Why do I get a failed to connect to LDAP URL when using Samba's Ldb Python module?
Richard Sharpe
realrichardsharpe at gmail.com
Mon Aug 17 16:55:41 UTC 2015
On Sat, Aug 15, 2015 at 10:33 AM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> On Fri, Aug 14, 2015 at 11:01 PM, Andrew Bartlett <abartlet at samba.org> wrote:
>> On Fri, 2015-08-14 at 15:36 -0700, Richard Sharpe wrote:
>>> On Fri, Aug 14, 2015 at 1:59 PM, Richard Sharpe
>>> <realrichardsharpe at gmail.com> wrote:
>>> > Hi folks,
>>> >
>>> > I just got this:
>>> >
>>> > >>> from samba import Ldb
>>> > >>> ldb_obj =
>>> > Ldb('ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com',
>>> > credentials=creds)
>>> > Failed to connect to ldap URL
>>> > 'ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com' - LDAP client
>>> > internal error: NT_STATUS_BAD_NETWORK_NAME
>>> > Failed to connect to
>>> > 'ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com' with backend
>>> > 'ldap':(null)
>>> > Traceback (most recent call last):
>>> > File "<stdin>", line 1, in <module>
>>> > File "/usr/lib64/python2.6/site-packages/samba/__init__.py",
>>> > line
>>> > 114, in __init__
>>> > self.connect(url, flags, options)
>>> > _ldb.LdbError: (1, None)
>>> >
>>> > It looked so easy ... but wasn't.
>>> >
>>> > What have I done wrong?
>>>
>>> OK, I seem to have made some progress on this:
>>>
>>> >>> from samba.credentials import DONT_USE_KERBEROS
>>> >>> creds = Credentials()
>>> >>> creds.set_kerberos_state(DONT_USE_KERBEROS)
>>> >>> creds.set_username('administrator')
>>> >>> creds.set_password("some-pass")
>>> >>> creds.set_forced_sasl_mech("EXTERNAL")
>>
>> You probably don't want this line.
>>
>>> >>> ldb_obj = Ldb("ldap://10.4.45.1", credentials=creds)
>
> Well, except that when I use the dns name I get NT_STATUS_BAD_NETWORK_NAME.
>
> Then I tried this:
>
>>>> from samba import param
>>>> lp = param.LoadParm()
>>>> lp.load('/dev/null')
>>>> from samba.credentials import Credentials
>>>> from samba import Ldb
>>>> creds=Credentials()
>>>> creds.set_username('administrator')
> True
>>>> creds.set_password('the-real-password')
> True
>>>> ldb_obj=Ldb('ldap://10.4.45.1', lp=lp, credentials=creds)
> Segmentation fault
Here is a potential fix for that seg fault:
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f99257d..1f22241 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -146,7 +146,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *ge
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
int flags = 0;
- const char *user, *domain;
+ const char *user, *domain, *workstation;
TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
if (!mem_ctx) {
@@ -224,6 +224,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *g
cli_credentials_get_ntlm_username_domain(gensec_security->credentials, m
&user, &domain);
+ workstation = cli_credentials_get_workstation(gensec_security->credentia
+
+ if (user = NULL || domain == NULL || workstation == NULL) {
+ DEBUG(10, ("One or more of user, domain or workstation is NULL\n
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
flags |= CLI_CRED_NTLM2;
}
@@ -305,7 +312,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *ge
nt_response.data, nt_response.length,
domain,
user,
- cli_credentials_get_workstation(gensec_security->credenti
+ workstation,
encrypted_session_key.data, encrypted_session_key.length,
ntlmssp_state->neg_flags);
if (!NT_STATUS_IS_OK(nt_status)) {
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list