On Thu, Feb 07, 2008 at 11:41:47PM +1000, James C. McPherson wrote: > Nicolas Williams wrote: > > You don't have to do anything at all for idmap to be in AD-only mode. > > By default it only does ephemeral ID mapping (for SID->UID/GID mapping) > > and local SID mapping (for non-ephemeral UID/GID->SID mapping). > > Is this the compulsory mode of operation now? I noticed that since > going from 77 to 81, I am no longer able to connect from my win-XP > or win-Vista systems. The message I see is
No, ephemeral mapping is just the default. > Feb 6 15:33:12 farnarkle idmap[7189]: [ID 678313 daemon.error] Failed to > create request for AD lookup by winname Possible problems (I know, we should have beeter logging, but the information here could be buried many layers deep, so it's hard to get): - your /etc/krb5/krb5.keytab is out of sync Try re-joining your domain. - your DNS resolver config is broken > >> I have installed "Unix Services" under W2K3 Server which gives AD the > >> RFC2307 schema support, but how does one configure the idmap side? > > > > One doesn't configure idmap so much as the native LDAP client. > > > > The configuration involves installing schema mapping information. That > > is, running ldapclient(1M) with -a arguments to setup attributeMap, > > objectClassMap, ... > > Is there a minimum schema definition which idmapd requires? idmapd does not require SFU be installed, or that any schema changes be made. Using nss_ldap with AD as the directory is different. I wasn't clear on what, exactly, you were looking for. Nico -- _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
