Experience with migration from samba3 to samba4 and ovirt tests
Alejandro
aescanero at gmail.com
Tue Nov 13 14:45:29 MST 2012
Ok, will do some tests tomorrow to search if UPN is set when a user is
created in AD in a Windows Server.
2012/11/13 Andrew Bartlett <abartlet at samba.org>
> On Tue, 2012-11-13 at 22:36 +0100, Alejandro wrote:
> >
> >
> >
> > 2012/11/13 Andrew Bartlett <abartlet at samba.org>
> > On Tue, 2012-11-13 at 17:02 +0100, Alejandro wrote:
> > > I use the samba-tool domain samba3upgrade to move from
> > samba3 ldap to
> > > samba4. All was ok, but when I was triing to add domain to a
> > Ovirt 3.1
> > > Engine I find that no user has a UPN (UserPrincipalName)
> > attribute.
> > >
> > > Ovirt use UPN in the ldap search to find the username with
> > the usual format
> > > LOGIN at DOMAINFQDN, but I find me forced to use a ldap tool to
> > add the UPN
> > > attribute to the needed users.
> > >
> > > Is a problem with migration or Samba4 don't create the UPN
> > attrbute?
> >
> >
> > I've had folks mention this before, but I'm not aware how we
> > are any
> > different to a windows AD DC in this regard. If you can show
> > me how we
> > differ, we can fix this up.
> >
> > Why does it have to do a search? Against AD, if you are doing
> > 'ldap
> > authentication' you can just log in with user at domain.com as
> > the 'bind
> > DN'.
> >
> >
> >
> >
> > Appear that Ovirt do not only ldap authentication, is doing all the
> > searchs in UPD format, example of filter to add Ovirt to the domain:
> > filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN at DOMAINFQDN))
> >
> >
> >
> > A search for any user is like:
> >
> filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))
> >
> >
> >
> > Ovirt need the UPN attribute even for search.
> >
> >
> > I can't test any Windows Server for this attribute (I don't have any
> > AD where I work).
>
> Trial versions of Windows server are available for download and testing
> from Microsoft:
>
> https://www.microsoft.com/en-us/download/details.aspx?id=8371
>
> Andrew Bartlett
>
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
>
>
--
Alejandro Escanero Blanco
Consultor de sistemas basados en fuentes abiertas
Desarrollador de FusionDirectory (http://www.fusiondirectory.org)
Blog: http://www.disasterproject.com
Jabber: blainett at jabberes.com
More information about the samba-technical
mailing list