[cifs-discuss] idmap not working for netbios domainname

Jan Veninga Fri, 25 Sep 2009 06:24:17 -0700

I can't get idmap to work for the short version of our domainname.

This works


# idmap show -c 'EWI.UTWENTE.NL\myuser'
winuser:EWI.UTWENTE.NL\myuser -> unixuser:myuser

But this does not work (and that is the way smbd tries to resolve):

# idmap show -c 'EWI\veninga'
winname:EWI\veninga -> uid:60001
Error:  Domain not found

I have tried lots of thing but I am not getting anywhere.

/etc/krb/krb5.conf

[libdefaults]
        default_realm = EWI.UTWENTE.NL

[realms]
        EWI.UTWENTE.NL = {
        kdc = ewidc12.ewi.utwente.nl
        kdc = ewidc11.ewi.utwente.nl
        admin_server = ewidc11.ewi.utwente.nl
        kpasswd_protocol = SET_CHANGE
        }

[domain_realm]
       .ewi.utwente.nl = EWI.UTWENTE.NL

/etc/resolv.conf
search EWI ewi.utwente.nl
nameserver 130.89.10.49
nameserver 130.89.10.11
nameserver 130.89.10.5

I added the "EWI" domain because the "cifs-chkcfg" tool said so.

I have started idmapd by hand. That gives the following output:

