[Samba] Samba43 on FreeBDS10.3 ldap db contents

James B. Byrne byrnejb at harte-lyne.ca
Wed Jul 6 20:27:02 UTC 2016


I am working through the book _Implementing Samba 4_ and revalidating
my existing install.  I am at the point where I need to check the
contents of the ldap database.  The instructions in the book say to do
this:

ldapsearch -x -h localhost -s base - \
  Dcn=Administrator,cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca
-W

Which produces this output:

# extended LDIF
#
# LDAPv3
# base <> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: -
Dcn=Administrator,cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca
-W
#

#
dn:

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Which I take to be a success given the result.  But this does not ask
for the Password as I expected.  Moving the -W switch to before the
subject name results in a password prompt but entering the
Administrator password fails authentication:

ldapsearch -vv -x -h localhost -s base -W -
Dcn=Administrator,cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca
ldap_initialize( ldap://localhost )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE


What am I doing wrong?  I am trying all this as the root user.  There
is no Administrator user in /etc/passwd.  Are the credentials being
requested those for the root user or for the Administrator user? 
Neither work.  Why is it succeeding when no password is requested?  If
I do a klist then this is the result:

 klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: Administrator at DOMAIN-02.HARTE-LYNE.CA

  Issued                Expires               Principal
Jul  6 15:11:53 2016  Jul  7 01:11:53 2016 
krbtgt/DOMAIN-02.HARTE-LYNE.CA at DOMAIN-02.HARTE-LYNE.CA


is this where ldap is getting its authentication?

I request your indulgence with respect to these questions. It has been
about 15 years since I last set up an AD-DC and I have zero previous
experience with Samba.

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




More information about the samba mailing list