net ads search on trusted domain failed due to missing realm param.
Nimrod Sapir
NIMRODS at il.ibm.com
Wed Jan 9 08:31:55 MST 2013
Hi
I've been experimenting with "net ads search" command, and noticed a weird
behavior when trying to run searches on the non-default domain.
Let's assume I have two domains, mydomain.com and mydomain2.com, with
trust relation between them. Now, I've joined my Samba server (3.6.10) as
client to the first one. Therefore, the smb.conf will contain:
realm = mydomain.com
workgroup = MYDOMAIN
Now, if I run:
net ads search objectClass=user
I get all the users from mydomain.com domain. Now, when I try to run the
command for mydomain2 domain:
net ads search -w MYDOMAIN2 objectClass=user
I get the following error:
"ads_find_dc: no realm or workgroup! Don't know what to do"
Looking at the code, it seems that the ads_find_dc function assumes that
if it does not have any workgroup or realm, it should use the default one.
But if only one is missing (in that case, the realm) it returns an error.
However, there is no parameter I can use to define the realm for the
request. I found a workaround for this issue, by creating a new conf file,
/tmp/conf_domain2, containing the realm and workgroup:
[global]
realm = mydomain2.com
workgroup = MYDOMAIN2
and running "net ads search -s /tmp/conf_domain2 objectClass=user". But
this is extremely counter-intuitive. Do you think the above is something
that should be fixed (probably by adding a realm param to the net
command)? Is there an easier way of running ldap search on a trusted
domain?
Thanks
Nimrod Sapir
IBM - XIV, Israel
NAS Development Team
Office: +972-3-689-7763
Cell: +972-54-7726-320
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1338 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130109/a3bc3bf8/attachment.gif>
More information about the samba-technical
mailing list