similar to: strange Samba3 / sudo / ldapsearch problem

On Tue, 2016-04-19 at 10:29 +1000, John Gardeniers wrote: > I'm setting up a test domain in order to try out Sudoers LDAP and > have  > run into a problem that has my puzzled. On our production domain I > can  > run a query such as: > > ldapsearch  -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b  > "dc=ourdomain,dc=com,dc=au" -s sub > >

On 19/04/16 01:29, John Gardeniers wrote: > I'm setting up a test domain in order to try out Sudoers LDAP and have > run into a problem that has my puzzled. On our production domain I can > run a query such as: > > ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b > "dc=ourdomain,dc=com,dc=au" -s sub > Try using ldbsearch instead:

Hi, testparm -v | grep 'ldap serve' Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions ldap server require

Hi Andrew, I don't understand why 2 systems running the exact same version of Samba have different behaviour. Is this an option I can disable? regards, John On 19/04/16 11:29, Andrew Bartlett wrote: > On Tue, 2016-04-19 at 10:29 +1000, John Gardeniers wrote: >> I'm setting up a test domain in order to try out Sudoers LDAP and >> have >> run into a problem that has

I'm setting up a test domain in order to try out Sudoers LDAP and have run into a problem that has my puzzled. On our production domain I can run a query such as: ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b "dc=ourdomain,dc=com,dc=au" -s sub However, running an equivalent search on a freshly installed test domain, using the exact same version of Samba

Things goes further. To use GSSAPI and so the Kerberos ticket obtained with kinit I was missing "-Y GSSAPI". It seems GSSAPI and TLS are meant to be used together: ---------------------------------------- ldapsearch -Y GSSAPI -LLL -H ldaps://SAMBA.DOMAIN.TLD SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Server is unwilling to perform (53) additional info:

Samba 4.0.0beta4, CentOS 6.3 (openldap 2.4.23-26.el6), samba-generated krb5.conf. I have joined a Linux client to the samba4 domain and extracted the kerberos5 keytab (using "kerberos method = system keytab"): # kinit Administrator (succeeds) # net ads join createupn=host/<client.fqdn>@REALM -k (succeeds) # net ads keytab create (succeeds) # net ads testjoin (is OK) #

ERRATUM: It seems GSSAPI and TLS are *NOT* meant to be used together: 2015-10-15 16:20 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Things goes further. To use GSSAPI and so the Kerberos ticket obtained > with kinit I was missing "-Y GSSAPI". > > It seems GSSAPI and TLS are meant to be used together: > ---------------------------------------- >

Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in

Solved : ) Reminder of the issue: Every services (CIFS, Kerberos, LDAP, DNS, RPC) on one DC were working well and ldapsearch using DN and password were also working. The only thing which was not working was ldapsearch using GSSAPI authentication with the following error: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic

Hi all, I've got on AD DC using Samba 4.4.3 on Centos7 which accept Kerberos connections (kinit is working), which accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI

More information, making me more crazy: - ldapsearch without SASL is working from any host: ldapsearch -D 'CN=user-ldapmodify,OU=OurUsers,DC=ad,DC=domain,dc=tld' -w Passw0rd -x -ZZ -b 'dc=ad,DC=domain,dc=tld' -h dc106 sAMAccountName=administrator dn - ldapsearch with SASL is not working (Kerberos ticket existing following a working kinit) from any host but it works when launched

Hi, I dunno much about exploiting, but I was wondering about the setuid root program 'opiepasswd' to use one-time-passwords. When having a seed of (null) and a sequence of -1, I get a segfault. Kernel/base: FreeBSD lama.inet-solutions.be 4.8-RELEASE-p4 FreeBSD 4.8-RELEASE-p4 #0: Sun Aug 31 21:00:38 CEST 2003 root@lama.inet-solutions.be:/usr/obj/usr/src/sys/LAMA i386 Make.conf:

I'm trying to set up my ldap directory to use kerberos passwords. I have compiled openldap with --with-kpasswd, added the principal ldap/iceage.sg.org.br@SG.ORG.BR to kerberos. Also, I have prepared the user entries in LDAP with these fields (in addition to other ones): objectClass: krb5Principal krb5PrincipalName: diego@SG.ORG.BR cn: Diego Lima userPassword: {KERBEROS}diego@SG.ORG.BR I

OK, I've got a little further and I think I have tracked this down to a reverse DNS issue - which was non-obvious to me, so here is a write-up for the benefit of the archives. The part that was failing was this: [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: dc1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure

Hi all, I'd like to perform some ldapsearch against my AD domain. And I'd like to be able to perform these ldapsearch using GSSAPI to avoid usage of password in scripts. DC are using default configuration file: ---------------------------------------- # Global parameters [global] workgroup = SAMBA.DOMAIN realm = SAMBA.DOMAIN.TLD netbios name = M707 server

On Sat, 6 Apr 2019 04:52:38 -0400 Jonathon Reinhart via samba <samba at lists.samba.org> wrote: > Hello, > > I'm writing in regards to this issue I opened on GitHub: > https://github.com/python-ldap/python-ldap/issues/275 > > I am able to successfully use ldapsearch to query my Samba > 4.9.4-Debian DC: > > ldapsearch -LLL -Y GSSAPI -H

Hi, I've encountered a really wierd problem the winbind process when trying to start up the samba services, I hope someone can assist I start up the smbd service from the command line (using "smbd -D"), it starts sucessfully When I then attempt to start the winbind service (using "winbind -B") it immediately responds with message: "open_winbind_socket: Resource

Hello, I'm writing in regards to this issue I opened on GitHub: https://github.com/python-ldap/python-ldap/issues/275 I am able to successfully use ldapsearch to query my Samba 4.9.4-Debian DC: ldapsearch -LLL -Y GSSAPI -H ldap://samba-dc.ad.example.com -b "dc=ad,dc=example,dc=com" "(objectClass=user)" "sAMAccountName" However, when I try to use python-ldap I

I keep getting the follwing error when trying to syslinux my DiskOnChip: ERROR 440D: Unable to lock drive for exclusive access I tried using the 4.2 and 5.1.4 DiskOnChip utils to format it first. I've tried 2 PCs and a few different DiskOnChips. I triied several options and always get the same message, The DiskOnChips have worked in DOS and Pharlap, so the Hardware is OK. Any ideas? TIA,