Enable NIS extensions (rfc2307) on Samba 4 AD after installation

samba4 nis

I'm testing out our samba 4 migration process and when the initial forest/domain was created, it was created without using --use-rfc2307:

sudo samba-tool domain provision \
              --domain netdirect \
              --realm=ad.netdirect.ca \
              --function-level=2008_R2

Now that it's in place and we have machines joined, what do I need to do to add the unix attributes and NIS maps to an existing samba4 domain so that we can use the rfc2307 features?


The schema extensions from ypServ30.ldif must be added:

$ kinit [email protected]
Password for [email protected]

$ sed -e 's/${DOMAINDN}/dc=AD,dc=NETDIRECT,dc=CA/g'  \
      -e 's/${NETBIOSNAME}/NETDIRECT/g'              \
      -e 's/${NISDOMAIN}/NETDIRECT/g'                \
      /usr/share/samba/setup/ypServ30.ldif | ldbmodify -H ldap://ad1.ad.netdirect.ca --option="dsdb:schema update allowed=true" -k yes -i
Modified 55 records successfully

Then, add to the [global] section of /etc/samba/smb.conf:

idmap_ldb:use rfc2307 = yes

Restart samba (smbcontrol all reload-config) and you should be good to go.

(Thanks to Rowland Penny for the initial directions)

Related

Permissions Issue with Files Generated by PerfMon
Explain load averages on Solaris 10
Achieving Five Nines
Chaining custom systemd services
Network Incident Report Template
VMXNET3 performance on Linux on ESX 5.0
How are IP addresses assigned? What do the parts mean? [duplicate]
How does Windows Event forwarding work with non domain computers? (certificates)
Slow connect on ssh on Ubuntu
Looking for a faster way to transfer file to a windows network share
SELinux port "defined in policy, cannot be deleted"
LDAP authentication ... Log in fail on the LDAP client