On Wed, 2021-11-24 at 23:24 +0300, Oljas Kuzembaev via samba wrote:> Thank you! > > I am on FreeBSD and my knowledge of sed is poor. Trying to adapt to > my > shell, I`ve butchered your line to this: > > # samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su" | grep > cifs > > that lists some osX machines: > > servicePrincipalName: cifs/air1411.oml.su > servicePrincipalName: cifs/macpro2008.oml.su > servicePrincipalName: cifs/macmini20151116.oml.su > servicePrincipalName: cifs/macbook-air-150.oml.su > > But no sign of SPN cifs/oml.su, which I am looking for. > > Is that because of bad interpretation of your line?No, I wouldn't have thought so. Your search dumps the entire AD and the grep only prints the lines that contain 'cifs'. Just as an aside, why is ldbsearch called samba-ldbsearch on freebsd ? As far as I am aware, only Samba produces ldbsearch, so the 'samba-' is a bit superfluous. You could try it like this: samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su" -s sub "(servicePrincipalName=cifs/oml.su)" servicePrincipalName samAccountName If that doesn't show the SPN, try adding '--cross-ncs' after 'samba- ldbsearch ' and you could also try adding '--show-deleted' just in case it is deleted (though I don't think it is) Rowland
On 24.11.2021 23:50, Rowland Penny via samba wrote:> > Just as an aside, why is ldbsearch called samba-ldbsearch on freebsd ?There is a standalone port of ldb (https://www.freshports.org/databases/ldb22), but it lacks functionality. So binary in samba port called? samba-ldbsearch.> > You could try it like this: > > samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su" -s sub > "(servicePrincipalName=cifs/oml.su)" servicePrincipalName > samAccountName > > If that doesn't show the SPN, try adding '--cross-ncs' after 'samba- > ldbsearch ' and you could also try adding '--show-deleted' just in case > it is deleted (though I don't think it is) > > Rowland >ldb_wrap open of secrets.ldb GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered resolve_lmhosts: Attempting lmhosts lookup for name home.oml.su<0x20> # Referral ref: ldap://oml.su/CN=Configuration,DC=oml,DC=su # Referral ref: ldap://oml.su/DC=DomainDnsZones,DC=oml,DC=su # Referral ref: ldap://oml.su/DC=ForestDnsZones,DC=oml,DC=su # returned 3 records # 0 entries # 3 referrals Still no related output.? '--cross-ncs' and '--show-deleted' also not much different.