[Samba] Samba4 LDAP Error

L.P.H. van Belle belle at bazuin.nl
Wed May 24 14:57:23 UTC 2017 

Set "ldap server require strong auth = no " on your NEW DC. 
Remove the line from the old dc, that one does not know about it. 

Restart samba on the new DC.
And try again : samba-tool domain demote -Uadministrator 

When done, remove the line you added on the new dc. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marcio Demetrio Bacci via samba
> Verzonden: woensdag 24 mei 2017 16:41
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 LDAP Error
> 
> Hi,
> 
> I want demote my DC (old) with Samba 4.2.1, but the following message
> appear:
> 
> root at dc-old:~# samba-tool domain demote -Uadministrator Using 
> dc1.empresa.com.br as partner server for the demotion 
> Password for [EMPRESA\administrator]:
> Deactivating inbound replication
> Asking partner server dc1.empresa.com.br to synchronize from 
> us Failed to bind - LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -
> <SASL:[GSS-SPNEGO]: Sign or Seal are required.> <> Failed to 
> connect to 'ldap://dc1.empresa.com.br' with backend 'ldap':
> (null) Error while demoting, re-enabling inbound replication
> ERROR(ldb): Error while changing account control - None
> 
> Then I have tried to use the parameter "ldap server require 
> strong auth" in my smb.conf as the following:
> 
> # Global parameters
> [global]
>         workgroup = EMPRESA
>         realm = EMPRESA.COM.BR
>         netbios name = DC3
>         server role = active directory domain controller
>         dns forwarder = 192.168.0.36
>         idmap_ldb:use rfc2307 = yes
>         ldap server require strong auth = no [netlogon]
>         path = /opt/samba/var/locks/sysvol/empresa.com.br/scripts
>         read only = No
> 
> [sysvol]
>         path = /opt/samba/var/locks/sysvol
>         read only = No
>         acl_xattr:ignore system acls = yes
> 
> 
> 
> When I reboot the Samba4 the below message appears:
> 
> [ ok ] Stopping Samba 4 daemon: samba.
> [....] Starting Samba 4 daemon: sambaUnknown parameter 
> encountered: "ldap server require strong auth"
> Ignoring unknown parameter "ldap server require strong auth"
> 
> 
> My new DC is Samba 4.6.3
> My Old DC is Samba 4.2.1
> 
> 
> Can anybody help me ?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list