[Samba] ldbadd with kerberos ticket => 00002020: Operation unavailable without authentication

Andrew Bartlett abartlet at samba.org
Sat Sep 5 07:00:50 UTC 2015


On Tue, 2015-09-01 at 22:59 +0200, Quirin Maier wrote:
> Hi,
> 
> I'd like to use ldbadd with kerberos authentication using samba
> 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not
> being
> processed. Executing...
> 
> kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab
> 
> root at dc01:/# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at INTERNAL.DOMAIN.TLD
> 
> Valid starting     Expires            Service principal
> 09/01/15 20:36:16  09/02/15 06:36:16
>  krbtgt/INTERNAL.DOMAIN.TLD at INTERNAL.DOMAIN.TLD
> renew until 09/02/15 20:36:16
> 
> root at dc01:/# ldbadd -k yes -H ldap://localhost << EOF
> dn: CN=Groups,DC=internal,DC=domain,DC=tld
> objectClass: container
> objectClass: top
> cn: Groups
> objectCategory:
> CN=Container,CN=Schema,CN=Configuration,DC=internal,DC=domain,DC=tld
> description: Default container for upgraded group accounts
> EOF
> 
> results in:
> ERR: Operations error : "LDAP error 1 LDAP_OPERATIONS_ERROR - 
>  <00002020:
> Operation unavailable without authentication> <>" on DN
> CN=Groups,DC=internal,DC=domain,DC=tld at block before line 6
> 
> Anybody else who has the same problem? Or could somebody enlighten
> me, what
> I'm doing wrong here?
> 
> btw: ldbadd -U DOMAIN/User%password ... works.

This looks like https://bugzilla.samba.org/show_bug.cgi?id=11265 which
should be in the next 4.2 release.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba mailing list