[Samba] AWS AD Connector and Samba4

Andrew Bartlett abartlet at samba.org
Thu Sep 3 19:45:52 UTC 2015 

On Fri, 2015-08-28 at 16:25 +0200, Jörg Baldzer wrote:
> 	Error verifying signature: gpg: NOTE: old default options file
> `/home/abartlet/.gnupg/options' ignored
> gpg: armor header: Comment: GPGTools - https://gpgtools.org
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: invalid radix64 character 2D skipped
> gpg: [don't know]: invalid packet (ctb=10)
> gpg: Signature made Sat 29 Aug 2015 02:25:09 NZST using RSA key ID
> 73DB5A25
> gpg: using classic trust model
> gpg: BAD signature from "Jörg Baldzer (NumberFour) <
> joerg.baldzer at numberfour.eu>"
> gpg: textmode signature, digest algorithm SHA512
> Hi,
> 
> we want to access our Amazon/AWS Console using users from our
> internal samba4 directory service. So we tried to connect to our
> samba4 via the AWS AD Connector. 
> Connection (bind) is ok, but no users/groups are found.  Via
> tcpdump/wireshark we found this query/answer pair:
> 
> Query from AD Connector
> LDAPMessage searchRequest(5) “dc=companyname,dc=com" wholeSubtree
> Filter: (&(ANR=testuser*)(sAMAccountType=805306368))
> 
> Answer from Samba4
> resultCode: unavailableCriticalExtension (12)
> 
> The following controlType is marked as critical in the query:
> controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLVREQUEST VLV)
> 
> Is it possible to activate / add this controlType in samba4? 

Everything is possible in software, with enough effort :-)

However, to do this, particularly in a way that would be efficient, is
not a small amount of work. 

Feel free to file a bug to track this feature request.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list