Samba 4.0.5, Debian 6.0
I can successfully perform an ldbsearch on the Samba ldb by specifying
the -U parameter:
geoffc at test-dc03: ~ $ /usr/local/samba/bin/ldbsearch -H
ldap://localhost -U geoffc 'CN=IT' objectClass
Password for [STAFF\geoffc]:
# record 1
dn: CN=IT,CN=Users,DC=testad2,DC=trinity,DC=unimelb,DC=edu,DC=au
objectClass: top
objectClass: posixGroup
objectClass: group
<snip>
and while I can kinit successfully, as this klist shows:
geoffc at test-dc03: ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_12823
Default principal: geoffc at TESTAD2.TRINITY.UNIMELB.EDU.AU
Valid starting Expires Service principal
04/19/13 10:35:28 04/19/13 20:35:28
krbtgt/TESTAD2.TRINITY.UNIMELB.EDU.AU at TESTAD2.TRINITY.UNIMELB.EDU.AU
renew until 04/20/13 10:35:24
04/19/13 10:35:32 04/19/13 20:35:28
ldap/dc01.testad2.trinity.unimelb.edu.au at TESTAD2.TRINITY.UNIMELB.EDU.AU
I cannot use the resulting ticket to
connect:
geoffc at test-dc03: ~ $ /usr/local/samba/bin/ldbsearch -H
ldap://localhost -k yes 'CN=IT'
Failed to bind - LDAP client internal error:
NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://localhost' with backend
'ldap': (null)
Failed to connect to ldap://localhost - (null)
Anyone know what's going on? This email may look familiar, Steve
reported the same issue last July,
https://lists.samba.org/archive/samba/2012-July/168315.html. This isn't
the problem that Zach was talking about in
https://lists.samba.org/archive/samba/2012-November/169941.html, as I'm
not using an IP address in the url.
Cheers,
Geoff