[Samba] Idmap_ad troubleshooting assistance

Scott Armstrong scottbird7 at hotmail.com
Wed Nov 3 12:21:27 GMT 2004

I have Samba 3.0.7 installed and running in security = ADS mode and I've
built and installed the Idmap_ad backend according to the instructions.
Group lookups seem to work fine, but getent passwd and id functions fail
with the message -
	ad_idmap_get_id_from_sid: ads_pull_uint32 : could not read attribute
If I manually run an ldap query against Active Directory the attribute shows
up just fine in either root's or a user's context using GSSAPI. 
I've extended the AD schema using MKSADplugins and I'm using the RFC2307
schema style.
Any suggestions on troubleshooting this problem would be greatly
Additional info - 
   I'm in Active Directory 2003 in Native Mode.
   Samba is built with local installations of kerberos and openssl to get
around deficiencies in the system versions.
   The platforms are Red Hat Enterprise Linux AS 3.0, Fedora Core 2 x86_64
and Sun SPARC Solaris 8.
I'll gladly supply neutered copies of configuration files, log files and
ldap searches, but I think the ability to crank up the logging level of the
ldap retrieval functions would be more valuable.

More information about the samba mailing list