[Samba] Problem with ADS idmap backend

[brandon hall]

I'm glad you posted this. I know a lot of other people have been having
issues getting this to work. Some success and configs are now in the
archives :)

I know I tried this a long time ago and never got it working. I might give
it another shot thanks to you!


On 3/11/08, David Eisner <deisner at gmail.com> wrote:
>
> Solved!
>
> Summary: Change schema mode from sfu to rfc2307 in smb.conf:
>
>   idmap config THEDOMAIN:schema_mode = rfc2307
>
> Also, I'm an idiot: I didn't have Services For Unix installed; I was
> confusing that with "Identity Management for Unix" and "Server for
> NIS", which I do have installed.  I should note that I was initially
> having problems without any schema_mode line (before setting it to
> either sfu or rfc2307), but there may have been other problems that I
> fixed along the way that were responsible for this.
>
> Details:
>
> I had been watching winbindd activity in smbd.log, and realized I
> needed to look at log.winbindd-idmap, too.  That's where I noticed
> this error:
>
> [2008/03/11 11:11:16, 2]
> nsswitch/idmap_ad.c:ad_idmap_cached_connection(152)
> ad_idmap_cached_connection: Failed to obtain schema details!
>
> It turns out that ads_get_attrnames_by_oids was searching the schema
> with this filter:
>
> [2008/03/11 11:58:30, 2]
> libads/ldap_schema.c:ads_get_attrnames_by_oids(65)
>    ## : search expr:
> (|(attributeId=1.2.840.113556.1.6.18.1.310)(attributeId=
> 1.2.840.113556.1.6.18.1.311)(attributeId=1.2.840.113556.1.6.18.1.344
> )(attributeId=1.2.840.113556.1.6.18.1.312)(attributeId=
> 1.2.840.113556.1.6.18.1.337))
>
> and getting 0 results.  These are the attribute IDs for attributes in
> the SFU schema extension. Using dsquery on the server, I could see
> that these attributes weren't in the schema at all.
>
> Thanks again for your help, and sorry for the bother.
>
> -David
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>