[Samba] ldbadd with kerberos ticket => 00002020: Operation unavailable without authentication
Andrew Bartlett
abartlet at samba.org
Sat Sep 5 07:00:50 UTC 2015
On Tue, 2015-09-01 at 22:59 +0200, Quirin Maier wrote:
> Hi,
>
> I'd like to use ldbadd with kerberos authentication using samba
> 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not
> being
> processed. Executing...
>
> kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab
>
> root at dc01:/# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at INTERNAL.DOMAIN.TLD
>
> Valid starting Expires Service principal
> 09/01/15 20:36:16 09/02/15 06:36:16
> krbtgt/INTERNAL.DOMAIN.TLD at INTERNAL.DOMAIN.TLD
> renew until 09/02/15 20:36:16
>
> root at dc01:/# ldbadd -k yes -H ldap://localhost << EOF
> dn: CN=Groups,DC=internal,DC=domain,DC=tld
> objectClass: container
> objectClass: top
> cn: Groups
> objectCategory:
> CN=Container,CN=Schema,CN=Configuration,DC=internal,DC=domain,DC=tld
> description: Default container for upgraded group accounts
> EOF
>
> results in:
> ERR: Operations error : "LDAP error 1 LDAP_OPERATIONS_ERROR -
> <00002020:
> Operation unavailable without authentication> <>" on DN
> CN=Groups,DC=internal,DC=domain,DC=tld at block before line 6
>
> Anybody else who has the same problem? Or could somebody enlighten
> me, what
> I'm doing wrong here?
>
> btw: ldbadd -U DOMAIN/User%password ... works.
This looks like https://bugzilla.samba.org/show_bug.cgi?id=11265 which
should be in the next 4.2 release.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list