How can I confirm that idmap_ad is being called?
I've configured Samba with --with-shared-modules=idmap_ad, built and
installed it; the file ad.so is now present in /usr/local/samba/lib/
idmap/
as expected. I then added the following to smb.conf:
idmap backend = tdb
idmap uid = 65536 - 999999
idmap gid = 65536 - 999999
idmap config SU : backend = ad
idmap config SU : schema_mode = rfc2307
idmap config SU : range = 1 - 65535
idmap config WIN : backend = ad
idmap config WIN : schema_mode = rfc2307
idmap config WIN : range = 1 - 65535
Now I fire up winbindd with debug-level = 10, and issue some queries via
wbinfo. Some requests work as expected, some fail, but when I look in
log.winbindd I never see any reference to idmap.c or idmap_ad.c. I'd
like
to confirm that this module is being used.
I went so far as to deliberately break the smb.conf by specifying
idmap config SU range = 1 -
which I expected to produce an error from idmap_ad_initialize(),
"invalid
filter range". But that message is never logged; instead I see only
errors
from winbindd_util.c, add_trusted_domain():
[2011/05/16 16:57:11.442318, 1] winbindd/winbindd_util.c:
204(add_trusted_domain)
invalid range syntax in idmap config SU: 1 -
Have I missed out on some crucial bit of configuration that's required
to
enable idmap_ad?
--
Kai Lanz Stanford University School of Earth Sciences
Zabel, Daniel
2011-May-17 12:50 UTC
[Samba] How can I confirm that idmap_ad is being used?
Hi Kai,
Have a look at:
log.winbindd-idmap
Also have a look at:
https://bugzilla.samba.org/show_bug.cgi?id=6322
Not totally sure but I think you have to configure it separately for each
domain for which you want to use it, using disjoint ranges.
Cheers,
Daniel
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im Auftrag von Kai Lanz
Gesendet: Dienstag, 17. Mai 2011 02:56
An: samba at lists.samba.org
Betreff: [Samba] How can I confirm that idmap_ad is being used?
How can I confirm that idmap_ad is being called?
I've configured Samba with --with-shared-modules=idmap_ad, built and
installed it; the file ad.so is now present in /usr/local/samba/lib/ idmap/ as
expected. I then added the following to smb.conf:
idmap backend = tdb
idmap uid = 65536 - 999999
idmap gid = 65536 - 999999
idmap config SU : backend = ad
idmap config SU : schema_mode = rfc2307
idmap config SU : range = 1 - 65535
idmap config WIN : backend = ad
idmap config WIN : schema_mode = rfc2307
idmap config WIN : range = 1 - 65535
Now I fire up winbindd with debug-level = 10, and issue some queries via wbinfo.
Some requests work as expected, some fail, but when I look in log.winbindd I
never see any reference to idmap.c or idmap_ad.c. I'd like to confirm that
this module is being used.
I went so far as to deliberately break the smb.conf by specifying
idmap config SU range = 1 -
which I expected to produce an error from idmap_ad_initialize(), "invalid
filter range". But that message is never logged; instead I see only errors
from winbindd_util.c, add_trusted_domain():
[2011/05/16 16:57:11.442318, 1] winbindd/winbindd_util.c:
204(add_trusted_domain)
invalid range syntax in idmap config SU: 1 -
Have I missed out on some crucial bit of configuration that's required to
enable idmap_ad?
--
Kai Lanz Stanford University School of Earth Sciences
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba