KDC not works in configuration with trusted domain
Evgeny Sinelnikov
sin at altlinux.org
Tue Oct 10 20:49:12 UTC 2017
2017-10-11 0:28 GMT+04:00 Rowland Penny via samba-technical
<samba-technical at lists.samba.org>:
> On Wed, 11 Oct 2017 00:18:33 +0400
> Evgeny Sinelnikov <sin at altlinux.org> wrote:
>
>>
>> Something interesting - found ldb request to reproduce this problem
>> without server:
>>
>> [root at samba-dc ~]# ldbsearch -H
>> /var/lib/samba/private/sam.ldb.d/CN\=CONFIGURATION\,DC\=ADM72\,DC\=LOCAL.ldb
>> -b CN=Partitions,CN=Configuration,DC=adm72,DC=local
>> '(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=2))'
>> nCName systemFlags -d0
>
> I repeat, as you seem to have missed it, do not search in or alter
> anything in sam.ldb.d, only search in sam.ldb. If a record isn't found
> and you think it should exist, use '--cross-ncs' with the ldb tool.
>
[root at samba-dc ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b
CN=Partitions,CN=Configuration,DC=adm72,DC=local
'(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=2))'
nCName systemFlags --cross-ncs -d0
# record 1
dn: CN=ADM72,CN=Partitions,CN=Configuration,DC=adm72,DC=local
nCName: DC=adm72,DC=local
systemFlags: 3
# record 2
dn: CN=OMSU,CN=Partitions,CN=Configuration,DC=adm72,DC=local
systemFlags: 3
# returned 2 records
# 2 entries
# 0 referrals
No result with --cross-ncs. But it exists in
sam.ldb.d/CN\=CONFIGURATION\,DC\=ADM72\,DC\=LOCAL.ldb. And it must be
there, as I understand.
--
Sin (Sinelnikov Evgeny)
More information about the samba-technical
mailing list