[Samba] Ldapsearch against Samba 4
jgardeniers at objectmastery.com
Tue Apr 19 21:28:07 UTC 2016
Before I start with Sudoers LDAP I need to have the test system
replicate our production system, hence the need for sssd and a working
ldapsearch. Without that replicated capability any testing of new
capability is pointless.
The answer from Mathias Dufresne solved the ldapsearch problem.
On 19/04/16 18:30, Rowland penny wrote:
> On 19/04/16 01:29, John Gardeniers wrote:
>> I'm setting up a test domain in order to try out Sudoers LDAP and
>> have run into a problem that has my puzzled. On our production domain
>> I can run a query such as:
>> ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b
>> "dc=ourdomain,dc=com,dc=au" -s sub
> Try using ldbsearch instead:
> ldbsearch -H ldap://dc1 -Ume -b "dc=ourdomain,dc=com,dc=au" -s sub
> Or with kerberos (run kinit & klist to get correct ticket cache)
> ldbsearch -H ldap://DC -Ume -k yes
> --krb5-ccache=/tmp/krb5cc_10000_VzsXW8 -b "dc=ourdomain,dc=com,dc=au"
> -s sub
>> However, running an equivalent search on a freshly installed test
>> domain, using the exact same version of Samba and the same smb.conf
>> (with appropriate domain adjustments), I get the following error:
>> ldap_sasl_interactive_bind_s: Strong(er) authentication required (8)
>> additional info: SASL:[NTLM]: Sign or Seal are required.
>> I believe this is the problem behind sssd not working on the test
>> domain client, which I need to get working before I can proceed.
> You do know that you don't need to use sssd to get sudo working with
> AD, don't you ?
>> To the best of my recollection, we have never done anything special
>> to the production domain to allow such queries. What have I missed?
More information about the samba