pdb_ldap.c/Samba 3.0 PDC for XP

Andrew Bartlett abartlet at samba.org
Wed Apr 30 00:59:41 GMT 2003

On Wed, 2003-04-30 at 07:51, Matt Benjamin wrote:
> Hi folks,
> It seems like this code is somewhat mutable right now...though it looked
> viable a few days ago.
> What I'm trying to do is test-migrate our Samba 2.2.x + LDAPSAM Samba
> setups to Samba 3.0, to get group mapping, etc.
> I had done a CVS pull on HEAD on 4/25, and was able (with a minor change
> to pdb_ldap.c/make_a_mod [note on pdb_ldap.c, l. 835:  you don't need
> this, and you don't want it, because it breaks deletion of group maps]
> to create a domain based on our 2.2.x LDAP data, and I was able to join
> and use domain logins from a W2K client.  I had trouble with a WinXP
> station, though.  I could "join" the domain, but afterwards, XP reported
> the domain was not available.
> With this morning's CVS code (SAMBA_3_0), some things are awry.  Among
> other things, (at least) init_sam_from_ldap and ldapsam_getsampwsid
> functions fail to find sambaAccount entries based on rid--this seemed to
> be a simple omission, so I fixed these.  

I'm interested in how these failed - I probably didn't test every
combination of access modes.  Was this just because you didn't use the
'ldapsam_compat' module?

> After doing so, I was able to
> do logins with smbclient, and to update workstations with "smbpasswd -m
> -a".  However, attempting to join the domain now failed with a handle
> error in find_policy_by_hnd_internal.
> My question is, how far is this code from stabilizing?  Is the ldapsam
> back end expected to break further before it becomes usable again--with
> backward compatibility to 2.2 data, as I understand is planned?

We have decided to change the schema for 3.0.  rid -> ntSid is the main
change.  The ldapsam_compat backend will remain for compatibility.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030430/ac17e472/attachment.bin

More information about the samba-technical mailing list