samba 3.0 / idmap in ADS ? (making progress)
Leandro Ariel Gomez Chavarria
lgomez at cencosud.com.ar
Tue Oct 28 00:19:05 GMT 2003
Finally I successfully compiled the idmap_ad.c library.
I can start winbind using these option in the smb.conf: idmap backend =
ad:ldap://cencosud.arg
but I found an error while is trying to connect to the ads
"krb5_cc_get_principal failed (No credentials cache found)"
is possible to use it with out using kerberos? Note that I can connect
to the ads if I not use the idmap backend option, and store the
winbindd_idmap.tdb locally.
[2003/10/27 20:59:41, 3] sam/idmap.c:idmap_init(129)
idmap_init: using 'ad' as remote backend
[2003/10/27 20:59:41, 2] lib/module.c:do_smb_load_module(64)
Module '/usr/lib/samba/idmap/ad.so' loaded
[2003/10/27 20:59:41, 3] libads/ldap.c:ads_connect(218)
Connected to LDAP server 0.0.0.0
[2003/10/27 20:59:41, 3] libads/ldap.c:ads_server_info(1886)
got ldap server name dcmar002 at CENCOSUD.ARG, using bind path:
dc=CENCOSUD,dc=ARG
[2003/10/27 20:59:41, 4] libads/ldap.c:ads_server_info(1892)
time offset is 0 seconds
[2003/10/27 20:59:41, 4] libads/sasl.c:ads_sasl_bind(416)
Found SASL mechanism GSS-SPNEGO
[2003/10/27 20:59:41, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
got OID=1 2 840 48018 1 2 2
[2003/10/27 20:59:41, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
got OID=1 2 840 113554 1 2 2
[2003/10/27 20:59:41, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
got OID=1 2 840 113554 1 2 2 3
[2003/10/27 20:59:41, 3] libads/sasl.c:ads_sasl_spnego_bind(184)
got OID=1 3 6 1 4 1 311 2 2 10
[2003/10/27 20:59:41, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
got principal=dcmar002$@CENCOSUD.ARG
[2003/10/27 20:59:41, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/10/27 20:59:41, 1] idmap_ad.c:ad_idmap_init(45)
ad_idmap_init: failed to connect to AD
>>> "Leandro Ariel Gomez Chavarria" <lgomez at cencosud.com.ar> 10/27/03
07:19PM >>>
Hi all, maybe someone (please !) can help me.
I'm implementing a 2 node cluster (HA) to give File Server Service for
W2k clients using samba in RedHat 9.0, and as you know, samba use
winbind in order to map Uid -> Sid. This information is originally
stored in winbind_idmap.tdb, and here my problem, local uid/gid are
assigned on the fly, so the idmap database are different on both
nodes.
In case of a switch I have problems with the files owners.
Now, with samba 3, I can solve this problem (or at least it looks
like)
storing this database in ldap, but here in my company we're using
Microsoft ADS and I'd like to put it in there. I search trough the net
and I found xad_oss_plugins from PADL Software, I have been trying to
compile the library idmap_ad.c (ad.o), and I had some problems to
succeed
1st Q:
gcc -v -I/usr/include/linux -I./samba-3.0.0/source/ubiqx \
-I./samba-3.0.0/source/popt -I./samba-3.0.0/source/smbwrapper
\
-I./samba-3.0.0/source -I./samba-3.0.0/source/include \
-Wall -g -shared -o ad.so
./xad_oss_plugins-22/idmap_ad/idmap_ad.c
In file included from /usr/include/sys/types.h:133,
from samba-3.0.0/source/include/includes.h:86,
from xad_oss_plugins-22/idmap_ad/idmap_ad.c:12:
/usr/include/linux/time.h:10: parse error before "time_t"
/usr/include/linux/time.h:12: parse error before '}' token
/usr/include/linux/time.h:18: parse error before "time_t"
/usr/include/linux/time.h:44: field `it_interval' has incomplete type
/usr/include/linux/time.h:45: field `it_value' has incomplete type
/usr/include/linux/time.h:46: confused by earlier errors, bailing out
maybe someone can give me a clue about that, I'm lost.
2nd Q: I'd like to know if I need to do something else although
implementing these library and changing my smb.conf to use: idmap
backend = ad:ldap://myadserver/ ;
I mean something like change a structure in the ADS, install something
else or whatever.
I know I can use open ldap, but I want use what I have.
I succed in many things concerning this cluster, and now I'm stuck
with
that, any clue will be appreciated.
Thanks in advance
Leandro
More information about the samba-technical
mailing list