KDC not works in configuration with trusted domain

Evgeny Sinelnikov sin at altlinux.org
Tue Oct 10 20:57:38 UTC 2017 

2017-10-11 0:49 GMT+04:00 Evgeny Sinelnikov <sin at altlinux.org>:
> 2017-10-11 0:28 GMT+04:00 Rowland Penny via samba-technical
> <samba-technical at lists.samba.org>:
>> On Wed, 11 Oct 2017 00:18:33 +0400
>> Evgeny Sinelnikov <sin at altlinux.org> wrote:
>>
>>>
>>> Something interesting - found ldb request to reproduce this problem
>>> without server:
>>>
>>> [root at samba-dc ~]# ldbsearch -H
>>> /var/lib/samba/private/sam.ldb.d/CN\=CONFIGURATION\,DC\=ADM72\,DC\=LOCAL.ldb
>>> -b CN=Partitions,CN=Configuration,DC=adm72,DC=local
>>> '(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=2))'
>>> nCName systemFlags -d0
>>
>> I repeat, as you seem to have missed it, do not search in or alter
>> anything in sam.ldb.d, only search in sam.ldb. If a record isn't found
>> and you think it should exist, use '--cross-ncs' with the ldb tool.
>>
>
> [root at samba-dc ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> CN=Partitions,CN=Configuration,DC=adm72,DC=local
> '(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=2))'
> nCName systemFlags --cross-ncs -d0
> # record 1
> dn: CN=ADM72,CN=Partitions,CN=Configuration,DC=adm72,DC=local
> nCName: DC=adm72,DC=local
> systemFlags: 3
>
> # record 2
> dn: CN=OMSU,CN=Partitions,CN=Configuration,DC=adm72,DC=local
> systemFlags: 3
>
> # returned 2 records
> # 2 entries
> # 0 referrals
>
> No result with --cross-ncs. But it exists in
> sam.ldb.d/CN\=CONFIGURATION\,DC\=ADM72\,DC\=LOCAL.ldb. And it must be
> there, as I understand.


If 'nCName' attribute not exists this request would be not revert record 2:

[root at samba-dc ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b
CN=Partitions,CN=Configuration,DC=adm72,DC=local
'(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=2)(nCName=*))'
nCName systemFlags --cross-ncs -d0
# record 1
dn: CN=ADM72,CN=Partitions,CN=Configuration,DC=adm72,DC=local
nCName: DC=adm72,DC=local
systemFlags: 3

# record 2
dn: CN=OMSU,CN=Partitions,CN=Configuration,DC=adm72,DC=local
systemFlags: 3

# returned 2 records
# 2 entries
# 0 referrals


-- 
Sin (Sinelnikov Evgeny)

More information about the samba-technical mailing list