[Samba] ldbsearch/kerberos issue

Geoff Crompton geoffc at trinity.unimelb.edu.au
Fri Apr 19 01:07:37 MDT 2013

On 19/04/13 12:06, Geoff Crompton wrote:
> Samba 4.0.5, Debian 6.0
> I can successfully perform an ldbsearch on the Samba ldb by specifying
> the -U parameter:
> <snip>
> and while I can kinit successfully, as this klist shows:
> <snip>
> I cannot use the resulting ticket to
> connect:
> <snip>
> Anyone know what's going on? This email may look familiar, Steve
> reported the same issue last July,
> https://lists.samba.org/archive/samba/2012-July/168315.html. This isn't
> the problem that Zach was talking about in
> https://lists.samba.org/archive/samba/2012-November/169941.html, as I'm
> not using an IP address in the url.

Someone contacted me offlist with a very helpful suggestion. Kerberos 
can't cope with a 'localhost' domain name.

So the following search works with kerberos authentication:

    $ /usr/local/samba/bin/ldbsearch -H
ldap://dc01.testad2.trinity.unimelb.edu.au -k yes 'CN=IT'


More information about the samba mailing list