Option ldap.ADdomain should be AD domain name (single entry), not list of domain controllers. It tries to find domain dc2.ad.cxo.name; is it really domain name?
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Steffen Knauf Sent: Monday, July 30, 2012 4:13 PM To: toasters@teaparty.net Subject: LDAP Options
Hi,
i try to configure our Filer to an LDAP Server (Windows 2008 R2), without Success. Perhaps you have some ideas what's wrong
---------------------------------------------------------------------------------------- ldap.ADdomain dc2.ad.cxo.name dc1.ad.cxo.name ldap.base dc=ad,dc=cxo,dc=name ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name CN=Administrator,CN=Users,DC=ad,DC=cxo,DC=name ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount sAMAccountName ldap.nssmap.objectClass.posixGroup Group ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount sAMAccountName ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on
----------------------------------------------------------------------------------------
I get the following error messages:
---------------------------------------------------------------------------------------- Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for DC2.AD.CXO.NAME. Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (muc). Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for DC2.AD.CXO.NAME complete. 0 unique addresses found ----------------------------------------------------------------------------------------
Testing: ----------------------------------------------------------------------------------------
chip1*> getXXbyYY getpwbyname_r sknauf Could not get passwd entry for name = sknauf
chip1*> wcc -u adcxo/sknauf no passwd entry for adcxo/sknauf ----------------------------------------------------------------------------------------
nsswitch.conf :
---------------------------------------------------------------------------------------- chip1*> rdfile /etc/nsswitch.conf #Auto-generated by LDAP Mon Jul 30 10:42:32 CEST 2012 hosts: files nis dns passwd: files ldap netgroup: files ldap group: files ldap shadow: files ldap nis ----------------------------------------------------------------------------------------
Ping: ---------------------------------------------------------------------------------------- chip1*> ping dc2.ad.cxo.name dc2.ad.cxo.name is alive chip1*> ping dc2 dc2.ad.cxo.name is alive ----------------------------------------------------------------------------------------
Thanks & greets
Steffen