Re: [Samba] Linux integration with AD

[Doug VanLeuven]

Barkan Nir wrote:
Thanks.
-----Original Message-----
From: Doug VanLeuven [mailto:[EMAIL PROTECTED] 
Sent: ד 18 מאי 2005 02:44
To: Barkan Nir
Cc: samba@lists.samba.org
Subject: Re: [Samba] Linux integration with AD

Nir B wrote:
 

Hi All,
I extended my AD schema (SFU 3.5) and migrated the users and groups from my 
NIS domain.

The groups migrated from the NIS have the same GID like on the NIS.
I added linux machines to my AD domain using windbind, and define on the 
smb.conf  "idmap gid = 10000-20000".

I logged in using my AD user account, and when I'm doing "id", I see that 
all the AD groups GID start at 10000.

How can I define that groups GID will be exactly like on my AD? (The 
"msSFU30GidNumber" attribute)

   

I use padl xad_oss_plugins subcomponent idmap_ad to lookup the uid/gid 
from the SFU schema extension.  Use it as a backend.
idmap backend = ad:ldap://dc.mydomain.com
I copied it to source/modules and patched Makefile.in to recompile and 
install it for the various svn's.
 

Since you're interested, here's the diff on configure.in and Makefile.in
Line numbers are off current svn.  I had to hand edit to get rid of 
irrelavent stuff.
Just makes it easier to maintain.

Regards, Doug

Index: configure.in
===================================================================
--- configure.in        (revision 6793)
+++ configure.in        (working copy)
@@ -430,7 +430,7 @@
 default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg 
rpc_lsa_ds rpc_wks rpc_svcctl rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_eventlog 
auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain 
auth_builtin printerdb_file"
 
 dnl These are preferably build shared, and static if dlopen() is not available
-default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit 
vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap 
vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437"
+default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit 
vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap 
vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437 idmap_ad"
 
 if test "x$developer" = xyes; then
    default_static_modules="$default_static_modules rpc_echo"
@@ -4572,6 +4586,7 @@
 
 SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_tdb, sam/idmap_tdb.o, "bin/idmap_tdb.$SHLIBEXT", IDMAP)
+SMB_MODULE(idmap_ad, \$(IDMAP_AD_OBJ), "bin/ad.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_rid, sam/idmap_rid.o, "bin/idmap_rid.$SHLIBEXT", IDMAP)
 SMB_SUBSYSTEM(IDMAP,sam/idmap.o)
 
Index: Makefile.in
===================================================================
--- Makefile.in (revision 6793)
+++ Makefile.in (working copy)
@@ -349,6 +349,8 @@
 VFS_AFSACL_OBJ = modules/vfs_afsacl.o
 VFS_CATIA_OBJ = modules/vfs_catia.o
 
+IDMAP_AD_OBJ = modules/idmap_ad.o
+
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
 
 SLCACHE_OBJ = libsmb/samlogon_cache.o
@@ -1237,6 +1230,11 @@
        @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_EXPAND_MSDFS_OBJ:[EMAIL PROTECTED]@) \
                @[EMAIL PROTECTED] [EMAIL PROTECTED]
 
+bin/[EMAIL PROTECTED]@: $(IDMAP_AD_OBJ:.o=.po)
+       @echo "Building plugin $@"
+       @$(SHLD) $(LDSHFLAGS) -o $@ $(IDMAP_AD_OBJ:.o=.po) \
+               @[EMAIL PROTECTED] [EMAIL PROTECTED]
+
 bin/[EMAIL PROTECTED]@: $(VFS_AFSACL_OBJ:.o=.po)
        @echo "Building plugin $@"
        @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_AFSACL_OBJ:.o=.po) \
@@ -1420,6 +1420,7 @@
        @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) 
$(DESTDIR)$(BASEDIR) $(DESTDIR)$(VFSLIBDIR) $(DESTDIR)$(VFS_MODULES)
        @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) 
$(DESTDIR)$(BASEDIR) $(DESTDIR)$(PDBLIBDIR) $(DESTDIR)$(PDB_MODULES)
        @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) 
$(DESTDIR)$(BASEDIR) $(DESTDIR)$(RPCLIBDIR) $(DESTDIR)$(RPC_MODULES)
+       @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) 
$(DESTDIR)$(BASEDIR) $(DESTDIR)$(IDMAPLIBDIR) $(DESTDIR)$(IDMAP_MODULES)
        @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) 
$(DESTDIR)$(BASEDIR) $(DESTDIR)$(CHARSETLIBDIR) $(DESTDIR)$(CHARSET_MODULES)
        @$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) 
$(DESTDIR)$(BASEDIR) $(DESTDIR)$(AUTHLIBDIR) $(DESTDIR)$(AUTH_MODULES)
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba