[Samba] Listing AD group members

A. James Lewis james at fsck.co.uk
Mon Oct 30 14:16:16 UTC 2017


Oh, I assumed you meant -d10, since -d0 turns off all debug output, so the output is long, but I get:-

.
.
.
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Timed out smb_krb5 packet
Timed out smb_krb5 packet
Received smb_krb5 packet of length 234
Timed out smb_krb5 packet
Timed out smb_krb5 packet
Received smb_krb5 packet of length 108
kinit for HOSTNAME$@DOMAIN.LOCAL succeeded
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
$


October 30, 2017 2:10 PM, "A. James Lewis via samba" <samba at lists.samba.org> wrote:

> It appears to hang for a very long time (up to 15 minutes) on "kinit for HOSTNAME$@DOMAIN.LOCAL
> succeeded"
> then it returns nothing.
> 
> I'm somewhat confused!
> 
> James
> 
> October 30, 2017 12:27 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
> 
>> On Mon, 30 Oct 2017 12:07:24 +0000
>> "A. James Lewis" <james at fsck.co.uk> wrote:
>> 
>>> I did come up with that option from Google, but wondered if it was
>>> only suitable if Samba was the AD controller, since that was always
>>> the context it was used in.
>>> 
>>> This is the result I get.
>>> 
>>> root at hostname:~# samba-tool group listmembers groupname
>>> ERROR(ldb): Failed to list members of "groupname" group -
>>> ldb_search: invalid basedn '(null)' root at hostname:~#
>> 
>> Try something like this:
>> 
>> root at devstation:~# samba-tool group listmembers Unix\ Admins -H ldap://dc3 -d0
>> rowland
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
> 
> --
> A. James Lewis (james at fsck.co.uk)
> "Engineering does not require science. Science helps a lot but people
> built perfectly good brick walls long before they knew why cement works."
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

--
A. James Lewis (james at fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."



More information about the samba mailing list