[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?

Rowland Penny rowlandpenny at googlemail.com
Mon Apr 20 14:17:30 MDT 2015 

On 20/04/15 20:50, john wrote:
> Hi Rowland,
>
> On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com
>> wrote:
>
>> OK, I understand a bit better where your problems lie. I would still use
>> backports, supported code is (hopefully) better code :-)
>>
> I am certainly willing to do that.
>
>
>>
>>> I'd be willing to do that if it got me support for UPN names (see below)
>>>
>>>
>>>          I installed NSLCD to allow users in AD to authenticate against
>>>          my linux
>>>          server per
>>>
>>> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
>>>
>>>
>>>      Why use nlscd ? why not use winbind, see:
>>>      https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>
>>>
>>> My impression from this thread
>>> https://lists.samba.org/archive/samba/2014-May/181372.html
>>>
>>>   is that Winbind doesn't support UPN names. This was my lame-brain
>>> attempt to "work around" that issue.
>>>
>> I use winbind and using the UPN seems to work for smbclient:
>>
>> smbclient \\\\xp.example.com\\shared -Urowland at example.com
>> Enter rowland at example.com's password:
>> Domain=[EXAMPLE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
>> smb: \>
>>
>> Is this the way you mean ?
>>
>>
> Well that appears to be what I want, but that doesn't work in my case. Can
> I see the smb.conf file? As I mentioned my PDC is a Windows box and this
> Samba server is a member server.  I am trying to keep this as simple as
> possible.
>
> Since I am able to see UID/GID information via the method outlined on the
> Samba wiki
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd#Method_1:_Connecting_to_AD_via_Bind_DN_and_password
>
> it seems like the missing part is getting winbind to use that information.
> Can you guide me on the proper approach?
>
> Thanks!
>
> John

OK, have a look here: 
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

That is basically my smb.conf (and when I say 'my' I really mean that is 
'my' smb.conf)

Rowland

More information about the samba mailing list