Experience with migration from samba3 to samba4 and ovirt tests

Alejandro aescanero at gmail.com
Tue Nov 13 14:45:29 MST 2012 

Ok, will do some tests tomorrow to search if UPN is set when a user is
created in AD in a Windows Server.




2012/11/13 Andrew Bartlett <abartlet at samba.org>

> On Tue, 2012-11-13 at 22:36 +0100, Alejandro wrote:
> >
> >
> >
> > 2012/11/13 Andrew Bartlett <abartlet at samba.org>
> >         On Tue, 2012-11-13 at 17:02 +0100, Alejandro wrote:
> >         > I use the samba-tool domain samba3upgrade to move from
> >         samba3 ldap to
> >         > samba4. All was ok, but when I was triing to add domain to a
> >         Ovirt 3.1
> >         > Engine I find that no user has a UPN (UserPrincipalName)
> >         attribute.
> >         >
> >         > Ovirt use UPN in the ldap search to find the username with
> >         the usual format
> >         > LOGIN at DOMAINFQDN, but I find me forced to use a ldap tool to
> >         add the UPN
> >         > attribute to the needed users.
> >         >
> >         > Is a problem with migration or Samba4 don't create the UPN
> >         attrbute?
> >
> >
> >         I've had folks mention this before, but I'm not aware how we
> >         are any
> >         different to a windows AD DC in this regard.  If you can show
> >         me how we
> >         differ, we can fix this up.
> >
> >         Why does it have to do a search?  Against AD, if you are doing
> >         'ldap
> >         authentication' you can just log in with user at domain.com as
> >         the 'bind
> >         DN'.
> >
> >
> >
> >
> > Appear that Ovirt do not only ldap authentication, is doing all the
> > searchs in UPD format, example of filter to add Ovirt to the domain:
> > filter=(&(sAMAccountType=805306368)(userPrincipalName=LOGIN at DOMAINFQDN))
> >
> >
> >
> > A search for any user is like:
> >
> filter=(&(sAMAccountType=805306368)(|(givenname=TESTLOGIN)(sn=TESTLOGIN)(samaccountname=TESTLOGIN)(userPrincipalName=TESTLOGIN)))
> >
> >
> >
> > Ovirt need the UPN attribute even for search.
> >
> >
> > I can't test any Windows Server for this attribute (I don't have any
> > AD where I work).
>
> Trial versions of Windows server are available for download and testing
> from Microsoft:
>
> https://www.microsoft.com/en-us/download/details.aspx?id=8371
>
> Andrew Bartlett
>
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
>


-- 
Alejandro Escanero Blanco
Consultor de sistemas basados en fuentes abiertas
Desarrollador de FusionDirectory (http://www.fusiondirectory.org)
Blog: http://www.disasterproject.com
Jabber: blainett at jabberes.com

More information about the samba-technical mailing list