Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 15/08/12 06:51, Gémes Géza wrote: 2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Hi Thanks for the link. Unfortunately Vbox is the only VM which has 32bit support. The others need 64bit, which we don't have:( I'll ask on the openSUSE list to see if there is any workaround. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 15/08/12 08:02, steve wrote: On 15/08/12 06:51, Gémes Géza wrote: 2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Hi Thanks for the link. Unfortunately Vbox is the only VM which has 32bit support. The others need 64bit, which we don't have:( I'll ask on the openSUSE list to see if there is any workaround. Cheers, Steve Hello Steve, you seem to be working on the same thing as I am, using Samba4 as a domain controller. I initially tried your set up and found the problems that you have, this is where we seem to have forked off in different directions. You seem to be chasing using Winbind and NFS, whilst I went with Winbind and Pam_mount. I am only using one server running samba4, with Pam-mount I can mount any users unixhomedir (wherever that may be) from the server onto the clients (like windows profiles) via the use of groups and can also mount the dropbox share which shows up in the users home directory. If you are interested, I can supply you my notes to try it out yourself. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 15/08/12 10:39, Rowland Penny wrote: On 15/08/12 08:02, steve wrote: On 15/08/12 06:51, Gémes Géza wrote: 2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Hi Thanks for the link. Unfortunately Vbox is the only VM which has 32bit support. The others need 64bit, which we don't have:( I'll ask on the openSUSE list to see if there is any workaround. Cheers, Steve Hello Steve, you seem to be working on the same thing as I am, using Samba4 as a domain controller. I initially tried your set up and found the problems that you have, this is where we seem to have forked off in different directions. You seem to be chasing using Winbind and NFS, whilst I went with Winbind and Pam_mount. I am only using one server running samba4, with Pam-mount I can mount any users unixhomedir (wherever that may be) from the server onto the clients (like windows profiles) via the use of groups and can also mount the dropbox share which shows up in the users home directory. If you are interested, I can supply you my notes to try it out yourself. Hi Rowland We ditched winbind totally in favour of the (much faster and predictable) nss-pam-ldapd. That coupled with NFS4 gets the job done albeit unofficially. Yes, thanks for the offer. We'd be interested to see/compare any alternatives. On a different note, we've only just discovered that s3fs is not yet ready as a fileserver and we have to split off from the DC and use a separate 3.6 box as the filer. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve If you don't want to use the second box interactively yes, if you intend to login there, or have home directories served from there better install Samba3.6 on it. Regards Geza Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network Geza, How do I tell xp and 7 clients to look at the virtual s3.6 machine as fileserver? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network (maybe just without virtualbox part ;-) ). If this is more than a test setup I would recommend using Xen or KVM for virtualisation (My production boxes run on top of Xen for about 6 years, and at home I use KVM (for running test setups) (was easier to set up on a Desktop machine), (used Virtualbox before (didn't have hardware support for KVM))). Hi Geza, hi everyone Thanks. Praise indeed coming from a dev of your status:) I'd still like to see s3fs cope with file serving on the DC itself, as it's sooo much easier to setup. What is wrong with Vbox? Is Xen any smaller or faster? Our DC has only 2GB RAM. Running a VM on top of is already asking a lot of it. Also we have rpm's for host and guest out of the box on openSUSE. Can you take snapshots on Xen like on Vbox and roll back when you screw up? On the NFS side of affairs I see it is impossible to create a group rw NFS4 share from a 0022 umask. The NFS devs seem unwilling or unable to do anything about it. Meanwhile the NFS3 Kerberos backport works well enough. Any ideas? A separate partition with a 0002 umask. Can I do that on the same disk? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
2012-08-14 23:15 keltezéssel, steve írta: On 12/08/12 17:45, Gémes Géza wrote: 2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network (maybe just without virtualbox part ;-) ). If this is more than a test setup I would recommend using Xen or KVM for virtualisation (My production boxes run on top of Xen for about 6 years, and at home I use KVM (for running test setups) (was easier to set up on a Desktop machine), (used Virtualbox before (didn't have hardware support for KVM))). Hi, Hi Geza, hi everyone Thanks. Praise indeed coming from a dev of your status:) Please do not overestimate the occasional patches I've submitted. I'd still like to see s3fs cope with file serving on the DC itself, as it's sooo much easier to setup. What is wrong with Vbox? Is Xen any smaller or faster? Both smaller and faster (http://www.phoronix.com/scan.php?page=articleitem=ubuntu_1110_xenkvmnum=1), and unlike vbox both kvm and xen provide a way to boot your virtual machine at the boot of the host. Our DC has only 2GB RAM. Running a VM on top of is already asking a lot of it. Also we have rpm's for host and guest out of the box on openSUSE. Can you take snapshots on Xen like on Vbox and roll back when you screw up? On the NFS side of affairs I see it is impossible to create a group rw NFS4 share from a 0022 umask. The NFS devs seem unwilling or unable to do anything about it. Meanwhile the NFS3 Kerberos backport works well enough. Any ideas? A separate partition with a 0002 umask. Can I do that on the same disk? