KDC not works in configuration with trusted domain
Rowland Penny
rpenny at samba.org
Mon Oct 9 17:53:34 UTC 2017
On Mon, 9 Oct 2017 17:55:07 +0400
Evgeny Sinelnikov via samba-technical <samba-technical at lists.samba.org>
wrote:
>
> # Local Data on Samba DC
> [root at samba-dc ~]# ldbsearch -k yes -H
> /var/lib/samba/private/sam.ldb.d/CN\=CONFIGURATION\,DC\=ADM72\,DC\=LOCAL.ldb
> -b CN=Partitions,CN=Configuration,DC=adm72,DC=local
> '(&(objectClass=crossRef))' dnsRoot nETBIOSName ncName rootTrust
> trustParent -d0 | grep -B1 -A2 'OMSU'
> # record 7
> dn: CN=OMSU,CN=Partitions,CN=Configuration,DC=adm72,DC=local
> nCName:
> <GUID=2db28977-e989-4528-bb73-af31dfaad9a7>;<SID=S-1-5-21-925305307-17
> 29258221-3996020766>;DC=omsu,DC=adm72,DC=local dnsRoot:
> omsu.adm72.local nETBIOSName: OMSU
> trustParent:
> <GUID=251e4849-921f-4d28-ad6a-da8aa4348925>;CN=ADM72,CN=Partition
> s,CN=Configuration,DC=adm72,DC=local
>
I cannot really help with this, except to point out two things:
One: the above search is wrong, you should never search, or even
worse change something, in sam.ldb.d. This search on a DC should work:
ldbsearch -H /var/lib/samba/private/sam.ldb -b
CN=Partitions,CN=Configuration,DC=adm72,DC=local
'(&(objectClass=crossRef))' dnsRoot nETBIOSName ncName rootTrust
trustParent -d0 | grep -B1 -A2 'OMSU'
It does for me:
ldbsearch -H /usr/local/samba/private/sam.ldb -b CN=Partitions,CN=Configuration,DC=samdom,DC=example,dc=com '(&(objectClass=crossRef))' dnsRoot nETBIOSName ncName rootTrust trustParent -d0 | grep -B1 -A2 'SAMDOM'
# record 5
dn: CN=SAMDOM,CN=Partitions,CN=Configuration,DC=samdom,DC=example,DC=com
nCName: DC=samdom,DC=example,DC=com
dnsRoot: samdom.example.com
nETBIOSName: SAMDOM
Which brings me to
Two: if 'nCName' isn't being returned, is it actually there ? Have
you tried dumping the entire object.
Rowland
More information about the samba-technical
mailing list