[Samba] Problems setting up Samba+LDAP PDC in Debian Sarge

Gerald (Jerry) Carter jerry at samba.org
Wed Oct 26 12:07:17 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chema wrote:
...
| From Samba 3.0.12, it is now possible for admin users
| to join computers to the domain without using
| the "root" account."
| ...
| In fact, the 'root' account is needed in the first place
| so that the SeXXX privileges can be set.>>

Actually, any members of the domain admins group (rid=512)
can assign and revoke privileges.

| Anyway, after fiddling around looking for clues, I
| found that I no longer can get my local sid:
|
| [2005/10/25 11:20:25, 0] utils/net.c:net_getlocalsid(494)
|  Can't fetch domain SID for name: SERVIDOR1-PDC

That would be a pretty big issue, but smbd should regenerate
a random SID on startup.


| chema at dellj81:~$ ldappasswd
| SASL/DIGEST-MD5 authentication started
| Please enter your password:
| ldap_sasl_interactive_bind_s: Internal (implementation
|    specific) error (80)
|    additional info: SASL(-13): user not found: no
|    secret in database
|
| This produces the following sldap output:
....
| I have yet to enable TLS, so slapd shoulnd't be
| using SASL, right?

The StartTLS extended op and and SASL are independent things.








cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."               --anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDX3F1IR7qMdg1EfYRAjt6AJ9sIdpo+soLfgq5avrpLmh1uEqGWgCfeXHX
SuLmVP8Ef113COsZL5SrMic=
=w2N4
-----END PGP SIGNATURE-----


More information about the samba mailing list