Bug 3265 - net ads join "OU=<container>"
Summary: net ads join "OU=<container>"
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.9
Hardware: x64 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-16 07:30 UTC by Jason Gerfen
Modified: 2006-04-08 23:13 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Gerfen 2005-11-16 07:30:41 UTC
SuSE 9.3 (all patches)
Samba 3.0.13-1.1

After following the SAMBA HOWTO for using ADS authentication I have come accross a problem.

In Chapter 6 Section II of the Samba 3 HOWTO I performed the following commands:

%> kinit user@REALM.COM
%> net ads join -U user@REALM.COM
%> net ads join -U user@REALM.COM "new_OU_container"

The joined worked, I am able to view users, authentication any users from the "new_OU_container" without problem.  However because I needed to authenticate users from other containers as well I connected to the Domain and removed the computer from the OU=computers container and rejoined the domain NOT mapping a specific container.

The problem is that I am still only able to view/authenticate users in the "OU=new_OU_container" vs. the "CN=Users" default container.

I have tested this by setting up a new windows 2000 domain which mimicked the live environment, created a new samba server with the following smb.conf and I was able to view/authenticate users in any container because I did not initially specify the container in which to add the compuer account to.

I am hoping I could perhaps get an updated RPM for SuSE with the latest Winbind, SMBD, NMBD which Mr. Testra has informed me is available but not released as an installable RPM for the SuSE OS.

[smb.conf]
[global]
        workgroup = DOMAIN
        realm = DOMAIN.COM
        server string = samba_server.domain.com
        security = ADS
        update encrypted = Yes
        encrypt passwords = yes
        password server = *
        preferred master = No
        domain master = No
        idmap uid = 500-500000
        idmap gid = 500-500000
        winbind separator = /
        winbind cache time = 5
        winbind use default domain = Yes
        winbind nested groups = Yes
        log level = 2
        interfaces = eth*
        bind interfaces only = yes

[share]
        path = /share
        read only = No
        inherit acls = Yes
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-04-08 23:13:47 UTC
we don't restruct users to a given OU.  Please retest against a current release and reopen if the issue still exists.