[Samba] Samba4 KDC - no such entry found in hdb
Dmitry Khromov
icechrome at gmail.com
Mon Oct 1 01:48:47 MDT 2012
On Mon, 1 Oct 2012 10:43:59 +0400
Dmitry Khromov <icechrome at gmail.com> wrote:
> Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. At least 6 accounts behave like this:
> Kerberos: AS-REQ techgroup at KLIN.KIFATO-MK.COM from ipv4:192.168.1.31:33822 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM
...
> Kerberos: UNKNOWN -- techgroup at KLIN.KIFATO-MK.COM: no such entry found in hdb
This disappears once you reset the password on Windows DC, however not on Samba DC:
$ bin/samba-tool user setpassword dummyuser --newpassword=password --URL=ldap://sambadc -U someadminuser%someadminpassword # We hadn't reset password on Windows DC yet
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR: Failed to set password for user 'dummyuser': (1, 'LDAP error 1 LDAP_OPERATION
S_ERROR - <00002020: setup_supplemental_field: failed to pull old supplementalCr
edentialsBlob: NT_STATUS_BUFFER_TOO_SMALL> <>')
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/user.py", lin
e 547, in run
username=username)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/samdb.py", line 459,
in setpassword
self.modify_ldif(setpw)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py", line 2
35, in modify_ldif
self.modify(msg, controls)
Resetting password on Windows DC enables samba-tool to reset password for this account on Samba DC, too.
Somewhat broken DB on Windows? Any suggestions on how to fix such accounts in order to be able to reset passwords when Windows DC will be demoted?
--
Regards,
Dmitry Khromov
More information about the samba
mailing list