[Samba] Samba 4.1.6 (Ubuntu 14.04) ldapsearch memberof
Andrey
andrew_dev at hotmail.com
Sun Nov 23 17:19:52 MST 2014
Hi everyone,
I recently installed Samba 4.1.6 on Ubuntu Server 14.04.01 LTS.
My provision was:
samba-tool domain provision \--realm=DOT.LAN \--domain=DOT
\--adminpass='Pa77w0rd' \--dns-backend=SAMBA_INTERNAL \--server-role=dc
\--use-xattr=yes \--use-rfc2307 \--function-level=2008_R2 \--use-ntvfs
All required steps and tests according samba wiki are completed
successfully.
When I do following query I am getting right answer too:
ldapsearch -h srv10.dot.lan -x -LLL -D Administrator at dot.lan -W -b
"dc=dot,dc=lan" "(&(CN=*)(memberOf=CN=Domain
Admins,CN=Users,DC=dot,DC=lan))"
Enter LDAP Password:
dn: CN=Administrator,CN=Users,DC=dot,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20141118230145.0Z
whenChanged: 20141118230145.0Z
uSNCreated: 3545
uSNChanged: 3545
name: Administrator
objectGUID:: 231tfDn2Hk2oKoILIg4Ubw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 130608253050000000
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAvxqrOPvvKFwaHdNy9AEAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=dot,DC=lan
isCriticalSystemObject: TRUE
memberOf: CN=Administrators,CN=Builtin,DC=dot,DC=lan
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=dot,DC=lan
memberOf: CN=Enterprise Admins,CN=Users,DC=dot,DC=lan
memberOf: CN=Schema Admins,CN=Users,DC=dot,DC=lan
memberOf: CN=Domain Admins,CN=Users,DC=dot,DC=lan
distinguishedName: CN=Administrator,CN=Users,DC=dot,DC=lan
# refldap://dot.lan/CN=Configuration,DC=dot,DC=lan
# refldap://dot.lan/DC=DomainDnsZones,DC=dot,DC=lan
# refldap://dot.lan/DC=ForestDnsZones,DC=dot,DC=lan
However, when I do this query, I am getting strange result:
ldapsearch -h srv10.tcbv.tk -x -LLL -D Administrator at dot.lan -W -b
"dc=dot,dc=lan" "(&(CN=*)(memberOf=CN=Domain Users,CN=Users,DC=dot,DC=lan))"
Enter LDAP Password:
# refldap://dot.lan/CN=Configuration,DC=dot,DC=lan
# refldap://dot.lan/DC=DomainDnsZones,DC=dot,DC=lan
# refldap://dot.lan/DC=ForestDnsZones,DC=dot,DC=lan
Logs does not show any changes. Please be aware the difference in queries is
in memberOf=CN= . First group name is Domain Admins and second is Domain
Users.
Do I miss something? Are there any security restrictions?
Thank you.
More information about the samba
mailing list