[Samba] How can I confirm that idmap_ad is being used?
Daniel.Zabel at coremedia.com
Tue May 17 06:50:45 MDT 2011
Have a look at:
Also have a look at:
Not totally sure but I think you have to configure it separately for each domain for which you want to use it, using disjoint ranges.
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Kai Lanz
Gesendet: Dienstag, 17. Mai 2011 02:56
An: samba at lists.samba.org
Betreff: [Samba] How can I confirm that idmap_ad is being used?
How can I confirm that idmap_ad is being called?
I've configured Samba with --with-shared-modules=idmap_ad, built and installed it; the file ad.so is now present in /usr/local/samba/lib/ idmap/ as expected. I then added the following to smb.conf:
idmap backend = tdb
idmap uid = 65536 - 999999
idmap gid = 65536 - 999999
idmap config SU : backend = ad
idmap config SU : schema_mode = rfc2307
idmap config SU : range = 1 - 65535
idmap config WIN : backend = ad
idmap config WIN : schema_mode = rfc2307
idmap config WIN : range = 1 - 65535
Now I fire up winbindd with debug-level = 10, and issue some queries via wbinfo. Some requests work as expected, some fail, but when I look in log.winbindd I never see any reference to idmap.c or idmap_ad.c. I'd like to confirm that this module is being used.
I went so far as to deliberately break the smb.conf by specifying
idmap config SU range = 1 -
which I expected to produce an error from idmap_ad_initialize(), "invalid filter range". But that message is never logged; instead I see only errors from winbindd_util.c, add_trusted_domain():
[2011/05/16 16:57:11.442318, 1] winbindd/winbindd_util.c:
invalid range syntax in idmap config SU: 1 -
Have I missed out on some crucial bit of configuration that's required to enable idmap_ad?
Kai Lanz Stanford University School of Earth Sciences
To unsubscribe from this list go to the following URL and read the
More information about the samba