With Windows 2003R2 or later you do not need to (and should not) install SFU. The rfc2307 NIS schema is part of AD - although not all the attributes will be populated by default (i.e. you will not have a UID unless you explicitly set it).

On 07/30/2012 09:41 AM, Steffen Knauf wrote:

Hi, sorry that was my fault. The correct entry should be:

ldap.ADdomain                ad.cxo.name

But still with the same result: Could not get passwd entry for name = sknauf

I don't have much experience with windows 2008 R2 Server. It is necessary to install SFU (Subsystem for unix-based Application) on the Windows Server?

Von: Borzenkov, Andrey [mailto:andrey.borzenkov@ts.fujitsu.com]
Gesendet: Montag, 30. Juli 2012 14:54
An: Steffen Knauf; toasters@teaparty.net
Betreff: RE: LDAP Options

Option ldap.ADdomain should be AD domain name (single entry), not list of domain controllers. It tries to find domain dc2.ad.cxo.name; is it really domain name?

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Steffen Knauf
Sent: Monday, July 30, 2012 4:13 PM
To: toasters@teaparty.net
Subject: LDAP Options

Hi,

i try to configure our Filer to an LDAP Server (Windows 2008 R2), without Success. Perhaps you have some ideas what's wrong

----------------------------------------------------------------------------------------

ldap.ADdomain                dc2.ad.cxo.name dc1.ad.cxo.name

ldap.base                    dc=ad,dc=cxo,dc=name

ldap.base.group

ldap.base.netgroup

ldap.base.passwd

ldap.enable                  on

ldap.minimum_bind_level      anonymous

ldap.name                    CN=Administrator,CN=Users,DC=ad,DC=cxo,DC=name

ldap.nssmap.attribute.gecos gecos

ldap.nssmap.attribute.gidNumber gidNumber

ldap.nssmap.attribute.groupname cn

ldap.nssmap.attribute.homeDirectory homeDirectory

ldap.nssmap.attribute.loginShell loginShell

ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup

ldap.nssmap.attribute.memberUid memberUid

ldap.nssmap.attribute.netgroupname cn

ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple

ldap.nssmap.attribute.uid    uid

ldap.nssmap.attribute.uidNumber uidNumber

ldap.nssmap.attribute.userPassword userPassword

ldap.nssmap.objectClass.nisNetgroup nisNetgroup

ldap.nssmap.objectClass.posixAccount sAMAccountName

ldap.nssmap.objectClass.posixGroup Group

ldap.passwd                  ******

ldap.port                    389

ldap.servers

ldap.servers.preferred

ldap.ssl.enable              off

ldap.timeout                 20

ldap.usermap.attribute.unixaccount sAMAccountName

ldap.usermap.attribute.windowsaccount sAMAccountName

ldap.usermap.base

ldap.usermap.enable          on

----------------------------------------------------------------------------------------

I get the following error messages:

----------------------------------------------------------------------------------------

Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for DC2.AD.CXO.NAME.

Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (muc).

Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query.

Mon Jul 30 13:58:06 CEST [chip1: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for DC2.AD.CXO.NAME complete. 0 unique addresses found

----------------------------------------------------------------------------------------

Testing:

----------------------------------------------------------------------------------------

chip1*> getXXbyYY getpwbyname_r sknauf

Could not get passwd entry for name = sknauf

chip1*> wcc -u adcxo/sknauf

no passwd entry for adcxo/sknauf

----------------------------------------------------------------------------------------

nsswitch.conf :

----------------------------------------------------------------------------------------

chip1*> rdfile /etc/nsswitch.conf

#Auto-generated by LDAP Mon Jul 30 10:42:32 CEST 2012

hosts: files       nis     dns

passwd: files ldap

netgroup: files ldap

group: files    ldap

shadow: files   ldap     nis

----------------------------------------------------------------------------------------

Ping:

----------------------------------------------------------------------------------------

chip1*> ping dc2.ad.cxo.name

dc2.ad.cxo.name is alive

chip1*> ping dc2

dc2.ad.cxo.name is alive

----------------------------------------------------------------------------------------

Thanks & greets

Steffen
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters

Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.