Winbindd Success :) [was Re: winbindd, (radio)active directory and other pains...]

Wed Jul 17 23:06:01 GMT 2002

Alexander Bokovoy wrote:
> On Wed, Jul 17, 2002 at 04:23:14PM +1000, Bogdan Iamandei wrote:
> 
>>	I am trying to make winbindd talk to the local AD swerver here
>>and it is not too clear to me whether there's a difference between
>>2.2.6-pre and 3.0-pre.
>>
>>	It seems to me that 2.2.6-pre is not really working (unless I
> 
> It indeed shouldn't work as it lacks AD functionality completely.

Yeah - I discovered that after trying to use 3.0

> 
> 
>>am doing somehthing wrong) and 3.0-pre is not compiling the shared
>>libs in nsswitch because of an error in configure script at the point 
>>where it checks whether the compiler can create shared libs. This 
>>happens with Sun's CC.

However - there is a problem with the configure script which seems to
pass the wrong parameters to sun's CC and the result is that the shared
library test fails.

GCC passes that test fine. CC creates the libraries if I edit and
force the configure script to skip those tests and just assume that "yes
the damned compiled knows how to and can create shared libs"

>>
>>	So, my questions are: is there any difference between winbind
>>in Samba2.2.6pre and HEAD? Is there anyone who got winbindd talking
>>to an AD on Solaris/Sparc? If yes - how? :)
> 
> There is a huge difference between winbindd's code in those CVS branches.
> HEAD has support for AD while SAMBA_2_2 hasn't. Could you please show what
> configure reports in config.status for this check of shared libs?

I finally got it working. Authentication to the local AD works
absolutely great. Thanks guys! :)

A few nitpicks.

1). I don't seem to be able to specify multiple ranges of ID's for
winbindd. For example:

	winbind uid = 1000-20000 25000-30000

Would this be possible in the future? :) Please? :)

2). For some reason winbindd is reading the winbindd_cache.tdb and
winbindd_idmap.tdb after a restart. All would be fine, but if I change
the UID ranges, winbindd will still use the old range. The workaround
is to remove those two TDBs and try again.

3). (not really a nitpick - more like a small warning) Beware of nscd
daemon on Solaris. It basically takes a little while until it kicks in
for the first time.

4). After a while (5-10 minutes) running samba, attempting to connect
a share - takes a long - long time and in the end it fails with
something like Error - 0. I'll have to test it some more - before giving
some more details though.

							Ino!~

-- 
I have seen things you people wouldn't believe.  Attack ships on fire
off the shoulder of Orion.  I watched C-beams glitter in the dark
near the Tannhauser Gate.  All those moments will be lost in time,
like tears in rain.  Time to die.