Enable NIS extensions (rfc2307) on Samba 4 AD after installation

Question

I'm testing out our samba 4 migration process and when the initial forest/domain was created, it was created without using --use-rfc2307:

sudo samba-tool domain provision \
              --domain netdirect \
              --realm=ad.netdirect.ca \
              --function-level=2008_R2

Now that it's in place and we have machines joined, what do I need to do to add the unix attributes and NIS maps to an existing samba4 domain so that we can use the rfc2307 features?

score 3 · Accepted Answer · answered Nov 28 '13 at 17:09

The schema extensions from ypServ30.ldif must be added:

$ kinit administrator@AD.NETDIRECT.CA
Password for administrator@AD.NETDIRECT.CA

$ sed -e 's/${DOMAINDN}/dc=AD,dc=NETDIRECT,dc=CA/g'  \
      -e 's/${NETBIOSNAME}/NETDIRECT/g'              \
      -e 's/${NISDOMAIN}/NETDIRECT/g'                \
      /usr/share/samba/setup/ypServ30.ldif | ldbmodify -H ldap://ad1.ad.netdirect.ca --option="dsdb:schema update allowed=true" -k yes -i
Modified 55 records successfully

Then, add to the [global] section of /etc/samba/smb.conf:

idmap_ldb:use rfc2307 = yes

Restart samba (smbcontrol all reload-config) and you should be good to go.

(Thanks to Rowland Penny for the initial directions)

Enable NIS extensions (rfc2307) on Samba 4 AD after installation

1 Answers1

Linked