc2307' and
see what happens ;-)

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba