[Samba] How can I confirm that idmap_ad is being used?

Zabel, Daniel Daniel.Zabel at coremedia.com
Tue May 17 06:50:45 MDT 2011 

Hi Kai,

Have a look at:

log.winbindd-idmap

Also have a look at:
https://bugzilla.samba.org/show_bug.cgi?id=6322

Not totally sure but I think you have to  configure it separately for each domain for which you want to use it, using disjoint ranges.

Cheers,

Daniel


-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Kai Lanz
Gesendet: Dienstag, 17. Mai 2011 02:56
An: samba at lists.samba.org
Betreff: [Samba] How can I confirm that idmap_ad is being used?


How can I confirm that idmap_ad is being called?

I've configured Samba with --with-shared-modules=idmap_ad, built and installed it; the file ad.so is now present in /usr/local/samba/lib/ idmap/ as expected. I then added the following to smb.conf:

    idmap backend = tdb
    idmap uid = 65536 - 999999
    idmap gid = 65536 - 999999

    idmap config SU : backend = ad
    idmap config SU : schema_mode = rfc2307
    idmap config SU : range = 1 - 65535
    idmap config WIN : backend = ad
    idmap config WIN : schema_mode = rfc2307
    idmap config WIN : range = 1 - 65535

Now I fire up winbindd with debug-level = 10, and issue some queries via wbinfo. Some requests work as expected, some fail, but when I look in log.winbindd I never see any reference to idmap.c or idmap_ad.c. I'd like to confirm that this module is being used.

I went so far as to deliberately break the smb.conf by specifying

    idmap config SU range = 1 -

which I expected to produce an error from idmap_ad_initialize(), "invalid filter range". But that message is never logged; instead I see only errors from winbindd_util.c, add_trusted_domain():

[2011/05/16 16:57:11.442318,  1] winbindd/winbindd_util.c: 
204(add_trusted_domain)
   invalid range syntax in idmap config SU: 1 -

Have I missed out on some crucial bit of configuration that's required to enable idmap_ad?

-- 
Kai Lanz      Stanford University      School of Earth Sciences

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list