[Samba] Linux integration with AD

Doug VanLeuven roamdad at sonic.net
Wed May 18 20:12:04 GMT 2005 

Barkan Nir wrote:

>Thanks.
>
>-----Original Message-----
>From: Doug VanLeuven [mailto:roamdad at sonic.net] 
>Sent: ד 18 מאי 2005 02:44
>To: Barkan Nir
>Cc: samba at lists.samba.org
>Subject: Re: [Samba] Linux integration with AD
>
>Nir B wrote:
>  
>
>>Hi All,
>>I extended my AD schema (SFU 3.5) and migrated the users and groups from my 
>>NIS domain.
>>
>>The groups migrated from the NIS have the same GID like on the NIS.
>>I added linux machines to my AD domain using windbind, and define on the 
>>smb.conf  "idmap gid = 10000-20000".
>>
>>I logged in using my AD user account, and when I'm doing "id", I see that 
>>all the AD groups GID start at 10000.
>>
>>How can I define that groups GID will be exactly like on my AD? (The 
>>"msSFU30GidNumber" attribute)
>> 
>>
>>    
>>
>I use padl xad_oss_plugins subcomponent idmap_ad to lookup the uid/gid 
>from the SFU schema extension.  Use it as a backend.
>idmap backend = ad:ldap://dc.mydomain.com
>I copied it to source/modules and patched Makefile.in to recompile and 
>install it for the various svn's.
>  
>
Since you're interested, here's the diff on configure.in and Makefile.in
Line numbers are off current svn.  I had to hand edit to get rid of 
irrelavent stuff.
Just makes it easier to maintain.

Regards, Doug


-------------- next part --------------
Index: configure.in
===================================================================
--- configure.in	(revision 6793)
+++ configure.in	(working copy)
@@ -430,7 +430,7 @@
 default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_svcctl rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_eventlog auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin printerdb_file"
 
 dnl These are preferably build shared, and static if dlopen() is not available
-default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437"
+default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437 idmap_ad"
 
 if test "x$developer" = xyes; then
    default_static_modules="$default_static_modules rpc_echo"
@@ -4572,6 +4586,7 @@
 
 SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_tdb, sam/idmap_tdb.o, "bin/idmap_tdb.$SHLIBEXT", IDMAP)
+SMB_MODULE(idmap_ad, \$(IDMAP_AD_OBJ), "bin/ad.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_rid, sam/idmap_rid.o, "bin/idmap_rid.$SHLIBEXT", IDMAP)
 SMB_SUBSYSTEM(IDMAP,sam/idmap.o)
 
-------------- next part --------------
Index: Makefile.in
===================================================================
--- Makefile.in	(revision 6793)
+++ Makefile.in	(working copy)
@@ -349,6 +349,8 @@
 VFS_AFSACL_OBJ = modules/vfs_afsacl.o
 VFS_CATIA_OBJ = modules/vfs_catia.o
 
+IDMAP_AD_OBJ = modules/idmap_ad.o
+
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
 
 SLCACHE_OBJ = libsmb/samlogon_cache.o
@@ -1237,6 +1230,11 @@
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_EXPAND_MSDFS_OBJ:.o=. at PICSUFFIX@) \
 		@SONAMEFLAG@`basename $@`
 
+bin/ad. at SHLIBEXT@: $(IDMAP_AD_OBJ:.o=.po)
+	@echo "Building plugin $@"
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(IDMAP_AD_OBJ:.o=.po) \
+		@SONAMEFLAG@`basename $@`
+
 bin/afsacl. at SHLIBEXT@: $(VFS_AFSACL_OBJ:.o=.po)
 	@echo "Building plugin $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_AFSACL_OBJ:.o=.po) \
@@ -1420,6 +1420,7 @@
 	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(VFSLIBDIR) $(DESTDIR)$(VFS_MODULES)
 	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(PDBLIBDIR) $(DESTDIR)$(PDB_MODULES)
 	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(RPCLIBDIR) $(DESTDIR)$(RPC_MODULES)
+	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(IDMAPLIBDIR) $(DESTDIR)$(IDMAP_MODULES)
 	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(CHARSETLIBDIR) $(DESTDIR)$(CHARSET_MODULES)
 	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(AUTHLIBDIR) $(DESTDIR)$(AUTH_MODULES)

More information about the samba mailing list