RhineDevil
2020-Jul-15 13:56 UTC
[Samba] Interacting with LDAP db without password as root
Wed, 15 Jul 2020 13:56:48 +0100 Rowland penny via samba <samba at lists.samba.org>:> On 15/07/2020 13:36, RhineDevil via samba wrote: > > How could I avoid being asked a password when interacting with /var/lib/samba/private/ldap_priv/ldapi through ldapsearch or ldaputils in general? > > (ldapsearch -H ldapi//%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldapi) > > Don't use ldap-utils, use ldb-tools and the machine password: > > sudo ldbsearch -P -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap > > Rowland"ldap client internal error NT_STATUS_UNSUCCESFUL" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: Firma digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20200715/08915dc1/attachment.sig>
Rowland penny
2020-Jul-15 14:23 UTC
[Samba] Interacting with LDAP db without password as root
On 15/07/2020 14:56, RhineDevil wrote:> Wed, 15 Jul 2020 13:56:48 +0100 Rowland penny via samba <samba at lists.samba.org>: >> On 15/07/2020 13:36, RhineDevil via samba wrote: >>> How could I avoid being asked a password when interacting with /var/lib/samba/private/ldap_priv/ldapi through ldapsearch or ldaputils in general? >>> (ldapsearch -H ldapi//%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldapi) >> Don't use ldap-utils, use ldb-tools and the machine password: >> >> sudo ldbsearch -P -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap >> >> Rowland > "ldap client internal error NT_STATUS_UNSUCCESFUL"Strange, I get: root at dc01:~# ldbsearch -P -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldapi ALL_MY_AD_RECORDS Snipped for brevity ..................... ................... ................. # Referral ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com # Referral ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com # Referral ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com # returned 479 records # 476 entries # 3 referrals You are running this on a DC ? Rowland
RhineDevil
2020-Jul-15 14:44 UTC
[Samba] Interacting with LDAP db without password as root
Wed, 15 Jul 2020 15:23:41 +0100 Rowland penny via samba <samba at lists.samba.org>:> On 15/07/2020 14:56, RhineDevil wrote: > > Wed, 15 Jul 2020 13:56:48 +0100 Rowland penny via samba <samba at lists.samba.org>: > >> On 15/07/2020 13:36, RhineDevil via samba wrote: > >>> How could I avoid being asked a password when interacting with /var/lib/samba/private/ldap_priv/ldapi through ldapsearch or ldaputils in general? > >>> (ldapsearch -H ldapi//%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldapi) > >> Don't use ldap-utils, use ldb-tools and the machine password: > >> > >> sudo ldbsearch -P -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap > >> > >> Rowland > > "ldap client internal error NT_STATUS_UNSUCCESFUL" > > Strange, I get: > > root at dc01:~# ldbsearch -P -H ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldapi > ALL_MY_AD_RECORDS > > Snipped for brevity > > ..................... > ................... > ................. > # Referral > ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com > > # Referral > ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > # Referral > ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com > > # returned 479 records > # 476 entries > # 3 referrals > > You are running this on a DC ? > > Rowland >Yes I think, I just did samba-tool domain provision [...] and then tried to connect with this socket -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: Firma digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20200715/93b4548f/attachment.sig>