[Samba] Authenticating VDI-in-a-Box to Samba4 AD

Andrew Bartlett abartlet at samba.org
Wed Aug 13 03:49:04 MDT 2014 

On Wed, 2014-08-13 at 11:57 +1200, David Kirk wrote:
> Hi,
> 
> I have successfully built an ADDC on a Centos 6.5 VM running on Citrix
> XenServer 6.2.  It seems to be working well.
> 
> Now I want to test Citrix VDI-in-a-Box.  I've installed vdiManager 5.4.0 on
> to my XenServer.  It wants to authenticate to my AD server.  It fails with
> the message:
> 
>    Could not connect to the user database at 10.0.1.10 with user
> administrator in domain test.lan
> 
> I did a bit of searching around and found someone else who had exactly the
> same problem as me.
> http://discussions.citrix.com/topic/335191-samba4-and-user-database/
> 
> I used the same solution as him.  I created another VM and installed
> vdi-ldap-proxy (https://github.com/Benoitsob/vdi-ldap-proxy).  I configured
> it to use my domain name and ran it.  I pointed vdiManager to the IP
> address of the proxy and it works.  I'm building my base image as I type.
> 
> So, it seems that the problem is that vdiManager puts in extra whitespace
> in the ldap query eg. baseObject: dc=test, dc=lan.  There shouldn't be a
> space after the comma.
> 
> The proxy takes the malformed request, removes the whitespace and forwards
> it to the AD server.
> 
> This is great for a short term workaround, but I was wondering if the
> developers would consider updating Samba so it will accept a query like the
> one above with a space after the comma?

Using Samba's ldbsearch as a LDAP client, I am unable to reproduce the
issue, so there may be something more to this than meets the eye.

Can you get me a wireshark trace of this failing with Citrix, plus if
you can reproduce the failure with Apache DS or another tool, one of it
failing and another of it working, it might give me what I need to chase
this down.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list