Re: [Samba] rfc2037
- Date: Fri, 26 Oct 2018 20:58:32 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] rfc2037
On Fri, 26 Oct 2018 12:29:38 -0700
Gregory Sloop via samba <samba@xxxxxxxxxxxxxxx> wrote:
> So, just wanting to verify - since I *think* I understand but am not
> [The Wiki article might be clarified re: rfc2037 - and avoid
> questions like this.]
> 2037 only comes into play if you're interested in controlling local
> access for *nix users on the local file system. Thus, if you are, for
> example, setting up a [or a pair, or more] DC only, which won't have
> local users - than 2037 won't matter.
> In my case, I'm setting up a new domain with two DC's and the DC's
> will only be used for Windows users/stations. Thus, it sure seems
> that I can ignore 2037 safely.
> That said, I did provision the initial DC [accidentally] with
> --use-rfc2307 - is there any reason to re-provision and remove it?
> [Might it be good, if I eventually integrate Unix users on other
> member servers, but am not doing so now?]
You can safely ignore the rfc2307 attributes, adding '--use-rfc2307' to
provision just adds a bit of framework to AD, most of which is used by
The main rfc2307 attributes are part of the schema and you get them
whether you want them or not.
To sort of prove the point, if you create a Unix user with Samba tool,
it says this:
Example5 shows how to create an RFC2307/NIS domain enabled user account. If
--nis-domain is set, then the other four parameters are mandatory.
What it doesn't say is, you can add any permutation of the four, just
as long as you don't set '--nis-domain' i.e. you do not need the domain.
To unsubscribe from this list go to the following URL and read the