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 09:31, steve wrote: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve But hang on. That wouldn't work either. Would we need to completely ditch s3fs for rfc2307 to work? What's wrong with nss-ldapd instead, or in the meanwhile until winbind and s3fs catches up? How would I setup the a recommended, official Samba fileserver? Is it a Samba 3.6 machine on VBox? Normally, I create a user on the DC, give him rfc2307 classes and attributes and create his home directory. When the user is created, I also create the whole of his login to both Linux and windows machines. I can do that with the DC and fileserver as the same machine by bypassing winbind and using nss-pam-ldapd. All the user has to do is choose whether to use a Linux or windows box. Confused. . . Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve If you don't want to use the second box interactively yes, if you intend to login there, or have home directories served from there better install Samba3.6 on it. Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 12:44, steve wrote: On 12/08/12 09:31, steve wrote: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve But hang on. That wouldn't work either. Would we need to completely ditch s3fs for rfc2307 to work? What's wrong with nss-ldapd instead, or in the meanwhile until winbind and s3fs catches up? How would I setup the a recommended, official Samba fileserver? Is it a Samba 3.6 machine on VBox? Normally, I create a user on the DC, give him rfc2307 classes and attributes and create his home directory. When the user is created, I also create the whole of his login to both Linux and windows machines. I can do that with the DC and fileserver as the same machine by bypassing winbind and using nss-pam-ldapd. All the user has to do is choose whether to use a Linux or windows box. Confused. . . Cheers, Steve Have you considered winbind and pam-mount? With this you can mount the users homedir from the server on the client. Also with groups you can mount different homedirs based on what group the user is in. Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve If you don't want to use the second box interactively yes, if you intend to login there, or have home directories served from there better install Samba3.6 on it. Regards Geza Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
2012-08-12 16:26 keltezéssel, steve írta: On 12/08/12 15:28, Gémes Géza wrote: 2012-08-12 09:31 keltezéssel, steve írta: On 08/11/2012 01:10 PM, Andrew Bartlett wrote: On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett Hi Does this mean having one Samba4 machine as the DC and another Samba4 (e.g. Vbox) machine joined to it as a member to act as fileserver? Cheers, Steve If you don't want to use the second box interactively yes, if you intend to login there, or have home directories served from there better install Samba3.6 on it. Regards Geza Hi Geza, hi everyone OK, conclusion. I have a single box with s4 DC. The same same box with a Vbox guest running S3.6, and NFS. The S4 DC becomes a NFS client when I mount the shares from the Vbox guest on it. I create users and their home directories on the DC. Files are served from the S3 Vbox guest. The DC has no shares apart from [global], [netlogon] and [sysvol]. The s3 guest carries all the shares I would normally add after the 3 default DC shares. Instead of using the hostname of the DC when I mount shares on remote clients, I use the hostname of the S3 Guest. How am I doing so far? Cheers, Steve Hi, IMHO what you've written could be a short HOWTO for using Samba4 in a network (maybe just without virtualbox part ;-) ). If this is more than a test setup I would recommend using Xen or KVM for virtualisation (My production boxes run on top of Xen for about 6 years, and at home I use KVM (for running test setups) (was easier to set up on a Desktop machine), (used Virtualbox before (didn't have hardware support for KVM))). Regards Geza P.S. Sorry for the off-topic about virtualisation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On Fri, 2012-08-10 at 06:04 +0200, steve wrote: Hi In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. The workarounds are to use the winbind [homes] share and link from there to the real unixHomeDirectory or else use nss-ldapd. Is it planned that Samba4 winbind will inherit all of rfc2307 at some stage? At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. In the very long term, it is clear that we will need to change the winbindd implementation to avoid these issues, but that isn't something we can even contemplate at this point. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: rfc2307 compatibility with Samba3
On Sat, 2012-08-11 at 11:21 +0200, Helmut Hullen wrote: Hallo, Andrew, Du meintest am 11.08.12: In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. [...] At this stage, we still don't recommend combining file server and DC functions. By separating these functions onto different (virtual) servers, you can avoid this issue. Sorry - that sounds ugly. I prefer using samba as a combined system for SOHO (especially for schools). And working with several servers (especially virtual servers) is not attractive for someone who looks for the server as a second or third job, beneath his/her main job. I would rather advertise a narrower, known to work set of functionality than to promise broader features than we know works well in production experience. In particular, we know about the limitations that Steve mentions, and we know the workaround: don't mix the file server and AD DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: rfc2307 compatibility with Samba3
Hi In Samba3, I have full rfc2307 compliance via winbind where all attributes can be obtained from AD. In Samba4 I only have partial rfc2307 compatibility with: idmap_ldb:use rfc2307 = yes uidNumber and gidNumber can be obtained from AD but uinxHomeDirectory and loginShell are missing. The workarounds are to use the winbind [homes] share and link from there to the real unixHomeDirectory or else use nss-ldapd. Is it planned that Samba4 winbind will inherit all of rfc2307 at some stage? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
