[Samba] Problem with ADS idmap backend
David Eisner
deisner at gmail.com
Tue Mar 11 17:23:36 GMT 2008
Solved!
Summary: Change schema mode from sfu to rfc2307 in smb.conf:
idmap config THEDOMAIN:schema_mode = rfc2307
Also, I'm an idiot: I didn't have Services For Unix installed; I was
confusing that with "Identity Management for Unix" and "Server for
NIS", which I do have installed. I should note that I was initially
having problems without any schema_mode line (before setting it to
either sfu or rfc2307), but there may have been other problems that I
fixed along the way that were responsible for this.
Details:
I had been watching winbindd activity in smbd.log, and realized I
needed to look at log.winbindd-idmap, too. That's where I noticed
this error:
[2008/03/11 11:11:16, 2] nsswitch/idmap_ad.c:ad_idmap_cached_connection(152)
ad_idmap_cached_connection: Failed to obtain schema details!
It turns out that ads_get_attrnames_by_oids was searching the schema
with this filter:
[2008/03/11 11:58:30, 2] libads/ldap_schema.c:ads_get_attrnames_by_oids(65)
## : search expr:
(|(attributeId=1.2.840.113556.1.6.18.1.310)(attributeId=1.2.840.113556.1.6.18.1.311)(attributeId=1.2.840.113556.1.6.18.1.344)(attributeId=1.2.840.113556.1.6.18.1.312)(attributeId=1.2.840.113556.1.6.18.1.337))
and getting 0 results. These are the attribute IDs for attributes in
the SFU schema extension. Using dsquery on the server, I could see
that these attributes weren't in the schema at all.
Thanks again for your help, and sorry for the bother.
-David
More information about the samba
mailing list