# /usr/lib/idmapd -d
change machine_sid=S-1-5-21-955220778-3031754748-3444550202
change default_domain=any-value
change domain_name=ewi.utwente.nl
change global_catalog=ewidc11.dynamic.ewi.utwente.nl port=3268
Initial configuration loaded
created thread ID 4 - 1 threads currently active
list_size_limit=0
default_domain=any-value
domain_name=ewi.utwente.nl
machine_sid=S-1-5-21-955220778-3031754748-3444550202
No domain controllers known
forest_name=null
site_name=null
global_catalog=ewidc11.dynamic.ewi.utwente.nl port=3268
No domains in forest null known
No trusted domains known
ds_name_mapping_enabled=false
ad_unixuser_attr=null
ad_unixgroup_attr=null
nldap_winname_attr=null
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'ewi.utwente.nl' 
Found _ldap._tcp.dc._msdcs.ewi.utwente.nl 600 IN SRV [0][100] 
ewidc11.dynamic.ewi.utwente.nl:389
Found _ldap._tcp.dc._msdcs.ewi.utwente.nl 600 IN SRV [0][100] 
ewidc12.dynamic.ewi.utwente.nl:389
Found _ldap._tcp.dc._msdcs.ewi.utwente.nl 600 IN SRV [0][100] 
ewidc02.dynamic.ewi.utwente.nl:389
Looking for domains in forest...
    found utwente.nl
    found ewi.utwente.nl
    found tnw.utwente.nl
    found ctw.utwente.nl
    found gw.utwente.nl
    found student.utwente.nl
    found dept.utwente.nl
    found service.utwente.nl
    found workstation.utwente.nl
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'tnw.utwente.nl' 
Found _ldap._tcp.dc._msdcs.tnw.utwente.nl 600 IN SRV [0][100] 
dc12tnw.dynamic.tnw.utwente.nl:389
Found _ldap._tcp.dc._msdcs.tnw.utwente.nl 600 IN SRV [0][100] 
dc2tnw.dynamic.tnw.utwente.nl:389
Found _ldap._tcp.dc._msdcs.tnw.utwente.nl 600 IN SRV [0][100] 
dc11tnw.dynamic.tnw.utwente.nl:389
LDAP SASL bind to dc12tnw.dynamic.tnw.utwente.nl:389 failed (Strong 
authentication required)
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'gw.utwente.nl' 
Found _ldap._tcp.dc._msdcs.gw.utwente.nl 600 IN SRV [0][100] 
dc3gw.dynamic.gw.utwente.nl:389
Found _ldap._tcp.dc._msdcs.gw.utwente.nl 600 IN SRV [0][100] 
dc1gw.dynamic.gw.utwente.nl:389
Found _ldap._tcp.dc._msdcs.gw.utwente.nl 600 IN SRV [0][100] 
dc2gw.dynamic.gw.utwente.nl:389
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'ctw.utwente.nl' 
Found _ldap._tcp.dc._msdcs.ctw.utwente.nl 600 IN SRV [0][100] 
dc6ctw.ctw.utwente.nl:389
Found _ldap._tcp.dc._msdcs.ctw.utwente.nl 600 IN SRV [0][100] 
dc5ctw.ctw.utwente.nl:389
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'dept.utwente.nl' 
Found _ldap._tcp.dc._msdcs.dept.utwente.nl 600 IN SRV [0][100] 
dc1dept.dept.utwente.nl:389
Found _ldap._tcp.dc._msdcs.dept.utwente.nl 600 IN SRV [0][100] 
dc2dept.dept.utwente.nl:389
Found _ldap._tcp.dc._msdcs.dept.utwente.nl 600 IN SRV [0][100] 
dc3dept.dept.utwente.nl:389
Found _ldap._tcp.dc._msdcs.dept.utwente.nl 600 IN SRV [0][100] 
dc4dept.dept.utwente.nl:389
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'ewi.utwente.nl' 
Found _ldap._tcp.dc._msdcs.ewi.utwente.nl 600 IN SRV [0][100] 
ewidc12.dynamic.ewi.utwente.nl:389
Found _ldap._tcp.dc._msdcs.ewi.utwente.nl 600 IN SRV [0][100] 
ewidc02.dynamic.ewi.utwente.nl:389
Found _ldap._tcp.dc._msdcs.ewi.utwente.nl 600 IN SRV [0][100] 
ewidc11.dynamic.ewi.utwente.nl:389
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'student.utwente.nl' 
Found _ldap._tcp.dc._msdcs.student.utwente.nl 600 IN SRV [0][100] 
dc1student.student.utwente.nl:389
Found _ldap._tcp.dc._msdcs.student.utwente.nl 600 IN SRV [0][100] 
dc2student.student.utwente.nl:389
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'service.utwente.nl' 
Found _ldap._tcp.dc._msdcs.service.utwente.nl 600 IN SRV [0][100] 
dc2service.service.utwente.nl:389
Found _ldap._tcp.dc._msdcs.service.utwente.nl 600 IN SRV [0][100] 
dc1service.service.utwente.nl:389
Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 
'workstation.utwente.nl' 
Found _ldap._tcp.dc._msdcs.workstation.utwente.nl 600 IN SRV [0][100] 
dc2workstation.workstation.utwente.nl:389
Found _ldap._tcp.dc._msdcs.workstation.utwente.nl 600 IN SRV [0][100] 
dc1workstation.workstation.utwente.nl:389
LDAP SASL bind to dc2workstation.workstation.utwente.nl:389 failed (Strong 
authentication required)
LDAP SASL bind to dc1workstation.workstation.utwente.nl:389 failed (Strong 
authentication required)
unable to discover Forest Name for the trusted domain workstation.utwente.nl
unable to discover Site Name
change domain_controller=ewidc11.dynamic.ewi.utwente.nl port=389
change domain_controller=ewidc12.dynamic.ewi.utwente.nl port=389
change domain_controller=ewidc02.dynamic.ewi.utwente.nl port=389
change forest_name=utwente.nl
change domains_in_forest=utwente.nl
change domains_in_forest=ewi.utwente.nl
change domains_in_forest=tnw.utwente.nl
change domains_in_forest=ctw.utwente.nl
change domains_in_forest=gw.utwente.nl
change domains_in_forest=student.utwente.nl
change domains_in_forest=dept.utwente.nl
change domains_in_forest=service.utwente.nl
change domains_in_forest=workstation.utwente.nl
change trusted_domains=tnw.utwente.nl direction=bi-directional
change trusted_domains=gw.utwente.nl direction=bi-directional
change trusted_domains=ctw.utwente.nl direction=bi-directional
change trusted_domains=dept.utwente.nl direction=bi-directional
change trusted_domains=ewi.utwente.nl direction=bi-directional
change trusted_domains=student.utwente.nl direction=bi-directional
change trusted_domains=service.utwente.nl direction=bi-directional
change trusted_domains=workstation.utwente.nl direction=bi-directional


I hope that someone can help me.

Jan Veninga
-- 
This message posted from opensolaris.org
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

[cifs-discuss] idmap not working for netbios domainname

Reply via email to