Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] What does idmap_ldb:use rfc2307 = yes do exactly?

98 views
Skip to first unread message

Brady, Mike

unread,
Jun 3, 2015, 8:31:48 PM6/3/15
to
I see that on the page
https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers
that

idmap_ldb:use rfc2307 = yes

is required on all DC when wanting to use RFC2307, but I can not find
any mention of this parameter in the man pages or any explanation of
exactly what it does anywhere else.

I am using RFC2307 in my set up and do have this in all my server
configuratiosn (both DC and member) and I think that everything is
working, so just wanting understand what this actually does rather than
having a problem.

Regards

Mike

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

buhorojo

unread,
Jun 4, 2015, 12:31:49 PM6/4/15
to
On 04/06/15 02:12, Brady, Mike wrote:
> I see that on the page
> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers
> that
>
> idmap_ldb:use rfc2307 = yes
>
> is required on all DC when wanting to use RFC2307, but I can not find
> any mention of this parameter in the man pages or any explanation of
> exactly what it does anywhere else.
>
> I am using RFC2307 in my set up and do have this in all my server
> configuratiosn (both DC and member) and I think that everything is
> working, so just wanting understand what this actually does rather
> than having a problem.
>
> Regards
>
> Mike
Hi
It can be used to instruct winbind to look in the directory when uid and
gid sid mappings are required. Otherwise an external database is
consulted. rfc2307 support is not complete as only the two attributes
mentioned can be read.
HTH

Sébastien Le Ray

unread,
Jun 4, 2015, 12:36:34 PM6/4/15
to
Hi,

http://tools.ietf.org/html/rfc2307

It is used to pull down UNIX information from active directory (namely
uid, gid, homedir, shell). Support is partial on domain controller since
shell & homedir can only be set through * template parameters in
smb.conf despite rfc2307 being used. Shell & homedir are correctly
fetched on member servers.

Regards,

buhorojo

unread,
Jun 4, 2015, 12:54:59 PM6/4/15
to
On 04/06/15 18:35, Sébastien Le Ray wrote:
> Shell & homedir are correctly fetched on member servers.
Without:
idmap_ldb:use rfc2307 = yes

Brady, Mike

unread,
Jun 4, 2015, 6:26:15 PM6/4/15
to
On 2015-06-05 04:54, buhorojo wrote:
> On 04/06/15 18:35, Sébastien Le Ray wrote:
>> Shell & homedir are correctly fetched on member servers.
> Without:
> idmap_ldb:use rfc2307 = yes

Does idmap_ldb apply to both the internal winbind on a DC and the
external winbindd on a file server?

On a 4.1 DC using the internal winbind the only winbind related
configuration that I have is


idmap_ldb:use rfc2307 = yes

But on my file servers I have always had additional winbind
configuration along the lines of the following:

idmap_ldb:use rfc2307 = yes

idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config SAMBA:backend = ad
idmap config SAMBA:schema_mode = rfc2307
idmap config SAMBA:range = 1000000-5000000
winbind nss info = rfc2307

On a 4.2 DC the external winbindd is now used by default. Should I now
have this additional configuration on the DC as well?

I have 2x 4.1 DC and 1x 4.1 file server and am just starting to work
through upgrading to 4.2. I have added a 4.2 DC to the domain and
wbinfo and getent all return the results that I expect on all four
machines so I am just trying to make sure that I doing things correctly
rather than having something that does not work.

Thanks

Mike

0 new messages