[Samba] Samba43 on FreeBDS10.3 ldap db contents
Rowland penny
rpenny at samba.org
Wed Jul 6 20:54:47 UTC 2016
On 06/07/16 21:27, James B. Byrne wrote:
> I am working through the book _Implementing Samba 4_ and revalidating
> my existing install. I am at the point where I need to check the
> contents of the ldap database. The instructions in the book say to do
> this:
What book??
Have you tried reading the Samba wiki:
https://wiki.samba.org/index.php/Main_Page
>
> ldapsearch -x -h localhost -s base - \
> Dcn=Administrator,cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca
> -W
I take it you are running the above command on the Samba 4 DC, try this
instead:
ldbsearch -H ldap://localhost -b
'cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca' -s sub
(cn=Administrator)' -U <a domain user>
>
> Which produces this output:
>
> # extended LDIF
> #
> # LDAPv3
> # base <> (default) with scope baseObject
> # filter: (objectclass=*)
> # requesting: -
> Dcn=Administrator,cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca
> -W
> #
>
> #
> dn:
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Which I take to be a success given the result.
Ah no, it should have dumped the entire AD contents.
> But this does not ask
> for the Password as I expected. Moving the -W switch to before the
> subject name results in a password prompt but entering the
> Administrator password fails authentication:
>
> ldapsearch -vv -x -h localhost -s base -W -
> Dcn=Administrator,cn=Users,dc=server-02,dc=domain-02,dc=harte-lyne,dc=ca
> ldap_initialize( ldap://localhost )
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
> additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE
>
>
> What am I doing wrong? I am trying all this as the root user. There
> is no Administrator user in /etc/passwd. Are the credentials being
> requested those for the root user or for the Administrator user?
> Neither work. Why is it succeeding when no password is requested?
It isn't succeeding and I suggest you use ldb-tools instead of ldap-tools
Rowland
> If
> I do a klist then this is the result:
>
> klist
> Credentials cache: FILE:/tmp/krb5cc_0
> Principal: Administrator at DOMAIN-02.HARTE-LYNE.CA
>
> Issued Expires Principal
> Jul 6 15:11:53 2016 Jul 7 01:11:53 2016
> krbtgt/DOMAIN-02.HARTE-LYNE.CA at DOMAIN-02.HARTE-LYNE.CA
>
>
> is this where ldap is getting its authentication?
>
> I request your indulgence with respect to these questions. It has been
> about 15 years since I last set up an AD-DC and I have zero previous
> experience with Samba.
>
More information about the samba
mailing list