Bethel, Zach
2012-Oct-31 19:51 UTC
[Samba] ldbsearch returning NT_STATUS_INVALID_PARAMETER
I have a Samba DC connected to two Windows 2008 R2 DC's. On the Samba machine, if I run `ldbsearch -H ldaps://*SAMBA-DC-IP* -U administrator` It asks for my password and then works great. I can use any domain user and this works. However, if I instead run: `ldbsearch -H ldaps://10.120.160.12 -k1 --krb5-ccache=/tmp/krb5cc_0` I get this: Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to '...' with backend 'ldaps': (null) Failed to connect to ... - (null) This happens regardless of whether or not the ticket exists at /tmp/krb5cc_0 (I can run kinit to create it and kdestroy to remove it). It's not the most useful error message...and strace isn't turning up anything interesting. Any ideas? The information in this communication is intended solely for the individual or entity to whom it is addressed. It may contain confidential or legally privileged information. If you are not the intended recipient, any disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited, and may be unlawful. If you have received this communication in error, please notify us immediately by responding to the sender of this email, and then delete it from your system. Taylor University is not liable for the inaccurate or improper transmission of the information contained in this communication or for any delay in its receipt.
Andrew Bartlett
2012-Nov-05 03:34 UTC
[Samba] ldbsearch returning NT_STATUS_INVALID_PARAMETER
On Wed, 2012-10-31 at 19:51 +0000, Bethel, Zach wrote:> I have a Samba DC connected to two Windows 2008 R2 DC's. On the Samba machine, if I run `ldbsearch -H ldaps://*SAMBA-DC-IP* -U administrator` > > It asks for my password and then works great. I can use any domain user and this works. However, if I instead run: > > `ldbsearch -H ldaps://10.120.160.12 -k1 --krb5-ccache=/tmp/krb5cc_0` > > I get this: > > Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER > Failed to connect to '...' with backend 'ldaps': (null) > Failed to connect to ... - (null) > > This happens regardless of whether or not the ticket exists at /tmp/krb5cc_0 (I can run kinit to create it and kdestroy to remove it). It's not the most useful error message...and strace isn't turning up anything interesting. > > Any ideas?Kerberos requires a name for the target (all entries in the KDC are indexed by name), so we fail if presented with an IP address. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Seemingly Similar Threads
- Can't join domain (LDAP error)
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- winbind question. (challenge/response password authentication)
- common causes for failure to find domain controller ?
- Authentication to Secondary Domain Controller initially fails when PDC is offline