[Samba] AD Authentication help please?

[Jason Gerfen]

When joining the samba box to a domain:

%> net ads join -U <username>
%> kinit Admin at DOMAIN.COM
%> net ads join -U <username> <LDAP/AD Container of users>

The last command fails and when doing an strace you can clearly see that 
it is expecting an Organizational Unit (OU) vs. a Common Name (CN) which 
is where the users I need to authenticate are currently residing.

Do I need to move these to an OU vs. a CN?  Here is the strace output I 
am refering to:

%> strace -o tmp net ads join -U "Admin" "users"

(only inclusing pertinant lines with searching for container to map to)

write(6, "0C\2\1\5c>\4\36ou=users,dc=DOMAIN,dc=COM"..., 69) = 69  <-- 
here is the hard coded ou, I am not 100% familiar with the LDAP RFC but 
on a windows Active Directory there are CN and OU containers

See how it is appending the OU=USERS?


Edward Brookhouse wrote:

>Not sure I understand your question. What are you trying to map?
>
>-----Original Message-----
>From: samba-bounces+ebroo=healthydirections.com at lists.samba.org
>[mailto:samba-bounces+ebroo=healthydirections.com at lists.samba.org] On
>Behalf Of Jason Gerfen
>Sent: Tuesday, September 20, 2005 11:25 AM
>To: samba at lists.samba.org
>Subject: [Samba] AD Authentication help please?
>
>I am having a problem which with much help from this list I have gotten 
>90% complete.  I am attempting to create a samba server which will 
>authenticate users as a Domain member server using active directory.
>
>The question I have is how can I map a specific container which is not 
>an OU but a CN in the active directory?
>
>Any help is appreciated.
>
>  
>


-- 
Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK