[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?

john lists.john at gmail.com
Mon Apr 20 13:50:38 MDT 2015


Hi Rowland,

On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:


> OK, I understand a bit better where your problems lie. I would still use
> backports, supported code is (hopefully) better code :-)
>

I am certainly willing to do that.


>
>
>>
>> I'd be willing to do that if it got me support for UPN names (see below)
>>
>>
>>         I installed NSLCD to allow users in AD to authenticate against
>>         my linux
>>         server per
>>
>> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
>>
>>
>>     Why use nlscd ? why not use winbind, see:
>>     https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>
>>
>> My impression from this thread
>> https://lists.samba.org/archive/samba/2014-May/181372.html
>>
>>  is that Winbind doesn't support UPN names. This was my lame-brain
>> attempt to "work around" that issue.
>>
>
> I use winbind and using the UPN seems to work for smbclient:
>
> smbclient \\\\xp.example.com\\shared -Urowland at example.com
> Enter rowland at example.com's password:
> Domain=[EXAMPLE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
> smb: \>
>
> Is this the way you mean ?
>
>
Well that appears to be what I want, but that doesn't work in my case. Can
I see the smb.conf file? As I mentioned my PDC is a Windows box and this
Samba server is a member server.  I am trying to keep this as simple as
possible.

Since I am able to see UID/GID information via the method outlined on the
Samba wiki
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd#Method_1:_Connecting_to_AD_via_Bind_DN_and_password

it seems like the missing part is getting winbind to use that information.
Can you guide me on the proper approach?

Thanks!

John


More information about the samba mailing list