Re: [Samba] NIS to SAMBA4 Migration
I am also struggling to find up to date information on using Samba 4 with linux clients. I have managed to get the RFC 2307 fields by installing the 'NIS tools' feature on a W2k8 DC, and creating a 'NIS domain'. Previously I could see the fields, but could not select a NIS domain in the ADUC tool to make the RFC 2307 fields enabled. I'm also trying to find out the correct way to add the autohome nis map. I have tried: ldbmodify -H /usr/local/samba/private/sam.ldb automount_template.ldif --option=dsdb:schema update allowed=true But this seemed to fail. I have thought I might need to use the Microsoft schema management tool to add the automount schema. On Sat, Nov 24, 2012 at 4:01 PM, Gémes Géza g...@kzsdabas.hu wrote: Hi, Hello Steve, The only way I have found to enable those options is to provision with --use-rfc2307. We are performing an upgrade from Samba3 and I noticed that the options were not grayed out after performing a classicupgrade, but were grayed out after a clean provision. I finally figured out that the classicupgrade always uses the --use-rfc2307 flag. This flag will add the option idmap_ldb:use rfc2307 = yes to your smb.conf, however, it has been my experience that adding that to smb.conf post-provision does not enable the UNIX Attributes options, so the provision option must do something else. I would like to know if there is a way to enable this after the fact, but I've not come up with anything yet. I need to complete further testing on the actual authentication of Linux clients, Apache, RADIUS and OpenVPN, but have run into a show-stopper with DNS replication and have moved all my efforts to this for the time being. I was able to get Linux clients authenticating via winbind, but this was before I found out about the --use-rfc2307 option and winbind was using auto-generated UIDs and GIDs. Any notes you come up with would be greatly appreciated. Thanks, Thomas. Provisioning with --use-rfc2307 also loads the NIS schema into AD and thus allows you to set that attributes via ADUC. To do the same after provision you would need to import the schema after provision. The skeleton of it is in /usr/local/samba/share/setup/** ypServ30.ldif on a default install. Regards Geza Gemes On Fri, Nov 23, 2012 at 10:38 AM, Steve van Maanen st...@starsphere.jp wrote: Hello everyone, I am trying to figure out a way to migrate NIS maps to SAMBA4 (I want to replace NIS with SAMAB4 for a Linux domain. I have researched a fair bit on the web but have not found out any solutions and was hoping I could find some help here. What I have found so far pertains to Windows implementations of Active Directory. Here are my questions. 1) Is it possible with a default install of SAMBA4 or do I need to extend the schema? 2) I notice there is a Unix attributes tab for users, when using Active Directory users and groups to administer the Samba4 AD, but I am unable to change the properties. Is there any way I can enable this? 3) Has anyone done this and if so, can you offer me some pointers? Many thanks! Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NIS to SAMBA4 Migration
Hi, I am also struggling to find up to date information on using Samba 4 with linux clients. I have managed to get the RFC 2307 fields by installing the 'NIS tools' feature on a W2k8 DC, and creating a 'NIS domain'. Previously I could see the fields, but could not select a NIS domain in the ADUC tool to make the RFC 2307 fields enabled. I was successful in using Samba4 AD with Ubuntu 12.04 (precise) clients using winbind (in nsswitch and pam) and kerberos (pam-krb5) the relevant changes (to the default config are): /etc/krb5.conf proxiable = false /etc/samba/smb.conf workgroup = YOUR_WORKGROUP realm = YOUR_REALM kerberos method = system keytab security = ads winbind enum groups = yes winbind enum users = yes idmap config *:backend = tdb idmap config *:range = 201-300 idmap config YOUR_WORKGROUP:default = yes idmap config YOUR_WORKGROUP:backend = ad idmap config YOUR_WORKGROUP:range = 0-200 idmap config YOUR_WORKGROUP:schema_mode = rfc2307 winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind use default domain = yes /etc/nsswitch.conf passwd: files winbind group: files winbind pam-auth-update took care of pam configuration (I had to do only afs homedirs related changes, irrelevant if you don't use afs) winbind pulls correctly all the information for the users and group which have been posixified. However with the same config on debian squeeze or wheezy I receive only a part of the group memberships, and other nastiness (e.g. getent group and id for a group member give different results) I'm also trying to find out the correct way to add the autohome nis map. I have tried: ldbmodify -H /usr/local/samba/private/sam.ldb automount_template.ldif You shouldn't modify the sam.ldb directly while samba is running instead would suggest to use ldbmodify -H ldap://your-ad.server --option=dsdb:schema update allowed=true But this seemed to fail. I have thought I might need to use the Microsoft schema management tool to add the automount schema. Regards Geza Gemes Hi, Hello Steve, The only way I have found to enable those options is to provision with --use-rfc2307. We are performing an upgrade from Samba3 and I noticed that the options were not grayed out after performing a classicupgrade, but were grayed out after a clean provision. I finally figured out that the classicupgrade always uses the --use-rfc2307 flag. This flag will add the option idmap_ldb:use rfc2307 = yes to your smb.conf, however, it has been my experience that adding that to smb.conf post-provision does not enable the UNIX Attributes options, so the provision option must do something else. I would like to know if there is a way to enable this after the fact, but I've not come up with anything yet. I need to complete further testing on the actual authentication of Linux clients, Apache, RADIUS and OpenVPN, but have run into a show-stopper with DNS replication and have moved all my efforts to this for the time being. I was able to get Linux clients authenticating via winbind, but this was before I found out about the --use-rfc2307 option and winbind was using auto-generated UIDs and GIDs. Any notes you come up with would be greatly appreciated. Thanks, Thomas. Provisioning with --use-rfc2307 also loads the NIS schema into AD and thus allows you to set that attributes via ADUC. To do the same after provision you would need to import the schema after provision. The skeleton of it is in /usr/local/samba/share/setup/** ypServ30.ldif on a default install. Regards Geza Gemes On Fri, Nov 23, 2012 at 10:38 AM, Steve van Maanen st...@starsphere.jp wrote: Hello everyone, I am trying to figure out a way to migrate NIS maps to SAMBA4 (I want to replace NIS with SAMAB4 for a Linux domain. I have researched a fair bit on the web but have not found out any solutions and was hoping I could find some help here. What I have found so far pertains to Windows implementations of Active Directory. Here are my questions. 1) Is it possible with a default install of SAMBA4 or do I need to extend the schema? 2) I notice there is a Unix attributes tab for users, when using Active Directory users and groups to administer the Samba4 AD, but I am unable to change the properties. Is there any way I can enable this? 3) Has anyone done this and if so, can you offer me some pointers? Many thanks! Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NIS to SAMBA4 Migration
