[Samba] ldbsearch returning NT_STATUS_INVALID_PARAMETER

Andrew Bartlett abartlet at samba.org
Sun Nov 4 20:34:19 MST 2012

On Wed, 2012-10-31 at 19:51 +0000, Bethel, Zach wrote:
> I have a Samba DC connected to two Windows 2008 R2 DC's. On the Samba machine, if I run `ldbsearch -H ldaps://*SAMBA-DC-IP* -U administrator`
> It asks for my password and then works great. I can use any domain user and this works. However, if I instead run:
> `ldbsearch -H ldaps:// -k1 --krb5-ccache=/tmp/krb5cc_0`
> I get this:
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to '...' with backend 'ldaps': (null)
> Failed to connect to ... - (null)
> This happens regardless of whether or not the ticket exists at /tmp/krb5cc_0 (I can run kinit to create it and kdestroy to remove it). It's not the most useful error message...and strace isn't turning up anything interesting.
> Any ideas?

Kerberos requires a name for the target (all entries in the KDC are
indexed by name), so we fail if presented with an IP address.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list