KDC not works in configuration with trusted domain
Evgeny Sinelnikov
sin at altlinux.org
Wed Oct 11 18:08:47 UTC 2017
2017-10-11 11:59 GMT+04:00 Rowland Penny via samba-technical
<samba-technical at lists.samba.org>:
> On Wed, 11 Oct 2017 01:33:33 +0400
> Evgeny Sinelnikov <sin at altlinux.org> wrote:
>
>> > Have you tried dumping the entire object:
>> >
>> > ldbsearch -H /var/lib/samba/private/sam.ldb -b
>> > CN=Partitions,CN=Configuration,DC=adm72,DC=local
>> > '(&(objectClass=crossRef)(cn=omsu))'
>> >
>>
>> I do it this time:
>>
>> [root at samba-dc ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b
>> CN=Partitions,CN=Configuration,DC=adm72,DC=local
>> '(&(objectClass=crossRef)(cn=omsu))' -d0
>> # record 1
>> dn: CN=OMSU,CN=Partitions,CN=Configuration,DC=adm72,DC=local
>> objectClass: top
>> objectClass: crossRef
>> cn: OMSU
>> instanceType: 4
>> whenCreated: 20130214104456.0Z
>> whenChanged: 20130214110622.0Z
>> uSNCreated: 9696
>> uSNChanged: 9696
>> showInAdvancedViewOnly: TRUE
>> name: OMSU
>> objectGUID: 1258a934-cb2d-467d-b4a9-5105756cba94
>> dnsRoot: omsu.adm72.local
>> nETBIOSName: OMSU
>> nTMixedDomain: 0
>> systemFlags: 3
>> trustParent: CN=ADM72,CN=Partitions,CN=Configuration,DC=adm72,DC=local
>> objectCategory:
>> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=adm72,DC=local
>> msDS-Behavior-Version: 3 distinguishedName:
>> CN=OMSU,CN=Partitions,CN=Configuration,DC=adm72,DC=local
>>
>
> Well, it is obvious now why you aren't getting 'nCName' returned, it
> isn't there.
I don't understand why are think so...
1) Data for CN=Configuration,DC=adm72,DC=local consists in special
partition and It's there.
2) This attribute replicated from original DC, there it exists.
3) Same request to original DC works.
4) Explicit request
'(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.803:=2)(nCName=*))'
should return the Object, only if 'nCName' attribute exists.
It looks like a bug in dsdb/ldb.
--
Sin (Sinelnikov Evgeny)
More information about the samba-technical
mailing list