Hello everyone, I am trying to figure out a way to migrate NIS maps to SAMBA4 (I want to replace NIS with SAMAB4 for a Linux domain. I have researched a fair bit on the web but have not found out any solutions and was hoping I could find some help here. What I have found so far pertains to Windows implementations of Active Directory. Here are my questions. 1) Is it possible with a default install of SAMBA4 or do I need to extend the schema? 2) I notice there is a Unix attributes tab for users, when using Active Directory users and groups to administer the Samba4 AD, but I am unable to change the properties. Is there any way I can enable this? 3) Has anyone done this and if so, can you offer me some pointers? Many thanks! Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NIS to SAMBA4 Migration
Hello Steve, The only way I have found to enable those options is to provision with --use-rfc2307. We are performing an upgrade from Samba3 and I noticed that the options were not grayed out after performing a classicupgrade, but were grayed out after a clean provision. I finally figured out that the classicupgrade always uses the --use-rfc2307 flag. This flag will add the option idmap_ldb:use rfc2307 = yes to your smb.conf, however, it has been my experience that adding that to smb.conf post-provision does not enable the UNIX Attributes options, so the provision option must do something else. I would like to know if there is a way to enable this after the fact, but I've not come up with anything yet. I need to complete further testing on the actual authentication of Linux clients, Apache, RADIUS and OpenVPN, but have run into a show-stopper with DNS replication and have moved all my efforts to this for the time being. I was able to get Linux clients authenticating via winbind, but this was before I found out about the --use-rfc2307 option and winbind was using auto-generated UIDs and GIDs. Any notes you come up with would be greatly appreciated. Thanks, Thomas. On Fri, Nov 23, 2012 at 10:38 AM, Steve van Maanen st...@starsphere.jpwrote: Hello everyone, I am trying to figure out a way to migrate NIS maps to SAMBA4 (I want to replace NIS with SAMAB4 for a Linux domain. I have researched a fair bit on the web but have not found out any solutions and was hoping I could find some help here. What I have found so far pertains to Windows implementations of Active Directory. Here are my questions. 1) Is it possible with a default install of SAMBA4 or do I need to extend the schema? 2) I notice there is a Unix attributes tab for users, when using Active Directory users and groups to administer the Samba4 AD, but I am unable to change the properties. Is there any way I can enable this? 3) Has anyone done this and if so, can you offer me some pointers? Many thanks! Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NIS to SAMBA4 Migration
Hi, http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html has pretty detailed info on setting up S4 to serve posix user infomation as per rfc2307. back when I installed it I had to extend the schema maually to include rfc2307 attributes. as for user management I largely use some scripts to generate ldifs to set the needed attributes. never really used the windows tools. though I think the according fields in the windows gui allowed the attrbutes to be changed. bernd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NIS to SAMBA4 Migration
Hi, Hello Steve, The only way I have found to enable those options is to provision with --use-rfc2307. We are performing an upgrade from Samba3 and I noticed that the options were not grayed out after performing a classicupgrade, but were grayed out after a clean provision. I finally figured out that the classicupgrade always uses the --use-rfc2307 flag. This flag will add the option idmap_ldb:use rfc2307 = yes to your smb.conf, however, it has been my experience that adding that to smb.conf post-provision does not enable the UNIX Attributes options, so the provision option must do something else. I would like to know if there is a way to enable this after the fact, but I've not come up with anything yet. I need to complete further testing on the actual authentication of Linux clients, Apache, RADIUS and OpenVPN, but have run into a show-stopper with DNS replication and have moved all my efforts to this for the time being. I was able to get Linux clients authenticating via winbind, but this was before I found out about the --use-rfc2307 option and winbind was using auto-generated UIDs and GIDs. Any notes you come up with would be greatly appreciated. Thanks, Thomas. Provisioning with --use-rfc2307 also loads the NIS schema into AD and thus allows you to set that attributes via ADUC. To do the same after provision you would need to import the schema after provision. The skeleton of it is in /usr/local/samba/share/setup/ypServ30.ldif on a default install. Regards Geza Gemes On Fri, Nov 23, 2012 at 10:38 AM, Steve van Maanen st...@starsphere.jpwrote: Hello everyone, I am trying to figure out a way to migrate NIS maps to SAMBA4 (I want to replace NIS with SAMAB4 for a Linux domain. I have researched a fair bit on the web but have not found out any solutions and was hoping I could find some help here. What I have found so far pertains to Windows implementations of Active Directory. Here are my questions. 1) Is it possible with a default install of SAMBA4 or do I need to extend the schema? 2) I notice there is a Unix attributes tab for users, when using Active Directory users and groups to administer the Samba4 AD, but I am unable to change the properties. Is there any way I can enable this? 3) Has anyone done this and if so, can you offer me some pointers? Many thanks! Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
