On Thu, 2021-11-25 at 00:13 +0300, Oljas Kuzembaev via samba
wrote:> On 24.11.2021 23:50, Rowland Penny via samba wrote:
> > Just as an aside, why is ldbsearch called samba-ldbsearch on
> > freebsd ?
> There is a standalone port of ldb
> (https://www.freshports.org/databases/ldb22), but it lacks
> functionality. So binary in samba port called samba-ldbsearch.
> > You could try it like this:
> >
> > samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su"
-s sub
> > "(servicePrincipalName=cifs/oml.su)" servicePrincipalName
> > samAccountName
> >
> > If that doesn't show the SPN, try adding '--cross-ncs'
after
> > 'samba-
> > ldbsearch ' and you could also try adding '--show-deleted'
just in
> > case
> > it is deleted (though I don't think it is)
> >
> > Rowland
> >
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> resolve_lmhosts: Attempting lmhosts lookup for name home.oml.su<0x20>
> # Referral
> ref: ldap://oml.su/CN=Configuration,DC=oml,DC=su
>
> # Referral
> ref: ldap://oml.su/DC=DomainDnsZones,DC=oml,DC=su
>
> # Referral
> ref: ldap://oml.su/DC=ForestDnsZones,DC=oml,DC=su
>
> # returned 3 records
> # 0 entries
>
> # 3 referrals
>
>
> Still no related output. '--cross-ncs' and
'--show-deleted' also
> not
> much different.
>
Then by the look of it, the SPN doesn't exist in AD, is there a keytab
? if so, delete it and then recreate it.
Rowland