[Samba] Ldapsearch against Samba 4
Rowland penny
rpenny at samba.org
Tue Apr 19 08:30:33 UTC 2016
On 19/04/16 01:29, John Gardeniers wrote:
> I'm setting up a test domain in order to try out Sudoers LDAP and have
> run into a problem that has my puzzled. On our production domain I can
> run a query such as:
>
> ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b
> "dc=ourdomain,dc=com,dc=au" -s sub
>
Try using ldbsearch instead:
ldbsearch -H ldap://dc1 -Ume -b "dc=ourdomain,dc=com,dc=au" -s sub
Or with kerberos (run kinit & klist to get correct ticket cache)
ldbsearch -H ldap://DC -Ume -k yes
--krb5-ccache=/tmp/krb5cc_10000_VzsXW8 -b "dc=ourdomain,dc=com,dc=au" -s sub
> However, running an equivalent search on a freshly installed test
> domain, using the exact same version of Samba and the same smb.conf
> (with appropriate domain adjustments), I get the following error:
>
> ldap_sasl_interactive_bind_s: Strong(er) authentication required (8)
> additional info: SASL:[NTLM]: Sign or Seal are required.
>
> I believe this is the problem behind sssd not working on the test
> domain client, which I need to get working before I can proceed.
>
You do know that you don't need to use sssd to get sudo working with AD,
don't you ?
Rowland
> To the best of my recollection, we have never done anything special to
> the production domain to allow such queries. What have I missed?
>
> regards,
> John
>
>
More information about the samba
mailing list